Title :
Multivariate statistical analysis for network attacks detection
Author :
Qu, Guangzhi ; Hariri, Salim ; Yousif, Mazin
Author_Institution :
Dept. of Electr. & Comput. Eng., Arizona Univ., USA
Abstract :
Summary form only given. Detection and self-protection against viruses, worms, and network attacks is urgently needed to protect network systems and their applications from catastrophic failures. Once a network component is infected by viruses, worms, or became a target of network attacks, its operational state shifts from normal to abnormal state. Online monitoring mechanism can collect important aspects of network traffic and host data (CPU utilization, memory usage, etc.), that can be effectively used to detect abnormal behaviors caused by attacks. In this paper, we develop an online multivariate analysis algorithm to analyze the behaviors of system resources and network protocols in order to proactively detect network attacks. We have validated an algorithm and showed how it can proactively detect accurately well-known attacks such as distributed denial of service, SQL slammer worm, and email spam attacks.
Keywords :
computer networks; computer viruses; statistical analysis; telecommunication security; telecommunication traffic; CPU utilization; SQL slammer worm; catastrophic failure; distributed denial of service; email spam attack; memory usage; multivariate statistical analysis; network attacks detection; network protocols; network traffic; online monitoring mechanism; online multivariate analysis; system resources; virus detection; Algorithm design and analysis; Computer crime; Condition monitoring; IP networks; Laboratories; Protection; Protocols; Statistical analysis; Telecommunication traffic; Viruses (medical);
Conference_Titel :
Computer Systems and Applications, 2005. The 3rd ACS/IEEE International Conference on
Print_ISBN :
0-7803-8735-X
DOI :
10.1109/AICCSA.2005.1387011
