Open Access Open Access  Restricted Access Subscription or Fee Access

An Effective Anomaly Intrusion Detection Using Statistical Change Point Detection

M. Thangavel, Dr. P. Thangaraj

Abstract


Understanding the nature of intrusion attacks is critically important to the development of effective counter measures to anomaly traffic detection problem. Anomaly intrusion traffic attacks combined with traditional network intruders became most serious threats to network security. The existing work monitors available traffic attacks and take appropriate action to mitigate them, before they have had much time to propagate across the network. The proposed working model of statistical traffic anomaly detection method is carried out on the principle traces of non intrusive packet header data with quick detection rate. Traffic is monitored at regular intervals to obtain a signal that can be analyzed through statistical techniques and compared to historical norms to detect anomalies (change detection). The proposed methodology of anomaly intrusion traffic detection envisions statistical change detection theory for real-time data source extracted from Net Con server (Internet Service Provider popularly running at Erode Region). The experimental results suggest little use of address spoofing by attackers, which imply that such attacks will be invisible to indirect backscatter measurement techniques. The proposed traffic anomaly intrusion detection provides an improvement of 12% average through put compared to the existing ones. The propagation delay metric shows a reduction of nearly 9% with other methods of anomaly intrusion detection. 


Keywords


Statistical Anomaly Detection, Network Traffic, Intrusion Detection

Full Text:

PDF

References


V. Paxson, “Bro: a system for detecting network intruders in real-time,” IEEE Computer Networks, vol. 31, no. 23-24, pp. 2435–2463, 1999.

J. Mirkovic, G. Prier, and P. L. Reiher, “Attacking DDoS at the source,” in Proceedings of the IEEE International Conference on Network Protocols (ICNP ’02), pp. 312–321, Paris, France, November 2002.

S. Kent, “On the trail of intrusions into information systems,” IEEE Spectrum, vol. 37, no. 12, pp. 52–56, 2000.

T. M. Gil and M. Poletto, “MULTOPS: A data-structure for bandwidth attack detection,” in USENIX Security Symp., Aug. 2001.

J. Mirkovic, G. Prier, and P. Reiher, “Attacking DIntrusion at the source,” in IEEE Int. Conf. Network Protocols, Nov. 2002.

E. Kohler, J. Li, V. Paxson, and S. Shenker, “Observed structure of addresses in IP traffic,” ACM IMW November 2002.

Garg and A. L. N. Reddy, “Mitigation of Intrusion attacks through QoS regulation,” , IWQOS, May 2002.

M. Roesch, “Snort-lightweight intrusion detection for networks,” in Proceedings of the USENIX LISA Conference on System Administration, pp. 229–238, Seattle,Wash, USA, November 1999

D. E. Denning, “An intrusion detection model,” IEEE Transactions on Software Engineering, vol. 13, no. 2, pp. 222–232, 1987.

Y. Zhang, L. Breslau, V. Paxson, and S. Shenker , “On the characteristics and origins of internet flow rates,” in ACMSIGCOMM, Aug. 2002.

H. Wang, D. Zhang, and K. G. Shin, “Change-point monitoring for the detection of DoS attacks,” IEEE Transactions on Dependable and Secure Computing, vol. 1, no. 4, pp. 193–208, 2004.

J. Ioannidis and S. M. Bellovin, “Implementing pushback: Router-based defense against DIntrusion attacks,” in Proc. Networkand Distributed System Security Symp., Feb. 2002.

J. Mirkovic, S. Dietrich, D. Dittrich, and P. Reiher, Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall, 2005.

V. A. Siris and F. Papagalou, “Application of anomaly detection algorithms for detecting SYN flooding attacks,” IEEE Global Telecommunications Conference (GLOBECOM’ 04), vol. 4, pp. 2050–2054, November- December 2004.

N. X. Liu and J. S. Baras, “On scaling property of network traf-fic in small scales,” submitted to Computer Networks.

K. Shah, S. Bohacek, and E. Jonckheere, “On the predictability C. Ko, M. Ruschitzka, and K. Levitt, “Execution monitoring of security-critical programs in distributed systems: a specification-based approach,” in Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 175–187, Oakland, Calif, USA, May 1997.

Lin Chen, and Jean Leneutre, “A Game Theoretical Framework on Intrusion Detection in Heterogeneous Networks” IEEE Transaction on Information and Forensic and Security Vol.4 No.2, June 2009 165

F. Naït-Abdesselam, B. Bensaou, and T. Taleb, "Detecting and Avoiding Wormhole Attacks in Wireless Ad Hoc Networks," in IEEE Communications Magazine. vol. 46, April 2008, pp. 127-133.

S. Khurana and N. Gupta, "FEEPVR: First End-to-End Protocol to Secure Ad Hoc Networks with Variable Ranges against Wormhole Attacks," in Second International Conference on Emerging Security Information, Systems and Technologies, secureware, 2008, pp. 74-79.

Aickelin, U., J. Greensmith, and J. Twycross. "Immune System Approaches to Intrusion Detection- A Review ", Natural Computing, Springer, in print, 2007

Y Huang, W Fan, W Lee, and P. S.Yu, “Cross-feature analysis for detecting ad-hoc routing anomalies,” in Proc 23th Int. Conf. Distributed Computing Systems (ICDCS) Providence, RI, May 2003

D. Subhadrabandhu, S. Sarkar, and F. Anjum, “A statistical framework for intrusion detection in ad hoc networks,” in INFOCOM 2006, Barcelona, Spain.


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.