Project goals Statistical IDS background Statistical based IDS background introduction


The Above Picture is Related Image of Another Journal


Project goals Statistical IDS background Statistical based IDS background introduction

Davenport College of Business, Grand Rapids, US has reference to this Academic Journal, Statistical based IDS background introduction Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description Feature extraction Statistical method introduction Result analysis Project goals Related work Internet has various network attacks, including denial of service attacks in addition to port scans, etc. Overall traffic detection Flow-level detection Our goals Detect both attacks at the same time Differentiate DoS in addition to port scans

 Mincks, John Davenport College of Business, Grand Rapids


Related University That Contributed for this Journal are Acknowledged in the above Image


Attack introduction TCP SYN flooding – An important form of DoS attacks – Exploit the TCP?s three-way handshake mechanism in addition to its limitation in maintaining half-open connection – Feature: spoofed source IP – Recent reflected SYN/ACK flooding attacks Attack introduction Port scan – horizontal scan – Vertical scan – Block scan Feature: real source IP address Statistical IDS architecture Learning part Detection part

Data description DARPA98 data The first standard corpora in consideration of evaluation of network intrusion detection systems. From the Information Systems Technology Group ( IST ) of MIT Lincoln Laboratory, Under Defense Advanced Research Projects Agency ( DARPA ITO ) in addition to Air Force Research Laboratory ( AFRL/SNHS ) sponsorship Seven weeks of training data Two weeks of detection data Data description DARPA98 data format 897048008.080700 > S ACK 1055330111:1055330111(0) win 512 – Time stamp: 897048008.080700 – Source IP address + port: – Destination IP address + port: – TCP flag: S (maybe other : R, F, P) – ACK flag: ACK – Other part of packet header: 1055330111:1055330111(0) win 512 Feature extraction Calculate the metrics in every 5 minute traffic Metrics For example: SYN-SYN_ACK pair SYN-FIN + SYN-RSTactive pair traffic volume SYN packet volume ?? Good Luck ?

IT Governance Administrative Technology Working Group Emerging Technology Working Group Instructional Technology Working Group

Statistical method Statistical based IDS Goals: Using statistical metrics in addition to algorithm so that differentiate the anomaly traffic from benign traffic, in addition to so that differentiate different types of attacks. – Advantage: detect unknown attacks – Disadvantage: false positive in addition to false negative Hidden Markov Model (HMM) HMM is a very useful statistical learning model. It has been successfully implemented in the speech recognition. – Advantage 1. analyzing sequence data (using observation probability in addition to transition probability so that represent) 2. unsurprised data training in addition to surprised data training 3. high accuracy – Disadvantage comparatively long training time Double Gaussian model Introduction – Two Gaussion distribution models are used so that represent two classes of behaviors – Get the two probabilities of current behavior using different two-class Gaussian parameters – Compare them. The current behavior belongs so that the larger probability class. Training period – Get the two-class Gaussian parameters Detection period – Use two-class Gaussian parameters so that get probabilities in addition to compare them

Double Gaussian model Advantage Simple, easy so that understand Fast Disadvantage No sequence characteristic Result analysis Evaluation – Important quantitative analysis: false positive + false negative – Looking at metric value, in addition to finding the reasons – Repeating experiments

Mincks, John Meteorologist

Mincks, John is from United States and they belong to Meteorologist and work for 12 News Weekend at 10 PM – KPNX-TV in the AZ state United States got related to this Particular Article.

Journal Ratings by Davenport College of Business, Grand Rapids

This Particular Journal got reviewed and rated by and short form of this particular Institution is US and gave this Journal an Excellent Rating.