Abstract
We have applied our previous immunity-based system to anomaly detection for network traffic, and confirmed that our system outperformed the single-profile method. For internal masquerader detection, the missed alarm rate was 11.21% with no false alarms. For worm detection, four random-scanning worms and the simulated metaserver worm were detected with no missed alarms and no false alarms, while a simulated passive worm was detected with a missed alarm rate of 80.57%.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. In: ACSAC Security Conference, pp. 61–68 (2002)
Okamoto, T.: A Worm Filter Based on the Number of Unacknowledged Requests. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3682, pp. 93–99. Springer, Heidelberg (2005)
Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: The 2003 ACM Workshop on Rapid Malcode, pp. 11–18. ACM Press, New York (2003)
Okamoto, T., Watanabe, T., Ishida, Y.: Towards an immunity-based system for detecting masqueraders. In: Palade, V., Howlett, R.J., Jain, L. (eds.) KES 2003. LNCS, vol. 2774, pp. 488–495. Springer, Heidelberg (2003)
Okamoto, T., Watanabe, T., Ishida, Y.: Mechanism for Generating Immunity-Based Agents that Detect Masqueraders. In: Negoita, M.G., Howlett, R.J., Jain, L.C. (eds.) KES 2004. LNCS (LNAI), vol. 3214, pp. 534–540. Springer, Heidelberg (2004)
Okamoto, T., Watanabe, Y., Ishida, Y.: Test statistics for a masquerader detection system – a comparison between hidden markov model and other probabilistic models. Transactions of the ISCIE 16(2), 61–69 (2003)
Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16(1), 58–74 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Okamoto, T., Ishida, Y. (2006). Towards an Immunity-Based Anomaly Detection System for Network Traffic. In: Gabrys, B., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2006. Lecture Notes in Computer Science(), vol 4252. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11893004_16
Download citation
DOI: https://doi.org/10.1007/11893004_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46537-9
Online ISBN: 978-3-540-46539-3
eBook Packages: Computer ScienceComputer Science (R0)