2006 | OriginalPaper | Buchkapitel
Network Anomaly Detection Based on Clustering of Sequence Patterns
verfasst von : Sang-Kyun Noh, Yong-Min Kim, DongKook Kim, Bong-Nam Noh
Erschienen in: Computational Science and Its Applications - ICCSA 2006
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Anomaly detection is a method for determining behaviors which do not accord with normal ones. It is mostly used for detecting abnormal behaviors, mutational and unknown attacks. In this paper, we propose a technique that generates patterns about network-based normal behaviors in blocks of a TCP network session for the anomaly detection. One session is expressed as one pattern based on a stream of the packets in the session, and thus the pattern we generate has a sequential feature. We use the ROCK algorithm to cluster the sequence patterns which have categorical attributes. This algorithm performs clustering based on our similarity function which uses Dynamic Programming. The many sequence patterns of the normal behaviors can be reduced to several representative sequence patterns using the clustering. Our detecting sensor uses profiling dataset that are constructed by the representative sequence patterns of normal behaviors. We show the effectiveness of proposed model by using results from the 1999 DARPA Intrusion Detection Evaluation.