학술논문
Needles in Haystacks: Practical Intrusion Detection from Theoretical Results
Document Type
Conference
Author
Source
Proceedings. 2006 31st IEEE Conference on Local Computer Networks Local Computer Networks, Proceedings 2006 31st IEEE Conference on. :571-573 Nov, 2006
Subject
Language
ISSN
0742-1303
Abstract
Many researchers are working towards discovering techniques that can alert network administrators to the presence of previously unseen attacks in their networks. Here we focus on attacks, such as denial-of-service attacks, that depend on multiple packets being sent over minutes or, at least, several seconds. No definitive technique has been demonstrated that can guarantee a substantial probability of detection while keeping probability of false alarm at an acceptable level. However, theoretical work by Li, Jia, and Zhao (referenced below) describes an interesting approach based on observing changes to autocorrelations obtained over time from measured traffic. Their work provides a theoretical way of estimating probability of detection vs. probability of false alarm. They make assumptions concerning availability of a background template and normality of residuals that bear examining with real traffic and attacks. This paper attempts a practical approach.