Packet header anomaly detection using statistical analysis
The disclosure of network packets to recurrent cyber intrusion has upraised the essential for modelling various statistical-based anomaly detection methods lately. Theoretically, the statistical-based anomaly detection method fascinates researcher’s attentiveness, but technologically, the fewer intr...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Published: |
Springer International Publishing (SpringerLink)
2014
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/38895/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Putra Malaysia |
| id |
my.upm.eprints.38895 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.388952016-06-08T08:42:50Z http://psasir.upm.edu.my/id/eprint/38895/ Packet header anomaly detection using statistical analysis Yassin, Warusia Udzir, Nur Izura Abdullah, Azizol Abdullah @ Selimun, Mohd Taufik Muda, Zaiton Zulzalil, Hazura The disclosure of network packets to recurrent cyber intrusion has upraised the essential for modelling various statistical-based anomaly detection methods lately. Theoretically, the statistical-based anomaly detection method fascinates researcher’s attentiveness, but technologically, the fewer intrusion detection rates persist as vulnerable disputes. Thus, a Host-based Packet Header Anomaly Detection (HbPHAD) model that is proficient in pinpoint suspicious packet header behaviour based on statistical analysis is proposed in this paper. We perform scoring mechanism using Relative Percentage Ratio (RPR) in scheming normal scores, desegregate Linear Regression Analysis (LRA) to distinguish the degree of packets behaviour (i.e. fit to be suspicious or not suspicious) and Cohen’s-d (effect size) dimension to pre-define the finest threshold. HbPHAD is an effectual resolution for statistical-based anomaly detection method in pinpoint suspicious behaviour precisely. The experiment validate that HbPHAD is effectively in correctly detecting suspicious packet at above 90% as an intrusion detection rate for both ISCX 2012 and is capable to detect 40 attack types from DARPA 1999 benchmark dataset. Springer International Publishing (SpringerLink) 2014 Conference or Workshop Item NonPeerReviewed Yassin, Warusia and Udzir, Nur Izura and Abdullah, Azizol and Abdullah @ Selimun, Mohd Taufik and Muda, Zaiton and Zulzalil, Hazura (2014) Packet header anomaly detection using statistical analysis. In: 7th International Conference on Computational Intelligence in Security for Information Systems (CISIS14), 25-27 June 2014, Bilbao, Spain. (pp. 473-482). 10.1007/978-3-319-07995-0_47 |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| description |
The disclosure of network packets to recurrent cyber intrusion has upraised the essential for modelling various statistical-based anomaly detection methods lately. Theoretically, the statistical-based anomaly detection method fascinates researcher’s attentiveness, but technologically, the fewer intrusion detection rates persist as vulnerable disputes. Thus, a Host-based Packet Header Anomaly Detection (HbPHAD) model that is proficient in pinpoint suspicious packet header behaviour based on statistical analysis is proposed in this paper. We perform scoring mechanism using Relative Percentage Ratio (RPR) in scheming normal scores, desegregate Linear Regression Analysis (LRA) to distinguish the degree of packets behaviour (i.e. fit to be suspicious or not suspicious) and Cohen’s-d (effect size) dimension to pre-define the finest threshold. HbPHAD is an effectual resolution for statistical-based anomaly detection method in pinpoint suspicious behaviour precisely. The experiment validate that HbPHAD is effectively in correctly detecting suspicious packet at above 90% as an intrusion detection rate for both ISCX 2012 and is capable to detect 40 attack types from DARPA 1999 benchmark dataset. |
| format |
Conference or Workshop Item |
| author |
Yassin, Warusia Udzir, Nur Izura Abdullah, Azizol Abdullah @ Selimun, Mohd Taufik Muda, Zaiton Zulzalil, Hazura |
| spellingShingle |
Yassin, Warusia Udzir, Nur Izura Abdullah, Azizol Abdullah @ Selimun, Mohd Taufik Muda, Zaiton Zulzalil, Hazura Packet header anomaly detection using statistical analysis |
| author_facet |
Yassin, Warusia Udzir, Nur Izura Abdullah, Azizol Abdullah @ Selimun, Mohd Taufik Muda, Zaiton Zulzalil, Hazura |
| author_sort |
Yassin, Warusia |
| title |
Packet header anomaly detection using statistical analysis |
| title_short |
Packet header anomaly detection using statistical analysis |
| title_full |
Packet header anomaly detection using statistical analysis |
| title_fullStr |
Packet header anomaly detection using statistical analysis |
| title_full_unstemmed |
Packet header anomaly detection using statistical analysis |
| title_sort |
packet header anomaly detection using statistical analysis |
| publisher |
Springer International Publishing (SpringerLink) |
| publishDate |
2014 |
| url |
http://psasir.upm.edu.my/id/eprint/38895/ |
| _version_ |
1643832265873031168 |