Abstract
Network anomalies refer to situations when observed network traffic deviate from normal network behaviour. In this paper, we propose a general framework which assumes the use of many different attack detection methods and show a way to integrate their results. We checked our approach by the use of network topology analysis methods applied to communication graphs. Based on this evaluation, we have proposed a measure called the AttackScore, which assesses the risk of an on-going attack and distinguishes between the effectiveness of the analytic measures used to detect it.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Asokan, N., Niemi, V., Nyberg, K.: Man-in-the-middle in tunnelled authentication protocols. Technical Report 2002/163, IACR ePrint archive (2002)
Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., Zamboni, D.: An Architecture for Intrusion Detection Using Autonomous Agents. In: Proceedings of the 14th Annual Computer Security Applications Conference (1998)
Li, P., Gao, D., Reiter, M.K.: Automatically Adapting a Trained Anomaly Detector to Software Patches. In: Balzarotti, D. (ed.) RAID 2009. LNCS, vol. 5758, pp. 142–160. Springer, Heidelberg (2009)
Denning, D.E., Edwards, D.L., Jagannathan, R., Lunt, T.F., Neumann, P.G.: A prototype IDES: A real-time intrusiondetection expert system. Technical report, Computer Science Laboratory, SRI International, Menlo Park (1987)
Kolaczek, G., Pieczynska-Kuchtiak, A., Juszczyszyn, K., Grzech, A., Katarzyniak, R.P., Nguyen, N.T.: A Mobile Agent Approach to Intrusion Detection in Network Systems. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3682, pp. 514–519. Springer, Heidelberg (2005)
Onnela, J.P., Saramaki, J., Szabo, G., Lazer, D., Kaski, K., Kertesz, J., Barabasi, Hyvönen, A.L.: Structure and tie strengths in mobile communication networks. Proceedings of the National Academy of Sciences 18, 7332–7336 (2007)
Park, J., Barabási, A.L.: Distribution of node characteristics in complex networks. Proceedings of the National Academy of Sciences of the United States of America 104(46), 17916–17920 (2007)
Patcha, A., Park, J.-M.: An overview of anomaly detection techniques: Existing solutions and latest technological trends. Computer Networks 51(12), 3448–3470 (2007)
Scott, J.: Social Network Analysis: A Handbook, 2nd edn. Sage, London (2000)
Anderson, D., Lunt, T.F., Javitz, H., Tamaru, A., Valdes, A.: Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System (NIDES), Computer Science Laboratory, SRI International, Menlo Park, CA, USA SRI-CSL-95-06 (May 1995)
Smaha, S.E.: Haystack: An intrusion detection system. In: Proceedings of the IEEE Fourth Aerospace Computer Security Applications Conference, Orlando, FL, pp. 37–44 (1988)
Lunt, T.F., Tamaru, A., Gilham, F., Jagannathm, R., Jalali, C., Neumann, P.G., Javitz, H.S., Valdes, A., Garvey, T.D.: A Real-time Intrusion Detection Expert System (IDES), Computer Science Laboratory, SRI International, Menlo Park, CA, USA, Final Technical Report (February 1992)
Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. In: Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, NV (2003)
Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland, CA, USA, pp. 120–128 (1996)
Kołaczek, G.: Multiagent Security Evaluation Framework for Service Oriented Architecture Systems. In: Velásquez, J.D., Ríos, S.A., Howlett, R.J., Jain, L.C. (eds.) KES 2009. LNCS (LNAI), vol. 5711, pp. 30–37. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kolaczek, G., Juszczyszyn, K. (2012). Traffic Pattern Analysis for Distributed Anomaly Detection. In: Wyrzykowski, R., Dongarra, J., Karczewski, K., Waśniewski, J. (eds) Parallel Processing and Applied Mathematics. PPAM 2011. Lecture Notes in Computer Science, vol 7204. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31500-8_67
Download citation
DOI: https://doi.org/10.1007/978-3-642-31500-8_67
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31499-5
Online ISBN: 978-3-642-31500-8
eBook Packages: Computer ScienceComputer Science (R0)