Title :
Differentiating network conversation flow for intrusion detection and diagnostics
Author :
McEachen, John C. ; Zachary, John M. ; Ettlich, Daniel W.
Author_Institution :
Dept. of Electr. & Comput. Eng., Naval Postgraduate Sch., Monterey, CA, USA
Abstract :
We present a novel approach to detecting anomalous network events. Specifically, a method for characterizing and displaying the flow of conversations across a distributed system with a high number of interacting entities is discussed and analyzed. Results from simulated laboratory experiments as well as observations from operational network traffic are presented. These results suggest that our approach presents a unique perspective on anomalies in computer network traffic. Additionally, this approach produces a normal statistic that could viably be analyzed with ML/MSE estimators.
Keywords :
Internet; computer networks; mean square error methods; safety systems; telecommunication traffic; MSE estimators; anomalous network events; diagnostics; distributed computer network traffic; intrusion detection; network conversation flow; operational network traffic; Computational modeling; Computer networks; Event detection; Intrusion detection; Laboratories; Maximum likelihood estimation; Statistical analysis; Statistical distributions; Telecommunication traffic; Traffic control;
Conference_Titel :
Circuits and Systems, 2004. ISCAS '04. Proceedings of the 2004 International Symposium on
Print_ISBN :
0-7803-8251-X
DOI :
10.1109/ISCAS.2004.1329043
