论文信息 - Statistical Process Control‐Based Intrusion Detection and Monitoring

Statistical Process Control‐Based Intrusion Detection and Monitoring

Intrusion detection systems have a vital role in protecting computer networks and information systems. In this article, we applied a statistical process control (SPC)–monitoring concept to a certain type of traffic data to detect a network intrusion. We proposed an SPC-based intrusion detection process and described it and the source and the preparation of data used in this article. We extracted sample data sets that represent various situations, calculated event intensities for each situation, and stored these sample data sets in the data repository for use in future research. This article applies SPC charting methods for intrusion detection. In particular, it uses the basic security module host audit data from the MIT Lincoln Laboratory and applies the Shewhart chart, the cumulative sum chart, and the exponential weighted moving average chart to detect a denial of service intrusion attack. The case study shows that these SPC techniques are useful for detecting and monitoring intrusions. Copyright © 2013 John Wiley & Sons, Ltd.

[1] Paul Helman,et al. Foundations of Intrusion Detection. , 1992 .

[2] S. W. Roberts. Control chart tests based on geometric moving averages , 2000 .

[3] Alfonso Valdes,et al. Next-generation Intrusion Detection Expert System (NIDES)A Summary , 1997 .

[4] George C. Runger,et al. Model-Based and Model-Free Control of Autocorrelated Processes , 1995 .

[5] Connie M. Borror,et al. EWMA techniques for computer intrusion detection through anomalous changes in event intensity , 2002 .

[6] Dennis Lendrem,et al. Introduction to Statistical Quality Control, (4th edn) Douglas Montgomery, 2001 ISBN 0‐471‐31648‐2; 795 pages; £34.95, €57.70. $40.00 John Wiley & Sons; www.wileyeurope.com/cda/product/0,,0471986089,00.html , 2003 .

[7] Sandeep Kumar,et al. Classification and detection of computer intrusions , 1996 .

[8] W. Shewhart. The Economic Control of Quality of Manufactured Product. , 1932 .

[9] Arthur B. Maccabe,et al. The architecture of a network level intrusion detection system , 1990 .

[10] Eugene H. Spafford,et al. Crisis and aftermath , 1989, Commun. ACM.

[11] E. S. Page. Cumulative Sum Charts , 1961 .

[12] George C. Runger,et al. Batch-means control charts for autocorrelated data , 1996 .

[13] Richard A. Johnson,et al. The Effect of Serial Correlation on the Performance of CUSUM Tests II , 1974 .