Packet Header Anomaly Detection Using Statistical Analysis

  • Warusia Yassin
  • Nur Izura Udzir
  • Azizol Abdullah
  • Mohd Taufik Abdullah
  • Zaiton Muda
  • Hazura Zulzalil
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 299)


The disclosure of network packets to recurrent cyber intrusion has upraised the essential for modelling various statistical-based anomaly detection methods lately. Theoretically, the statistical-based anomaly detection method fascinates researcher’s attentiveness, but technologically, the fewer intrusion detection rates persist as vulnerable disputes. Thus, a Host-based Packet Header Anomaly Detection (HbPHAD) model that is proficient in pinpoint suspicious packet header behaviour based on statistical analysis is proposed in this paper. We perform scoring mechanism using Relative Percentage Ratio (RPR) in scheming normal scores, desegregate Linear Regression Analysis (LRA) to distinguish the degree of packets behaviour (i.e. fit to be suspicious or not suspicious) and Cohen’s-d (effect size) dimension to pre-define the finest threshold. HbPHAD is an effectual resolution for statistical-based anomaly detection method in pinpoint suspicious behaviour precisely. The experiment validate that HbPHAD is effectively in correctly detecting suspicious packet at above 90% as an intrusion detection rate for both ISCX 2012 and is capable to detect 40 attack types from DARPA 1999 benchmark dataset.


Packet Header Anomaly Detection Statistical Analysis Linear Regression Analysis Cohen’s-d 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Carlos, A.C., Carlos, G.G.: Automatic network intrusion detection: Current techniques and open issues. Computers & Electrical Engineering 38(5), 1062–1072 (2012)CrossRefGoogle Scholar
  2. 2.
    Chen, C.M., Chen, Y.L., Lin, H.C.: An efficient network intrusion detection. Computer Communication 33(4), 477–484 (2010)CrossRefGoogle Scholar
  3. 3.
    Denning, D.: An intrusion detection model. IEEE Transaction on Software Engineering 13(2), 222–232 (1987)CrossRefGoogle Scholar
  4. 4.
    Herrero, A., Navarro, M., Corchado, E., Julián, V.: RT-MOVICAB-IDS: Addressing real-time intrusion detection. Future Generation Computer Systems 29(1), 250–261 (2013)CrossRefGoogle Scholar
  5. 5.
    Lee, W., Stolfo, S.: A framework for constructing features and models for intrusion detection systems. ACM Transaction of Information System Security 3(4), 227–261 (2000)CrossRefGoogle Scholar
  6. 6.
    Lee, K.-C., Chang, J., Chen, M.-S.: PAID: Packet Analysis for Anomaly Intrusion Detection. In: Washio, T., Suzuki, E., Ting, K.M., Inokuchi, A. (eds.) PAKDD 2008. LNCS (LNAI), vol. 5012, pp. 626–633. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Liao, H.J., Lin, C.H.R., Lin, Y.C., Tung, K.Y.: Intrusion Detection System: A comprehensive review. Journal of Network and Computer Application 36(1), 16–24 (2013)CrossRefGoogle Scholar
  8. 8.
    Lippmann, R.P., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The, DARPA Off-Line Intrusion Detection Evaluation. MIT Lincoln Lab Technical Report (2000)Google Scholar
  9. 9.
    Mahoney, M.V., Chan, P.K.: PHAD: Packet Header Anomaly Detection for Identify-ing Hostile Network Traffic. Technical report, Florida Tech., CS-2001-4 (April 2001)Google Scholar
  10. 10.
    Muda, Z., Yassin, W., Sulaiman, M.N., Udzir, N.I.: A K-means and naive bayes learn-ing approach for better intrusion detection. Information Technology Journal 10(3), 648–655 (2011)CrossRefGoogle Scholar
  11. 11.
    Rehman, A., Saba, A.: Evaluation of artificial intelligent techniques to secure infor-mation in enterprises. Artificial Intelligence Review, 1–16 (2012)Google Scholar
  12. 12.
    Rebecca, B., Peter, M.: NIST Special Publication on Intrusion Detection Systems. Infidel, Inc., Scotts Valley, CA and National Institute of Standards and Technology (2001)Google Scholar
  13. 13.
    Shakouri, H., Nadimi, G.R.: Outlier Detection in Fuzzy Linear Regression with Crisp Input-Output by Linguistic Variable View. Applied Soft Computing 13(1), 734–742 (2013)CrossRefGoogle Scholar
  14. 14.
    Shamsuddin, S.B., Woodward, M.E.: Applying Knowledge Discovery in Database Techniques: Modeling Packet Header Anomaly Intrusion Detection Systems. Journal of Software 3(9), 68–76 (2008)CrossRefGoogle Scholar
  15. 15.
    Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a system-atic approach to generate benchmark datasets for intrusion detection. Computers & Security 31(3), 357–374 (2012)CrossRefGoogle Scholar
  16. 16.
    Xiong, W., Hu, H., Xiong, N., Yang, L.T., Park, J.H., Wang, Q.: An anomaly-based detection in ubiquitous network using the equilibrium state of the catastrophe theory. Journal of Supercomputing 64(2), 274–294 (2013)CrossRefGoogle Scholar
  17. 17.
    Yingbing, Y.: A survey of anomaly intrusion detection techniques. Journal of Computer Science 28(1), 9–17 (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Warusia Yassin
    • 1
    • 2
  • Nur Izura Udzir
    • 1
  • Azizol Abdullah
    • 1
  • Mohd Taufik Abdullah
    • 1
  • Zaiton Muda
    • 1
  • Hazura Zulzalil
    • 1
  1. 1.Faculty of Computer Science and Information TechnologyUniversiti Putra MalaysiaSelangorMalaysia
  2. 2.Faculty of Information and Communication TechnologyUniversiti Teknikal MalaysiaMelakaMalaysia

Personalised recommendations