Analysis of Payload Based Application level Network Anomaly Detection

H
HICSS
2007
40th Annual Hawaii International Conference on System Sciences (HICSS'07)
Abstract - Analysis of Payload Based Application level Network Anomaly Detection

	This Article
	PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Like Zhang Articles by Gregory B. White

40th Annual Hawaii International Conference on System Sciences (HICSS'07)

Analysis of Payload Based Application level Network Anomaly Detection (PDF)

Big Island, Hawaii

January 03-January 06

ISBN: 0-7695-2755-8

	ASCII Text	x
	Like Zhang, Gregory B. White, "Analysis of Payload Based Application level Network Anomaly Detection," Hawaii International Conference on System Sciences, pp. 99a, 40th Annual Hawaii International Conference on System Sciences (HICSS'07), 2007.

	BibTex	x
	@article{ 10.1109/HICSS.2007.75, author = {Like Zhang and Gregory B. White}, title = {Analysis of Payload Based Application level Network Anomaly Detection}, journal ={Hawaii International Conference on System Sciences}, volume = {0}, year = {2007}, issn = {1530-1605}, pages = {99a}, doi = {http://doi.ieeecomputersociety.org/10.1109/HICSS.2007.75}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Hawaii International Conference on System Sciences TI - Analysis of Payload Based Application level Network Anomaly Detection SN - 1530-1605 SP EP A1 - Like Zhang, A1 - Gregory B. White, PY - 2007 KW - null VL - 0 JA - Hawaii International Conference on System Sciences ER -

Like Zhang, University of Texas at San Antonio

Gregory B. White, University of Texas at San Antonio

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/HICSS.2007.75

Most network anomaly detection research is based on packet header fields, while the payload is usually discarded. Preventing unknown attacks and Internet worms has led to a need for application level network anomaly detection. Payload based detection schemes in experiments are often misleading. In this paper, we discuss the problems associated with the experimental results. In the first section, a brief review will be given for application level anomaly detection research. Introduction to several major payload based approaches will be given in section 2. Then we use the DARPA?99 dataset to evaluate the ALAD mechanism, and discuss the problems by using original DARPA?99 datasets for evaluation. In the fourth section, an improved method will be proposed with a focus on detecting payload related attacks. In section 5, we demonstrate how to justify the payload based detection mechanism using the DARPA?99 dataset, and compare with ALAD to demonstrate its advantages.

Citation:

Like Zhang, Gregory B. White, "Analysis of Payload Based Application level Network Anomaly Detection," hicss, pp.99a, 40th Annual Hawaii International Conference on System Sciences (HICSS'07), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.