Two-Stage Orthogonal Network Incident Detection for the Adaptive Coordination with SMTP Proxy

  • Ruo Ando
  • Yoshiyasu Takefuji
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)


In this paper we present an adaptive detection and coordination system which consists of anomaly and misuse detector combined by lightweight neural networks to synchronize with specific data control of proxy server.The proposed method is able to correct false positive of anomaly detector for the unusual changes in the segment monitored by the subsequent misuse detector. The orthogonal outputs of these two detectors can be applied for the switching condition between the parameter settings and the protective data modification of proxy. In the unseen attacks our model detects, the forwarding delay time set in the proxy server according to the detection intervals enable us to protect the system faster and prevent effectively the malicious code from spreading.


Intrusion Detection Anomaly Detection Intrusion Detection System Proxy Server Malicious Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Thottan, M., Ji, C.: Proactive Anomaly Detection Using Distributed Intelligent Agents. IEEE Network  12, 21–27 (1998); special Issue on Network ManagementGoogle Scholar
  2. 2.
    Ghosh, A.K., Wanken, J., Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Proceedings of the 14th IEEE Annual Computer Security Applications Conference, pp. 259–267 (1998)Google Scholar
  3. 3.
    Lindqvist, U., Jonsson, E.: How to Systematically Classify Computer Security Intrusions. In: Proceedings of the 1997 IEEE Symposium on Security & Privacy, pp. 154–163 (1997)Google Scholar
  4. 4.
    Cannady, J.: Artificial Neural Networks for Misuse Detection. In: Proceedings of the 1998 National Information Systems Security Conference, NISSC 1998 (1998)Google Scholar
  5. 5.
    Shieh, S.W., Virgil, D.: A Pattern-Oriented Intrusion-Detection Model and Its Applications. In: IEEE Symposium on Security and Privacy, pp. 327–342 (1991); Baldonado, M., Chang, C.-C.K., Gravano, L., Paepcke, A.: The Stanford Digital Library Metadata Architecture. Int. J. Digit. Libr., vol 1, 108–121(1997)Google Scholar
  6. 6.
    Pao, Y.H., Takefuji, Y.: Functional-link net computing: theory, system architecture and functionalities, pp. 76–79. IEEE Computer, Los Alamitos (1992)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Ruo Ando
    • 1
  • Yoshiyasu Takefuji
    • 1
  1. 1.Graduate School of Media and GovernanceKeio UniversityKanagawaJapan

Personalised recommendations