NADA - Network Anomaly Detection Algorithm
نویسندگان
چکیده
This paper deals with a new iterative Network Anomaly Detection Algorithm – NADA, which is threefold: it accomplishes the detection, classification and identification of traffic anomalies. Our approach goes one step further than others since it fully provides all information required to limit the extent of anomalies by locating them in traffic traces, identifying their classes (e.g., if it is a Denial of Service, a Network Scan, or other type of anomalies), and giving their features as, for instance, the source and destination addresses and ports being involved. For this purpose, NADA uses a generic multi-featured approach executed at different time scales and at different levels of IP aggregation. Besides that, the NADA approach contributed to the definition of a set of traffic anomaly signatures. The use of these signatures makes NADA suitable and efficient to use in a monitoring environment. NADA has been validated using data traces containing documented anomalies as the one gathered in the MetroSec project.
منابع مشابه
Contributions on detection and classification of internet traffic anomalies
The aim of this thesis is to develop a tool able of detecting, classifying and identifying trafficanomalies. Such occurrences are disturbing since they have potential to deviate networkoperations from their normal behaviour. Network Anomaly Detection Algorithm – NADA – isthe approach developed. The use of NADA and its accuracy are guaranteed by considering three axis of action: mult...
متن کاملراهکار ترکیبی نوین جهت تشخیص نفوذ در شبکههای کامپیوتری با استفاده از الگوریتم-های هوش محاسباتی
In this paper, a novel hybrid method is proposed for intrusion detection in computer networks using combination of misuse-based and anomaly-based detection models with the aim of performance improvement. In the proposed hybrid approach, a set of algorithms and models is employed. The selection of input features is performed using shuffled frog-leaping (SFL) algorithm. The misuse detection modul...
متن کاملMoving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملImproving the RX Anomaly Detection Algorithm for Hyperspectral Images using FFT
Anomaly Detection (AD) has recently become an important application of target detection in hyperspectral images. The Reed-Xialoi (RX) is the most widely used AD algorithm that suffers from “small sample size” problem. The best solution for this problem is to use Dimensionality Reduction (DR) techniques as a pre-processing step for RX detector. Using this method not only improves the detection p...
متن کاملA Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کامل