Flow Anomaly Detection in Firewalled Networks

Flow Anomaly Detection in Firewalled Networks

Most contemporary intrusion detection systems rely upon comprehensive signature databases containing the characteristics of known attacks, leaving them unable to detect novel attacks. In this paper, we propose the flow anomaly detection system (FADS), an anomaly detection system based upon the analy...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Chapple, Michael J., Wright, Timothy E., Winding, Robert M.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Bandwidth
Computer crime
Control systems
Flow production systems
Intelligent networks
Intrusion detection
Production systems
Statistical analysis
Web and internet services
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Most contemporary intrusion detection systems rely upon comprehensive signature databases containing the characteristics of known attacks, leaving them unable to detect novel attacks. In this paper, we propose the flow anomaly detection system (FADS), an anomaly detection system based upon the analysis of network flow data in controlled environments. We show that the standard deviation and interquartile range techniques produce a manageable number of alerts when applied to this data and demonstrate the effectiveness of the system through analysis of case studies. We also demonstrate that FADS' performance is sufficient to facilitate implementation as an anomaly detection system
DOI:10.1109/SECCOMW.2006.359576