Flow Anomaly Detection in Firewalled Networks

Michael J.  Chapple; Timothy E.  Wright; Robert M. Winding

1st International ICST Workshop on Enterprise Network Security

Research Article

Flow Anomaly Detection in Firewalled Networks

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1109/SECCOMW.2006.359576,
    author={Michael J.  Chapple and Timothy E.  Wright and Robert M. Winding},
    title={Flow Anomaly Detection in Firewalled Networks},
    proceedings={1st International ICST Workshop on Enterprise Network Security},
    publisher={IEEE},
    proceedings_a={WENS},
    year={2007},
    month={5},
    keywords={},
    doi={10.1109/SECCOMW.2006.359576}
}

Michael J. Chapple
Timothy E. Wright
Robert M. Winding
Year: 2007
Flow Anomaly Detection in Firewalled Networks
WENS
IEEE
DOI: 10.1109/SECCOMW.2006.359576

Michael J. Chapple¹^,*, Timothy E. Wright¹^,*, Robert M. Winding¹^,*

1: University of Notre Dame, Notre Dame, IN

*Contact email: mchapple@nd.edu, twright@nd.edu, rwinding@nd.edu

Abstract

Most contemporary intrusion detection systems rely upon comprehensive signature databases containing the characteristics of known attacks, leaving them unable to detect novel attacks. In this paper, we propose the flow anomaly detection system (FADS), an anomaly detection system based upon the analysis of network flow data in controlled environments. We show that the standard deviation and interquartile range techniques produce a manageable number of alerts when applied to this data and demonstrate the effectiveness of the system through analysis of case studies. We also demonstrate that FADS' performance is sufficient to facilitate implementation as an anomaly detection system

Published: 2007-05-15
Publisher: IEEE

: http://dx.doi.org/10.1109/SECCOMW.2006.359576

Flow Anomaly Detection in Firewalled Networks

Abstract

About EAI

Community

Publish with EAI