Intrusion detection using geometrical structure

Aruna Jamdagni; Zhiyuan Tan; Priyadarsi Nanda; Xiangjian He; Ren Liu

doi:10.1109/FCST.2009.97

Intrusion detection using geometrical structure

Aruna Jamdagni, Zhiyuan Tan, Priyadarsi Nanda, Xiangjian He, Ren Liu

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

12 Citations (Scopus)

Abstract

We propose a statistical model, namely Geometrical Structure Anomaly Detection (GSAD) to detect intrusion using the packet payload in the network. GSAD takes into account the correlations among the packet payload features arranged in a geometrical structure. The representation is based on statistical analysis of Mahalanobis distances among payload features, which calculate the similarity of new data against precomputed profile. It calculates weight factor to determine anomaly in the payload. In the 1999 DARPA intrusion detection evaluation data set, we conduct several tests for limited attacks on port 80 and port 25. Our approach establishes and identifies the correlation among packet payloads in a network.

Original language	English
Title of host publication	4th International Conference on Frontier of Computer Science and Technology, FCST 2009
Pages	327-333
Number of pages	7
DOIs	https://doi.org/10.1109/FCST.2009.97
Publication status	Published - 2009
Externally published	Yes
Event	4th International Conference on Frontier of Computer Science and Technology, FCST 2009 - Shanghai, China Duration: 17 Dec 2009 → 19 Dec 2009

Publication series

Name	4th International Conference on Frontier of Computer Science and Technology, FCST 2009

Conference

Conference	4th International Conference on Frontier of Computer Science and Technology, FCST 2009
Country/Territory	China
City	Shanghai
Period	17/12/09 → 19/12/09

Keywords

Geometrical structure
Intusion detection
Mahalanobis distance
Pattern recognition
Payload

ASJC Scopus subject areas

General Computer Science

Access to Document

10.1109/FCST.2009.97

Cite this

@inproceedings{ae064caaddca4fbab3643702f0924eea,

title = "Intrusion detection using geometrical structure",

abstract = "We propose a statistical model, namely Geometrical Structure Anomaly Detection (GSAD) to detect intrusion using the packet payload in the network. GSAD takes into account the correlations among the packet payload features arranged in a geometrical structure. The representation is based on statistical analysis of Mahalanobis distances among payload features, which calculate the similarity of new data against precomputed profile. It calculates weight factor to determine anomaly in the payload. In the 1999 DARPA intrusion detection evaluation data set, we conduct several tests for limited attacks on port 80 and port 25. Our approach establishes and identifies the correlation among packet payloads in a network.",

keywords = "Geometrical structure, Intusion detection, Mahalanobis distance, Pattern recognition, Payload",

author = "Aruna Jamdagni and Zhiyuan Tan and Priyadarsi Nanda and Xiangjian He and Ren Liu",

year = "2009",

doi = "10.1109/FCST.2009.97",

language = "English",

isbn = "9780769539324",

series = "4th International Conference on Frontier of Computer Science and Technology, FCST 2009",

pages = "327--333",

booktitle = "4th International Conference on Frontier of Computer Science and Technology, FCST 2009",

note = "4th International Conference on Frontier of Computer Science and Technology, FCST 2009 ; Conference date: 17-12-2009 Through 19-12-2009",

}

Jamdagni, A, Tan, Z, Nanda, P, He, X & Liu, R 2009, Intrusion detection using geometrical structure. in 4th International Conference on Frontier of Computer Science and Technology, FCST 2009., 5392898, 4th International Conference on Frontier of Computer Science and Technology, FCST 2009, pp. 327-333, 4th International Conference on Frontier of Computer Science and Technology, FCST 2009, Shanghai, China, 17/12/09. https://doi.org/10.1109/FCST.2009.97

Intrusion detection using geometrical structure. / Jamdagni, Aruna; Tan, Zhiyuan; Nanda, Priyadarsi et al.
4th International Conference on Frontier of Computer Science and Technology, FCST 2009. 2009. p. 327-333 5392898 (4th International Conference on Frontier of Computer Science and Technology, FCST 2009).

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Intrusion detection using geometrical structure

AU - Jamdagni, Aruna

AU - Tan, Zhiyuan

AU - Nanda, Priyadarsi

AU - He, Xiangjian

AU - Liu, Ren

PY - 2009

Y1 - 2009

N2 - We propose a statistical model, namely Geometrical Structure Anomaly Detection (GSAD) to detect intrusion using the packet payload in the network. GSAD takes into account the correlations among the packet payload features arranged in a geometrical structure. The representation is based on statistical analysis of Mahalanobis distances among payload features, which calculate the similarity of new data against precomputed profile. It calculates weight factor to determine anomaly in the payload. In the 1999 DARPA intrusion detection evaluation data set, we conduct several tests for limited attacks on port 80 and port 25. Our approach establishes and identifies the correlation among packet payloads in a network.

AB - We propose a statistical model, namely Geometrical Structure Anomaly Detection (GSAD) to detect intrusion using the packet payload in the network. GSAD takes into account the correlations among the packet payload features arranged in a geometrical structure. The representation is based on statistical analysis of Mahalanobis distances among payload features, which calculate the similarity of new data against precomputed profile. It calculates weight factor to determine anomaly in the payload. In the 1999 DARPA intrusion detection evaluation data set, we conduct several tests for limited attacks on port 80 and port 25. Our approach establishes and identifies the correlation among packet payloads in a network.

KW - Geometrical structure

KW - Intusion detection

KW - Mahalanobis distance

KW - Pattern recognition

KW - Payload

UR - http://www.scopus.com/inward/record.url?scp=77949791132&partnerID=8YFLogxK

U2 - 10.1109/FCST.2009.97

DO - 10.1109/FCST.2009.97

M3 - Conference contribution

AN - SCOPUS:77949791132

SN - 9780769539324

T3 - 4th International Conference on Frontier of Computer Science and Technology, FCST 2009

SP - 327

EP - 333

BT - 4th International Conference on Frontier of Computer Science and Technology, FCST 2009

T2 - 4th International Conference on Frontier of Computer Science and Technology, FCST 2009

Y2 - 17 December 2009 through 19 December 2009

ER -

Intrusion detection using geometrical structure

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this