Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05) - Track 9 Big Island, Hawaii January 03-January 06 ISBN: 0-7695-2268-8
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/HICSS.2005.35
We consider the computer network as a complex, interacting system and present a novel approach to representing anomalous events that occur within the network. This approach is essentially a form of intelligent data reduction that facilitates scalable monitoring of large systems. Specifically, we develop macrostate descriptions of complex networked systems in situations where exact microstate parameters of each element in the system preclude global understanding from first principles. This aids in identifying violations of network policy such as network attacks and misconfigurations. This approach has been verified in several environments. Example responses from network attacks simulated in the laboratory including those contained in the DARPA Lincoln Lab IDS test data as well as from operational network traffic are presented. These results suggest that our approach presents a unique perspective on anomalies in computer network traffic.
Index Terms:
Intrusion detection, network diagnostics, statistical mechanics
Citation:
John C. McEachen, John M. Zachary, "A Novel Approach to Accentuating Anomalous Events in Complex Network Systems," hicss, vol. 9, pp.309a, Proceedings of the 38th Annual Hawaii International Conference on System Sciences (HICSS'05) - Track 9, 2005 Usage of this product signifies your acceptance of the Terms of Use. | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb