Detecting Network Anomalies Using CUSUM and EM Clustering

14 years 6 months ago

Download dslab.csie.ncu.edu.tw

Abstract. Intrusion detection has been extensively studied in the last two decades. However, most existing intrusion detection techniques detect limited number of attack types and report a huge number of false alarms. The hybrid approach has been proposed recently to improve the performance of intrusion detection systems (IDSs). A big challenge for constructing such a multi-sensor based IDS is how to make accurate inferences that minimize the number of false alerts and maximize the detection accuracy, thus releasing the security operator from the burden of high volume of conflicting event reports. We address this issue and propose a hybrid framework to achieve an optimal performance for detecting network traffic anomalies. In particular, we apply SNORT as the signature based intrusion detector and the other two anomaly detection methods, namely non-parametric CUmulative SUM (CUSUM) and EM based clustering, as the anomaly detector. The experimental evaluation with the 1999 DARPA intrusi...

Wei Lu, Hengjian Tong

Real-time Traffic

Artificial Intelligence | Intrusion Detection | Intrusion Detection Systems | Intrusion Detection Techniques | ISICA 2009 |

claim paper

Post Info
More Details (n/a)

Added	26 May 2010
Updated	26 May 2010
Type	Conference
Year	2009
Where	ISICA
Authors	Wei Lu, Hengjian Tong

Comments (0)

Sciweavers

Detecting Network Anomalies Using CUSUM and EM Clustering

Artificial Intelligence | Intrusion Detection | Intrusion Detection Systems | Intrusion Detection Techniques | ISICA 2009 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers