Sciweavers

Share
IACR
2016

Packet Header Anomaly Detection Using Bayesian Topic Models

5 years 6 months ago
Packet Header Anomaly Detection Using Bayesian Topic Models
A method of network intrusion detection is proposed based on Bayesian topic models. The method employs tcpdump packets and extracts multiple features from the packet headers. A topic model is trained using the normal traffic in order to learn feature patterns of the normal traffic. Then the test traffic is analyzed against the learned normal feature patterns to measure the extent to which the test traffic resembles the learned feature patterns. Since the feature patterns are learned using only the normal traffic, the test traffic is likely to be normal if its feature pattern resembles the learned feature patterns. An attack alarm is raised when the test traffic’s resemblance to the learned feature patterns is lower than a threshold. Experiment shows that our method is efficient in attack detection. It answers the open question how to detect network intrusions using topic models.
Xuefei Cao, Bo Chen, Hui Li 0006, Yulong Fu
Added 03 Apr 2016
Updated 03 Apr 2016
Type Journal
Year 2016
Where IACR
Authors Xuefei Cao, Bo Chen, Hui Li 0006, Yulong Fu
Comments (0)
books