Abstract | ||
---|---|---|
In the TCP network environment, all unit transmissions are constructed using sessions. In the session, packets are transmitted sequentially. In this case, the previous and next packets contain causality mutually. Thus, we propose a method that models network transmission information based on transitions of packet states. In addition to the transition model, a probability matrix for the multiple state-transition models of all sessions is represented. The matching of the models is achieved using the maximum log-likelihood ratio. Evaluation of the proposed method for intrusion modeling is conducted by using 1999 DARPA data sets. The method is also compared with Snort-2 which is misuse-based intrusion detection system. In addition, the techniques for advancing proposed method are discussed. |
Year | DOI | Venue |
---|---|---|
2006 | 10.1007/11908739_20 | IWSEC |
Keywords | Field | DocType |
maximum log-likelihood ratio,models network transmission information,packet state,darpa data set,network intrusion,multiple transition probability,next packet,multiple state-transition model,tcp network environment,misuse-based intrusion detection system,intrusion modeling,log likelihood ratio,transition probability,state transition,intrusion detection system | Model matching,Data set,Intrusion,Stochastic matrix,Computer science,Network packet,Algorithm,Maximum likelihood,Transmission Control Protocol,Artificial intelligence,Intrusion detection system,Distributed computing | Conference |
Volume | ISSN | ISBN |
4266 | 0302-9743 | 3-540-47699-7 |
Citations | PageRank | References |
1 | 0.45 | 5 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Sang-Kyun Noh | 1 | 20 | 2.36 |
DongKook Kim | 2 | 6 | 2.89 |
Yong-Min Kim | 3 | 8 | 3.01 |
Bong-Nam Noh | 4 | 68 | 14.75 |