Sciweavers

IWIA
2003
IEEE

Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection

13 years 9 months ago
Stochastic Protocol Modeling for Anomaly Based Network Intrusion Detection
1 A new method for detecting anomalies in the usage of protocols in computer networks is presented in this work. The proposed methodology is applied to TCP and disposed in two steps. First, a quantization of the TCP header space is accomplished, so that a unique symbol is associated with each TCP segment. TCP-based network traffic is thus captured, quantized and represented by a sequence of symbols. The second step in our approach is the modeling of these sequences by means of a Markov chain. The analysis of the model obtained for diverse TCP sources reveals that it captures adequately the essence of the protocol dynamics. Once the model is built it is possible to use it as a representation of the normal usage of the protocol, so that deviations from the behavior provided by the model can be considered as a sign of protocol misusage.
Juan M. Estévez-Tapiador, Pedro Garcia-Teod
Added 04 Jul 2010
Updated 04 Jul 2010
Type Conference
Year 2003
Where IWIA
Authors Juan M. Estévez-Tapiador, Pedro Garcia-Teodoro, Jesús E. Díaz-Verdejo
Comments (0)