NATE
- 10 September 2001
- proceedings article
- Published by Association for Computing Machinery (ACM)
Abstract
A new approach to network intrusion detection is needed to solve the monitoring problems of high volume network data and the time constraints for Intrusion Detection System (IDS) management. Most current network IDS's have not been specifically designed for high speed traffic or low maintenance. We propose a solution to these problems which we call NATE, Network Analysis of Anomalous Traffic Events. Our approach features minimal network traffic measurement, an anomaly-based detection method, and a limited attack scope. NATE is similar to other lightweight approaches in its simplified design, but our approach, being anomaly based, should be more efficient in both operation and maintenance than other lightweight approaches. We present the method and perform an empirical test using MIT Lincoln Lab's data.Keywords
This publication has 5 references indexed in Scilit:
- Architecture for an Artificial Immune SystemEvolutionary Computation, 2000
- Computer immunologyCommunications of the ACM, 1997
- Principles of a computer immune systemPublished by Association for Computing Machinery (ACM) ,1997
- Finding Groups in DataPublished by Wiley ,1990
- A network security monitorPublished by Institute of Electrical and Electronics Engineers (IEEE) ,1990