Sciweavers

CANS
2005
Springer

A New Unsupervised Anomaly Detection Framework for Detecting Network Attacks in Real-Time

14 years 5 months ago
A New Unsupervised Anomaly Detection Framework for Detecting Network Attacks in Real-Time
Abstract. In this paper, we propose a new unsupervised anomaly detection framework for detecting network intrusions online. The framework consists of new anomalousness metrics named IP Weight and an outlier detection algorithm based on Gaussian mixture model (GMM). IP Weights convert the features of IP packets into a four-dimensional numerical feature space, in which the outlier detection takes place. Intrusion decisions are made based on the outcome of outlier detections. Two sets of experiments are conducted to evaluate our framework. In the rst experiment, we conduct an o ine evaluation based on the 1998 DARPA intrusion detection dataset, which detects 16 types of attacks out of a total of 19 network attack types. In the second experiment, an online evaluation is performed in a live networking environment. The evaluation result not only con rms the detection e ectiveness with DARPA dataset, but also shows a strong runtime e ciency, with response times falling within seconds.
Wei Lu, Issa Traoré
Added 26 Jun 2010
Updated 26 Jun 2010
Type Conference
Year 2005
Where CANS
Authors Wei Lu, Issa Traoré
Comments (0)