Title :
Host anomalies from network data
Author :
Gates, Christopher ; Becknel, Damon
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., NB, Canada
Abstract :
Network administrators need to be able to quickly synthesize a large amount of raw data into comprehensive information and knowledge about a network system in order to determine if there is any unusual activity occurring on that network. This paper presents some initial results of a simplistic baselining method applied to a class B-sized network. These baselines are then used as the basis for an anomaly detection system that examines unusual amounts of activity to any one port on any one host. Thus we provide a system that can detect changes in the activity of any one host, regardless of whether those changes are noticeable when observing overall traffic behavior.
Keywords :
computer networks; security of data; telecommunication security; telecommunication traffic; activity change detection; class B-sized network; host anomaly; network administrators; network anomaly detection system; network data; network intrusion detection; network system; network traffic behavior; simplistic baselining method; unusual activity; Communication channels; Computer science; Computerized monitoring; Intrusion detection; Military computing; Network synthesis; Pattern analysis; Peer to peer computing; System testing; Telecommunication traffic;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495970
