Learning rules for anomaly detection of hostile network traffic
- 1 January 2003
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
We introduce an algorithm called LERAD that learns rules for finding rare events in nominal time-series data with long range dependencies. We use LERAD to find anomalies in network packets and TCP sessions to detect novel intrusions. We evaluated LERAD on the 1999 DARPA/Lincoln Laboratory intrusion detection evaluation data set and on traffic collected in a university departmental server environment.Keywords
This publication has 5 references indexed in Scilit:
- Learning rules for anomaly detection of hostile network trafficPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- ADAMACM SIGMOD Record, 2001
- The 1999 DARPA off-line intrusion detection evaluationComputer Networks, 2000
- Wide area traffic: the failure of Poisson modelingIEEE/ACM Transactions on Networking, 1995
- On the self-similar nature of Ethernet trafficPublished by Association for Computing Machinery (ACM) ,1993