Available detection systems which appear non

Info icon This preview shows pages 34–36. Sign up to view the full content.

View Full Document Right Arrow Icon
available detection systems, which appear non-commensurate due to the lack of unified performance metrics for unbiased performance evaluation. Moreover, even routine behavior of users could generate anomalous events requiring the attention of network operators and managers. A good exam- ple would be flash-crowds. Efficient operation and management of computer networks depend heavily on a relatively precise analysis of anomalies pro- duced by both malicious and legitimate behavior. As a result, the challenges of intrusion detection in high-speed networks constantly outstrip our ability to detect, track, and interpret anomalies. This combination of massive com- plex data and the difficulty of extracting relevant information overwhelms human operators. Detection of traffic anomalies in computer networks is performed by employing Intrusion Detection Systems (IDS). Such systems in one way or another capitalize on the fact that maltraffic is noticeably different from legitimate traffic. Depending on the principle of operation there are two categories of IDSs: signature-based or anomaly-based. For an overview see: Debar et al. (1999); Ellis and Speed (2001); Kent (2000). A signature- based IDS (SbIDS) inspects passing traffic to find matches against already known malicious patterns. Examples of SbIDSs are Snort (Roesch, 1999) and Bro (Paxson, 1999). An anomaly-based IDS (AbIDS) is first trained to recognize normal network behavior and then watches for any deviation from the normal profile, classifying deviations as potential attacks (Kent, 2000; Tartakovsky et al. , 2006a,b, 2013). Copyright © 2014. Imperial College Press. All rights reserved. May not be reproduced in any form without permission from the publisher, except fair uses permitted under U.S. or applicable copyright law. EBSCO Publishing : eBook Collection (EBSCOhost) - printed on 2/16/2016 3:37 AM via CGC-GROUP OF COLLEGES (GHARUAN) AN: 779681 ; Heard, Nicholas, Adams, Niall M..; Data Analysis for Network Cyber-security Account: ns224671
Image of page 34

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Rapid Detection of Attacks by Quickest Changepoint Detection Methods 35 As an example, consider DDoS attacks, which lead to abrupt changes in network traffic (Loukas and ¨ Oke, 2010; Mirkovic et al. , 2004). Such attacks typically involve many traffic streams resulting in a large number of packets aimed at congesting the target’s server or network. Such attacks can be detected by noticing a change in the average number of packets sent through the victim’s link per unit time. Intuitively, it is appealing to formulate the problem of detecting DDoS as a quickest changepoint detection problem. That is, to detect changes in statistical models as rapidly as possible (with minimal average delays ) while maintaining the FAR at a given low level. Previous publications (Polunchenko et al. , 2012; Tartakovsky et al. , 2006a,b, 2013) have showed that certain quickest changepoint detection methods (Basseville and Nikiforov, 1993; Lai, 1998; Pollak and Tartakovsky, 2009) can be effectively used for designing AbIDSs for the early detection of intrusions in high-speed computer networks. Changepoint detection theory
Image of page 35
Image of page 36
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern