Abstract
We have applied our previous immunity-based system to anomaly detection for network traffic, and confirmed that our system outperformed the single-profile method. For internal masquerader detection, the missed alarm rate was 11.21% with no false alarms. For worm detection, four random-scanning worms and the simulated metaserver worm were detected with no missed alarms and no false alarms, while a simulated passive worm was detected with a missed alarm rate of 80.57%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Williamson, M.M.: Throttling viruses: Restricting propagation to defeat malicious mobile code. In: ACSAC Security Conference, pp. 61–68 (2002)
Okamoto, T.: A Worm Filter Based on the Number of Unacknowledged Requests. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds.) KES 2005. LNCS (LNAI), vol. 3682, pp. 93–99. Springer, Heidelberg (2005)
Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: The 2003 ACM Workshop on Rapid Malcode, pp. 11–18. ACM Press, New York (2003)
Okamoto, T., Watanabe, T., Ishida, Y.: Towards an immunity-based system for detecting masqueraders. In: Palade, V., Howlett, R.J., Jain, L. (eds.) KES 2003. LNCS, vol. 2774, pp. 488–495. Springer, Heidelberg (2003)
Okamoto, T., Watanabe, T., Ishida, Y.: Mechanism for Generating Immunity-Based Agents that Detect Masqueraders. In: Negoita, M.G., Howlett, R.J., Jain, L.C. (eds.) KES 2004. LNCS (LNAI), vol. 3214, pp. 534–540. Springer, Heidelberg (2004)
Okamoto, T., Watanabe, Y., Ishida, Y.: Test statistics for a masquerader detection system – a comparison between hidden markov model and other probabilistic models. Transactions of the ISCIE 16(2), 61–69 (2003)
Schonlau, M., DuMouchel, W., Ju, W., Karr, A., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Statistical Science 16(1), 58–74 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Okamoto, T., Ishida, Y. (2006). Towards an Immunity-Based Anomaly Detection System for Network Traffic. In: Gabrys, B., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2006. Lecture Notes in Computer Science(), vol 4252. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11893004_16
Download citation
DOI: https://doi.org/10.1007/11893004_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46537-9
Online ISBN: 978-3-540-46539-3
eBook Packages: Computer ScienceComputer Science (R0)