NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach

A new approach to network intrusion detection is needed to solve the monitoring problems of high volume network data and the time constraints for Intrusion Detection System (IDS) management. Most current network IDS's have not been specifically designed for high speed traffic or low maintenance. We propose a solution to these problems which we call NATE, Network Analysis of Anomalous Traffic Events. Our approach features minimal network traffic measurement, an anomaly-based detection method, and a limited attack scope. NATE is similar to other lightweight approaches in its simplified design, but our approach, being anomaly based, should be more efficient in both operation and maintenance than other lightweight approaches. We present the method and perform an empirical test using MIT Lincoln Lab's data.

[1]  Karl N. Levitt,et al.  GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .

[2]  Marcus J. Ranum,et al.  Implementing a generalized tool for network monitoring , 1997, Inf. Secur. Tech. Rep..

[3]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[4]  Margaret A. Nemeth,et al.  Applied Multivariate Methods for Data Analysis , 1998, Technometrics.

[5]  Ali S. Hadi,et al.  Finding Groups in Data: An Introduction to Chster Analysis , 1991 .

[6]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[7]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[8]  Harold S. Javitz,et al.  The NIDES Statistical Component Description and Justification , 1994 .

[9]  Peter G. Neumann,et al.  Experience with EMERALD to Date , 1999, Workshop on Intrusion Detection and Network Monitoring.

[10]  Biswanath Mukherjee,et al.  A network security monitor , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  S. E. Smaha Haystack: an intrusion detection system , 1988, [Proceedings 1988] Fourth Aerospace Computer Security Applications.

[12]  Stephanie Forrest,et al.  Principles of a computer immune system , 1998, NSPW '97.

[13]  Wendy R. Fox,et al.  Finding Groups in Data: An Introduction to Cluster Analysis , 1991 .

[14]  Giovanni Vigna,et al.  NetSTAT: a network-based intrusion detection approach , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[15]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .