Paper Abstract and Keywords |
Presentation |
2005-09-16 10:15
A Network Anomaly Detection based on Multi-Stage Traffic Analysis Masashi Tsuji, Yuji Waizumi, Hiroshi Tsunoda, Yoshiaki Nemoto (Tohoku Univ.) |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
The explosive growth of the Internet has increasingly given rise to better sophisticated and larger number of intrusions. Hence, necessity of anomaly-based Intrusion Detection Systems (IDSs) which are capable of detecting novel attacks, is increasingly being felt. Even in anomaly-based detections, it is possible to observe traffic by several approaches. Among them, flow-based detection which uses a series of packets exchanges between two terminals as a unit of observation has an advantage of being able to detect anomaly that is present only in some specific sessions. However, in large-scale networks where a large number of communication takes place, analyzing every flow is not practical. In this paper, we propose an anomaly detection method which is based on multi stage traffic analysis. The proposed method analyzes traffic in slots of fixed length and narrows down the number of flows which need to be subjected to detection. Through experiments using datasets, we present the effectiveness of the proposed method. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Network Security / IDS / Anomaly Detection / Multi-Stage Traffic Analysis / Flow / / / |
Reference Info. |
IEICE Tech. Rep., vol. 105, no. 279, IN2005-72, pp. 67-72, Sept. 2005. |
Paper # |
IN2005-72 |
Date of Issue |
2005-09-08 (IN) |
ISSN |
Print edition: ISSN 0913-5685 |
Download PDF |
|
Conference Information |
Committee |
CS IN NS |
Conference Date |
2005-09-15 - 2005-09-16 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Tohoku Univ. |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Active Network, IP-VPN, Network Security, High Speed Network, P2P Communication, Network Software, and Others |
Paper Information |
Registration To |
IN |
Conference Code |
2005-09-CS-IN-NS |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
A Network Anomaly Detection based on Multi-Stage Traffic Analysis |
Sub Title (in English) |
|
Keyword(1) |
Network Security |
Keyword(2) |
IDS |
Keyword(3) |
Anomaly Detection |
Keyword(4) |
Multi-Stage Traffic Analysis |
Keyword(5) |
Flow |
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Masashi Tsuji |
1st Author's Affiliation |
Tohoku University (Tohoku Univ.) |
2nd Author's Name |
Yuji Waizumi |
2nd Author's Affiliation |
Tohoku University (Tohoku Univ.) |
3rd Author's Name |
Hiroshi Tsunoda |
3rd Author's Affiliation |
Tohoku University (Tohoku Univ.) |
4th Author's Name |
Yoshiaki Nemoto |
4th Author's Affiliation |
Tohoku University (Tohoku Univ.) |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2005-09-16 10:15:00 |
Presentation Time |
25 minutes |
Registration for |
IN |
Paper # |
IN2005-72 |
Volume (vol) |
vol.105 |
Number (no) |
no.279 |
Page |
pp.67-72 |
#Pages |
6 |
Date of Issue |
2005-09-08 (IN) |
|