Context-based Profiling for Anomaly Intrusion Detection with Diagnosis

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Benferhat Salem Articles by Tabia Karim

2008 Third International Conference on Availability, Reliability and Security

March 04-March 07

ISBN: 978-0-7695-3102-1

	ASCII Text	x
	Benferhat Salem, Tabia Karim, "Context-based Profiling for Anomaly Intrusion Detection with Diagnosis," Availability, Reliability and Security, International Conference on, pp. 618-623, 2008 Third International Conference on Availability, Reliability and Security, 2008.

	BibTex	x
	@article{ 10.1109/ARES.2008.150, author = {Benferhat Salem and Tabia Karim}, title = {Context-based Profiling for Anomaly Intrusion Detection with Diagnosis}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3102-1}, pages = {618-623}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2008.150}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - Context-based Profiling for Anomaly Intrusion Detection with Diagnosis SN - 978-0-7695-3102-1 SP618 EP623 A1 - Benferhat Salem, A1 - Tabia Karim, PY - 2008 KW - Anomaly detection KW - diagnosis KW - traffic profiling. VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

Benferhat Salem

Tabia Karim

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2008.150

Anomaly detection approaches are generally efficient in detecting new attacks. However, they fail in providing any further information regarding the nature of attacks. The first contribution of this paper is to equip an anomaly detection approach with a diagnosis module that classifies anomaly approach outputs in one among well known attack categories. The second contribution concerns a context-based definition of normal network traffic profiles. We provide experimental studies showing for instance that considering normal profile for each service provides better results than considering a unique global normal profile.

Index Terms:

Anomaly detection, diagnosis, traffic profiling.

Citation:

Benferhat Salem, Tabia Karim, "Context-based Profiling for Anomaly Intrusion Detection with Diagnosis," ares, pp.618-623, 2008 Third International Conference on Availability, Reliability and Security, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.