Show simple item record

dc.contributor.advisorChan, Philip K.
dc.contributor.authorMahoney, Matthew V.
dc.date.accessioned2013-11-05T15:09:31Z
dc.date.available2013-11-05T15:09:31Z
dc.date.issued2002-09-06
dc.identifier.citationMahoney, M.V. (2002). Network traffic anomaly detection based on packet bytes (CS-2002-12). Melbourne, FL. Florida Institute of Technology.en_US
dc.identifier.otherCS-2002-12
dc.identifier.urihttp://hdl.handle.net/11141/113
dc.description.abstractHostile network traffic is often "different" from benign traffic in ways that can be distinguished without knowing the nature of the attack. We describe a two-stage anomaly detection system for identifying suspicious traffic. First, we filter traffic to pass only the packets of most interest, e.g., the first few packets of incoming server requests. Second, we model the most common protocols (IP, TCP, telnet, FTP, SMTP, HTTP) at the packet byte level to flag events (byte values) that have not been observed for a long time. This simple system detects 132 of 185 attacks in the 1999 DARPA IDS evaluation data set with 100 false alarms, after training on one week of attack-free traffic.en_US
dc.language.isoen_USen_US
dc.rightsCopyright held by author.en_US
dc.titleNetwork traffic anomaly detection based on packet bytesen_US
dc.typeTechnical Reporten_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record