Anomaly Detection Model based on Network using the Session Patterns

Soo Jin Park; Yong Rak Choi

Anomaly Detection Model based on Network using the Session Patterns

Soo Jin Park

Yong Rak Choi

The KIPS Transactions:PartC, Vol. 11, No. 6, pp. 719-724, Dec. 2004

10.3745/KIPSTC.2004.11.6.719, PDF Download:

Abstract

Recently, since the number of internet users is increasing rapidly and, by using the public hacking tools, general network users can intrude computer systems easily, the hacking problem is getting more serious. In order to prevent the intrusion, it is needed to detect the sign in advance of intrusion in a positive prevention by detecting the various forms of hackers' intrusion trials to know the vulnerability of systems. The existing network-based anomaly detection algorithms that cope with port-scanning and the network vulnerability scans have some weakness in intrusion detection. they can not detect slow scans and coordinated scans. therefore, the new concept of algorithm is needed to detect effectively the various forms of abnormal accesses for intrusion regardless of the intrusion methods. In this paper, SPAD(Session Pattern Anomaly Detector) is presented, which detects the abnormal service patterns by comparing them with the ordinary normal service patterns.

Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

S. J. Park and Y. R. Choi, "Anomaly Detection Model based on Network using the Session Patterns," The KIPS Transactions:PartC, vol. 11, no. 6, pp. 719-724, 2004. DOI: 10.3745/KIPSTC.2004.11.6.719.

[ACM Style]

Soo Jin Park and Yong Rak Choi. 2004. Anomaly Detection Model based on Network using the Session Patterns. The KIPS Transactions:PartC, 11, 6, (2004), 719-724. DOI: 10.3745/KIPSTC.2004.11.6.719.