Statistical Behavior of Packet Counts for Network Intrusion Detection

Intrusions and attacks have become a very serious 1 problem in network world. This paper presents a statistical 2 characterization of packet counts that can be used for network 3 intrusion detection. The main idea is based on detecting any suspicious 4 behavior in computer networks depending on the comparison between 5 the correlation results of control and data planes in the presence and 6 absence of attacks using histogram analysis. Signal processing tools 7 such as median filtering, moving average filtering, and local variance 8 estimators are exploited to help in developing network anomaly 9 detection approaches. Therefore, detecting dissimilarity can indicate 10 an abnormal behavior. 11 12 13 Detection Systems (NIDS). 14

[1]  José M. F. Moura,et al.  Network traffic behavior analysis by decomposition into control and data planes , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[2]  S. Kent,et al.  On the trail of intrusions into information systems , 2000 .

[3]  Qingbo Yang,et al.  A Survey of Anomaly Detection Methods in Networks , 2009, 2009 International Symposium on Computer Network and Multimedia Technology.

[4]  H. T. Kung,et al.  Use of spectral analysis in defense against DoS attacks , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[5]  Young-Koo Lee,et al.  Modular Multilayer Perceptron for WLAN Based Localization , 2006, The 2006 IEEE International Joint Conference on Neural Network Proceedings.

[6]  Jarkko Isotalo Basics of Statistics , 2014 .