Advertisement

SPAD: A Session Pattern Anomaly Detector for Pre-alerting Intrusions in Home Network

  • Soo-Jin Park
  • Young-Shin Park
  • Yong-Rak Choi
  • Sukhoon Kang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3983)

Abstract

In order to prevent the intrusion in network-based information systems effectively, it is necessary to detect the early sign in advance of intrusion. This sort of pre-alerting approach may be classified as an active prevention, since detecting the various forms of hackers’ intrusion trials to know the vulnerability of systems is not missed and early cross-checked. The existing network-based anomaly detection algorithms that cope with port-scanning and the network vulnerability scans have some weakness in slow scans and coordinated scans. Therefore, a new concept of pre-alerting algorithm is especially attractive to detect effectively the various forms of abnormal accesses for the trial of intrusion regardless of the intrusion methods. In this paper, we propose a session pattern anomaly detector (SPAD) which detects the abnormal service patterns by comparing them with the ordinary normal service patterns.

Keywords

Packet Size Intrusion Detection System Home Network Pattern Comparator Session Classifier 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Solar Designer: Designing and Attacking Port Scan Detection Tools. Phrack Magazine 8(53) (July 8, 1998)Google Scholar
  2. 2.
    Fyodor: The Art of Port Scanning. Phrack Magazine 7(51) (September 01, 1997)Google Scholar
  3. 3.
    Publication of Real-time Network Illegal Scanning Automatic Detection Tool (RTSD), http://www.certcc.or.kr/
  4. 4.
  5. 5.
    Staniford, S., Hoagland, J.A., Mcalerney, J.M.: Practical Automated Detection of Stealthy Portscans, http://www.silicondefense.com/software/spice/index.htm
  6. 6.
    Hoagland, J.A., Staniford, S.: Viewing IDS alerts: Lessons from SnortSnarf. IEEE, Los Alamitos (2001)Google Scholar
  7. 7.
    McHugh, J.: Testing Intrusion Detection Systems: A Cririque of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security 3(4), 262–294 (2000)CrossRefGoogle Scholar
  8. 8.
  9. 9.
  10. 10.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Soo-Jin Park
    • 1
  • Young-Shin Park
    • 1
  • Yong-Rak Choi
    • 1
  • Sukhoon Kang
    • 1
  1. 1.Department of Computer EngineeringDaejeon UniversityDaejeonKorea

Personalised recommendations