Name
Abstract | ||
|---|---|---|
There are many recent studies and proposal in Anomaly Detection Techniques, especially in worm and virus detection. In this field it does matter to answer few important questions like at which ISO/OSI layer data analysis is done and which approach is used. Furthermore these works suffer of scarcity of real data due to lack of network resources or privacy problem: almost every work in this sector uses synthetic (e.g. DARPA) or pre-made set of data. Our study is based on layer seven quantities (number of e-mail sent in a chosen period): we analyzed quantitatively our network e-mail traffic (4 SMTP servers, 10 class C networks) and applied our method on gathered data to detect indirect worm infection (worms which use e-mail to spread infection). ne method is a threshold method and, in our dataset, it identified various worm activities. In this document we show our data analysis and results in order to stimulate new approaches and debates in Anomaly Intrusion Detection Techniques. |
Year | DOI | Venue |
|---|---|---|
2008 | 10.1007/978-3-540-88181-0_22 | PROCEEDINGS OF THE INTERNATIONAL WORKSHOP ON COMPUTATIONAL INTELLIGENCE IN SECURITY FOR INFORMATION SYSTEMS CISIS 2008 |
Keywords | Field | DocType |
Anomaly Detection Techniques,indirect worm,real e-mail traffic | Data mining,Anomaly detection,Worm infection,Scarcity,Resource (disambiguation),Server,Engineering,OSI model,Intrusion detection system | Conference |
Volume | Issue | ISSN |
53 | 4 | 1615-3871 |
Citations | PageRank | References |
0 | 0.34 | 12 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Maurizio Aiello | 1 | 109 | 13.92 |
| Davide Chiarella | 2 | 0 | 0.34 |
| Gianluca Papaleo | 3 | 98 | 9.93 |