Flow Anomaly Detection in Firewalled Networks

Most contemporary intrusion detection systems rely upon comprehensive signature databases containing the characteristics of known attacks, leaving them unable to detect novel attacks. In this paper, we propose the flow anomaly detection system (FADS), an anomaly detection system based upon the analysis of network flow data in controlled environments. We show that the standard deviation and interquartile range techniques produce a manageable number of alerts when applied to this data and demonstrate the effectiveness of the system through analysis of case studies. We also demonstrate that FADS' performance is sufficient to facilitate implementation as an anomaly detection system

[1]  Richard P. Lippmann,et al.  An Overview of Issues in Testing Intrusion Detection Systems , 2003 .

[2]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[3]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[4]  Cristina Melchiors,et al.  Identification of intrusion scenarios through classification, characterization and analysis of firewall events , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[5]  홍원기,et al.  A Flow-based Method for Abnormal Network Traffic Detection , 2004 .

[6]  Yan Chen,et al.  Reversible sketches for efficient and accurate change detection over network data streams , 2004, IMC '04.

[7]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[8]  Konstantina Papagiannaki,et al.  Structural analysis of network traffic flows , 2004, SIGMETRICS '04/Performance '04.

[9]  B. Ravichandran,et al.  Statistical traffic modeling for network intrusion detection , 2000, Proceedings 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.PR00728).

[10]  Jake D. Brutlag,et al.  Aberrant Behavior Detection in Time Series for Network Monitoring , 2000, LISA.

[11]  Wang Xinyu,et al.  NetFlow Based Intrusion Detection System , 2008, 2008 International Conference on MultiMedia and Information Technology.