SPAD: A Session Pattern Anomaly Detector for Pre-alerting Intrusions in Home Network
In order to prevent the intrusion in network-based information systems effectively, it is necessary to detect the early sign in advance of intrusion. This sort of pre-alerting approach may be classified as an active prevention, since detecting the various forms of hackers’ intrusion trials to know the vulnerability of systems is not missed and early cross-checked. The existing network-based anomaly detection algorithms that cope with port-scanning and the network vulnerability scans have some weakness in slow scans and coordinated scans. Therefore, a new concept of pre-alerting algorithm is especially attractive to detect effectively the various forms of abnormal accesses for the trial of intrusion regardless of the intrusion methods. In this paper, we propose a session pattern anomaly detector (SPAD) which detects the abnormal service patterns by comparing them with the ordinary normal service patterns.
KeywordsPacket Size Intrusion Detection System Home Network Pattern Comparator Session Classifier
Unable to display preview. Download preview PDF.
- 1.Solar Designer: Designing and Attacking Port Scan Detection Tools. Phrack Magazine 8(53) (July 8, 1998)Google Scholar
- 2.Fyodor: The Art of Port Scanning. Phrack Magazine 7(51) (September 01, 1997)Google Scholar
- 3.Publication of Real-time Network Illegal Scanning Automatic Detection Tool (RTSD), http://www.certcc.or.kr/
- 5.Staniford, S., Hoagland, J.A., Mcalerney, J.M.: Practical Automated Detection of Stealthy Portscans, http://www.silicondefense.com/software/spice/index.htm
- 6.Hoagland, J.A., Staniford, S.: Viewing IDS alerts: Lessons from SnortSnarf. IEEE, Los Alamitos (2001)Google Scholar
- 9.Attack database, http://www.ll.mit.edu/IST/ideval/docs/docs_index.html
- 10.Off-Line Simulation Network, http://www.ll.mit.edu/IST/ideval/docs/docs_index.html