A Novel Approach to Detection of Intrusions in Computer Networks via Adaptive Sequential and Batch-Sequential Change-Point Detection Methods

Alexander G. Tartakovsky; Boris L. Rozovskii; Rudolf B. Blazek; Hongjoong Kim

首页> 外文期刊>IEEE Transactions on Signal Processing >A Novel Approach to Detection of Intrusions in Computer Networks via Adaptive Sequential and Batch-Sequential Change-Point Detection Methods

【24h】

A Novel Approach to Detection of Intrusions in Computer Networks via Adaptive Sequential and Batch-Sequential Change-Point Detection Methods

机译：通过自适应顺序和批处理顺序变化点检测方法检测计算机网络入侵的新方法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Large-scale computer network attacks in their final stages can readily be identified by observing very abrupt changes in the network traffic. In the early stage of an attack, however, these changes are hard to detect and difficult to distinguish from usual traffic fluctuations. Rapid response, a minimal false-alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. In this paper, we develop efficient adaptive sequential and batch-sequential methods for an early detection of attacks that lead to changes in network traffic, such as denial-of-service attacks, worm-based attacks, portscanning, and man-in-the-middle attacks. These methods employ a statistical analysis of data from multiple layers of the network protocol to detect very subtle traffic changes. The algorithms are based on change-point detection theory and utilize a thresholding of test statistics to achieve a fixed rate of false alarms while allowing us to detect changes in statistical models as soon as possible. There are three attractive features of the proposed approach. First, the developed algorithms are self-learning, which enables them to adapt to various network loads and usage patterns. Secondly, they allow for the detection of attacks with a small average delay for a given false-alarm rate. Thirdly, they are computationally simple and thus can be implemented online. Theoretical frameworks for detection procedures are presented. We also give the results of the experimental study with the use of a network simulator testbed as well as real-life testing for TCP SYN flooding attacks.

机译：通过观察网络流量的非常突然的变化，可以很容易地识别出处于最后阶段的大规模计算机网络攻击。但是，在攻击的早期阶段，这些变化很难检测，也很难与通常的流量波动区分开。快速响应，最低误报率以及检测各种攻击的能力是入侵检测系统的关键功能。在本文中，我们开发了有效的自适应顺序和批处理顺序方法，以及早发现导致网络流量变化的攻击，例如拒绝服务攻击，基于蠕虫的攻击，端口扫描和人工操作-中间攻击。这些方法对来自网络协议多层的数据进行统计分析，以检测非常细微的流量变化。该算法基于变化点检测理论，并利用测试统计的阈值来达到固定的误报率，同时允许我们尽快检测统计模型中的变化。提议的方法具有三个吸引人的特征。首先，开发的算法是自学习的，这使它们能够适应各种网络负载和使用模式。其次，对于给定的虚警率，它们允许以较小的平均延迟检测攻击。第三，它们计算简单，因此可以在线实现。提出了检测程序的理论框架。我们还通过使用网络模拟器测试平台以及针对TCP SYN泛洪攻击的真实测试来给出实验研究的结果。

著录项

来源
《IEEE Transactions on Signal Processing》 |2006年第9期|p.3372-3382|共11页
作者
Alexander G. Tartakovsky; Boris L. Rozovskii; Rudolf B. Blazek; Hongjoong Kim;
展开▼
作者单位

Department of Mathematics and the Center for Applied Mathematical Sciences, University of Southern California, Los Angeles, CA 90089-2532 USA;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类计量学;
关键词
Attack detection; change point detection; denial of service; intrusion detection; man-in-the-middle; network security; network traffic; nonparametric detection; port scanning; sequential tests; service survivability; worm;

机译：攻击检测;变更点检测;拒绝服务;入侵检测;中间人;网络安全;网络流量;非参数检测;端口扫描;顺序测试;服务生存能力;蠕虫;

相似文献

外文文献
中文文献
专利

1. A discussion on 'Detection of intrusions in information systems by sequential change-point methods' by Tartakovsky, Rozovskii, Blazek, and Kim [J] . Rasul A. Khan Statistical Methodology . 2006,第3期

机译：Tartakovsky，Rozovskii，Blazek和Kim讨论了“通过顺序更改点方法检测信息系统中的入侵”
2. A discussion on 'Detection of intrusions in information systems by sequential change-point methods' by Tartakovsky, Rozovskii, Blazek, and Kim [J] . Yajun Mei Statistical Methodology . 2006,第3期

机译：Tartakovsky，Rozovskii，Blazek和Kim讨论了“通过顺序更改点方法检测信息系统中的入侵”
3. A discussion on 'Detection of intrusions in information systems by sequential change-point methods' by Tartakovsky, Rozovskii, Blazek, and Kirn [J] . Edit Gombay Statistical Methodology . 2006,第3期

机译：Tartakovsky，Rozovskii，Blazek和Kirn讨论了“通过顺序更改点方法检测信息系统中的入侵”
4. Computer network intrusion detection using sequential LSTM Neural Networks autoencoders [C] . Ali H. Mirza, Selin Cosan Signal Processing and Communications Applications Conference . 2018

机译：使用顺序LSTM神经网络自动编码器进行计算机网络入侵检测
5. Sequential detection with applications to detection of network intrusions. [D] . Vedantam, Satish. 2003

机译：顺序检测及其在检测网络入侵方面的应用。
6. Sequential Model Based Intrusion Detection System for IoT Servers Using Deep Learning Methods [O] . Ming Zhong, Yajin Zhou, Gang Chen 2021

机译：基于SEAT学习方法的IOT服务器的顺序模型入侵检测系统
7. A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods [O] . Er G. Tartakovsky, Senior Member, Boris L. Rozovskii, 2006

机译：一种通过自适应顺序和批量顺序变化点检测方法检测计算机网络中入侵的新方法
8. Performance Analysis of Hierarchical Group Key Management Integrated with Adaptive Intrusion Detection in Mobile ad hoc Networks. [R] . Cho, J., Chen, I. 2016

机译：移动ad hoc网络中集成自适应入侵检测的分层组密钥管理性能分析。

A Novel Approach to Detection of Intrusions in Computer Networks via Adaptive Sequential and Batch-Sequential Change-Point Detection Methods

摘要

著录项

相似文献

相关主题

期刊订阅