• DocumentCode
    2370663
  • Title

    Learning rules for anomaly detection of hostile network traffic

  • Author

    Mahoney, Matthew V. ; Chan, Philip K.

  • Author_Institution
    Dept. of Comput. Sci., Florida Inst. of Technol., Melbourne, FL, USA
  • fYear
    2003
  • fDate
    19-22 Nov. 2003
  • Firstpage
    601
  • Lastpage
    604
  • Abstract
    We introduce an algorithm called LERAD that learns rules for finding rare events in nominal time-series data with long range dependencies. We use LERAD to find anomalies in network packets and TCP sessions to detect novel intrusions. We evaluated LERAD on the 1999 DARPA/Lincoln Laboratory intrusion detection evaluation data set and on traffic collected in a university departmental server environment.
  • Keywords
    knowledge based systems; learning (artificial intelligence); telecommunication computing; telecommunication traffic; time series; transport protocols; LERAD algorithm; TCP; hostile network traffic anomaly detection; network packet; Computer security; Event detection; File systems; Intrusion detection; Network servers; Operating systems; Protocols; Telecommunication traffic; Testing; Viruses (medical);
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Data Mining, 2003. ICDM 2003. Third IEEE International Conference on
  • Print_ISBN
    0-7695-1978-4
  • Type

    conf

  • DOI
    10.1109/ICDM.2003.1250987
  • Filename
    1250987
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2370663