Design a detection procedure that minimizes the

Info icon This preview shows pages 33–35. Sign up to view the full content.

design a detection procedure that minimizes the expected detection delay of a real change subject to a bound on the false alarm rate. In this chapter, we argue that network anomaly detection can be efficiently performed using changepoint detection methods. More specifically, we propose an anomaly intrusion detec- tion system that exploits score-based versions of cumulative sum (CUSUM) and Shiryaev–Roberts detection algorithms. These algorithms are robust, compu- tationally simple, and efficient for the detection of a wide variety of network intrusions that lead to relatively abrupt changes in network traffic. We also devise a novel hybrid anomaly-spectral-signature intrusion detection system that integrates change detection-based anomaly and spectral-based signature detection systems. This hybrid system allows for efficient filtering of false detec- tions and confirmation of true attacks, ensuring very high speeds of detection with extremely low false alarm rates. The results are illustrated for several real data sets with denial-of-service flooding attacks on backbone links as well as for detecting spam campaigns. 2.1. Introduction Cyber-security has evolved into a critical 21st-century problem that affects governments, businesses and individuals. Recently, cyber-threats have become more diffuse, more complex, and harder to detect. Malicious activities and intrusion attempts such as spam campaigns, phishing, personal data theft, worms, distributed denial-of-service (DDoS) 33 Copyright © 2014. Imperial College Press. All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law. EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 2/16/2016 3:37 AM via CGC-GROUP OF COLLEGES (GHARUAN) AN: 779681 ; Heard, Nicholas, Adams, Niall M..; Data Analysis for Network Cyber-security Account: ns224671
Image of page 33

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

34 A. G. Tartakovsky attacks, address resolution protocol man-in-the-middle attacks, fast flux, etc. occur every day, have become commonplace in contemporary computer networks, and pose enormous risks to users for a multitude of reasons. These threats can incur significant financial damage and severely com- promise the integrity of personal information. It is therefore essential to devise automated techniques to detect such events as quickly as possible so as to respond appropriately and eliminate the negative consequences for the users. Current ultra-high-speed networks carry massive aggregate data flows. Malicious events usually produce (relatively) abrupt changes in network traffic profiles, which must be detected and isolated rapidly while keeping a low false alarm rate (FAR). Both requirements are important. However, rapid intrusion detection with minimal FAR and the capability to detect a wide spectrum of attacks is a challenge for modern ultra-high-speed net- works. This problem is compounded by the increasing dimensionality in terms of the sheer number and complexity of attacks and the myriad of
Image of page 34
Image of page 35
This is the end of the preview. Sign up to access the rest of the document.
  • Spring '12
  • Kushal Kanwar
  • Graph Theory, Statistical hypothesis testing, Imperial College Press, applicable copyright law

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern