Host-based packet header anomaly detection using statistical analysis
The exposure of network packets to frequent cyber attacks has increased the need for designing statistical-based anomaly detection recently. Conceptually, the statistical based anomaly detection attracts researcher's attention, but technically, the low attack detection rates remains an open cha...
Saved in:
Main Authors: | , , , , , |
---|---|
Format: | Conference or Workshop Item |
Language: | English |
Published: |
2013
|
Online Access: | http://psasir.upm.edu.my/id/eprint/27210/1/ID%2027210.pdf http://psasir.upm.edu.my/id/eprint/27210/ |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Universiti Putra Malaysia |
Language: | English |
Summary: | The exposure of network packets to frequent cyber attacks has increased the need for designing statistical-based anomaly detection recently. Conceptually, the statistical based anomaly detection attracts researcher's attention, but technically, the low attack detection rates remains an open challenges. We propose a Host-based Packet Header Anomaly Detector (HbPHAD) model that is capable of identifying suspicious packet header behaviour based on
statistical analysis. We compute scoring function using Relative Percentage Ratio (RPR) in calculating normal scores, integrate Linear Regression Analysis (LRA) to differentiate the behaviour of the packets and Cohen's-d (effect size) measurement to pre-define the best
threshold. HbPHAD is an effective solution for statistical-hased anomaly detection 111 identifying suspicious behaviour correctly. The experiment demonstrates that HbPHAD IS effective in accurately detecting suspicious packet at above 99% as an attack detection rate. |
---|