Abstract
Attacks against computers and the Internet are in the news every week. These primarily take the form of malicious code such as viruses and worms, or denial of service attacks. Less commonly reported are attacks which gain access to computers, either for the purpose of producing damage (such as defacing web sites or deleting data) or for the opportunities such access provides to the attacker, such as access to bank accounts or control systems of power stations. In a perspectives article in Science (Wulf and Jones 2009) the authors argue that computer systems are getting less secure, not more, and that traditional models of security based on perimeter defenses are not working.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Amoroso, E.: Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response. Intrusion.net Books, Sparta, New Jersey (1999)
Anderson, D., Lunt, T.F., Javitz, H., Tamaru, A., Valdes, A.: Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (nides). Technical Report SRI-CSL-95-06, SRI International (1995)
anonymous: Maximum Security. Sams.net Publishing, Indianapolis, IN (1997)
Bace, R.G.: Intrusion Detection. MacMillan Technical Publishing, Indianapolis, IN (2000)
Benczúr, A.A., Csalogáy, K., Sarlós, T., Uher, M.: Spamrank – fully automatic link spam detection. In Proceedings of the First International Workshop on Adversarial Information Retrieval on the Web, pp. 25–38 (2005)
Bleha, S., Slivinsky, C., Hussien, B.: Computer-access security systems using keystroke dynamics. IEEE Trans. Pattern Anal. Mach. Intell. 12(12), 1217–1222 (1990)
DeVault, K., Tucey, N., Marchette, D.: Analyzing process table and window title data for user identification in a windows environment. Technical Report NSWCDD/TR-03/122, Naval Surface Warfare Center (2003)
Early, J.P., Brodley, C.E.: Behavioral authentication of server flows. In The 19th Annual Computer Security Applications Conference, pp. 49–55 (2003)
Escamilla, T.: Intrusion Detection: Network Security Beyond the Firewall. Wiley, New York (1998)
Forrest, S., Hofmeyr, S.A.: Immunology as information processing. In: Segel, L.A., Cohen, I. (eds.) Design Prinicples for the Immune System and Other Distributed Autonomous Systems, Santa Fe Institute Studies in the Sciences of Complexity. Oxford University Press, Oxford, UK, 361–387, (2000) Also available at www.cs.unm.edu/~forrest/ism_papers.htm.
Forrest, S., Perelson, A.S., Allen, L., Cherukuri, R.: Self-nonself discrimination in a computer. In 1994 IEEE Symposium on Research in Security and Privacy, pp. 202–212. Los Alamitos, CA (1994); Also available at www.cs.unm.edu/~forrest/isa_papers.htm.
Forrest, S., Hofmeyr, S.A., Somayaji, A.: Computer immunology. Comm. ACM 40, 88–96 (1997)
Giles, K., Marchette, D.J., Priebe, C.E.: A backscatter characterization of denial-of-service attacks. In Proceedings of the Joint Statistical Meetings, CDROM (2003)
Glaz, J., Naus, J., Wallenstein, S.: Scan Statistics. Springer, New York (2010)
Karonski, M., Singer, K., Scheinerman, E.: Random intersection graphs: the subgraph problem. Combinator. Probab. Comput. 8, 131–159 (1999)
Kephart, J.O., White, S.R.: Directed-graph epidemiological models of computer viruses. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 343–359 (1991)
Kephart, J.O., White, S.R.: Measuring and modeling computer virus prevalence. In Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 2–15 (1993)
Lin, D.-T.: Computer-access authentication with neural network based keystroke identity verification. In International Conference on Neural Networks, pp. 174–178 (1997)
Marchette, D.J.: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Springer, New York (2001)
Marchette, D.J.: A study of denial of service attacks on the internet. In Proceedings of the Army Conference on Applied Statistics (2002); 41–40, available at http://www.armyconference.org/ACAS00-02/Master02.pdf
Marchette, D.J.: Passive detection of denial of service attacks on the internet. In: Chen, W. (eds.) Statistical Methods in Computer Security. Marcel Dekker; 183–211.
Marchette, D.J.: Profiling users by their network activity. In Proceedings of the Joint Statistical Meetings 219–228 (2003).
Marchette, D.J.: Random Graphs for Statistical Pattern Recognition. Wiley, New York (2004)
Maxion, R.A.: Masquerade detection using enriched command lines. In International conference on dependable systems and networks(DNS-03). IEEE Computer Society Press, Washington, DC (2003)
Maxion, R.A., Townsend, T.N.: Masquerade detection using truncated command lines. In International conference on dependable systems and networks(DNS-02). IEEE Computer Society Press, Washington, DC (2002)
Moore, D., Voelker, G.M., Savage, S.: Infering Internet denial-of-service activity. In Proceedings of the 2001 USENIX Security Symposium, pp. 9–22 (2001). Available on the web at www.usenix.org/publications/library/proceedings/sec01/moore.html USENIX Security ’01.
Northcutt, S., Novak, J., McLaclan, D.: Network Intrusion Detection. An Analyst’s Handbook. New Riders, Indianapolis, IN (2001)
Obaidat, M.S., Sadoun, B.: Verification of computer users using keystroke dynamics. IEEE Trans. Syst. Man Cybernetics 27(2), 261–269 (1997)
Oshima, S., Nakshima, T., Nishikido, Y.: Extraction of characteristics of anomaly accessed IP packets using chi-square method. In Complex, Intelligent and Softawre Intensive Systems, CISIS ’09, pp. 287–292 (2009)
Priebe, C.E.: Adaptive mixture density estimation. J. Am. Stat. Assoc. 89, 796–806 (1994)
Priebe, C.E., Conroy, J.M., Marchette, D.J., Park, Y.: Scan statistics on enron graphs. Comput. Math. Organ. Theor. 11, 229–247 (2005)
Priebe, C.E., Park, Y., Marchette, D.J., Conroy, J.M., Grothendieck, J., Gorin, A.L.: Statistical inference on attributed random graphs: Fusion of graph features and content: An experiment on time series of enron graphs. Comput. Stat. Data Anal. 54, 1766–1776 (2010)
Proctor, P.E.: The Practical Intrusion Detection Handbook. Prentice-Hall, Englewood Cliffs, NJ (2001)
Robinson, J.A., Liang, V.M., Chambers, J.A.M., MacKenzie, C.L.: Computer user verification using login string keystroke dynamics. IEEE Trans. Syst. Man Cybernetics 28(2), 236–241 (1998)
Sasaki, M., Shinnou, H.: Spam detection using text clustering. International Conference on Cyberworlds. 0, 316–319 (2005); http://doi.ieeecomputersociety.org/10.1109/CW.2005.83.
Schonlau, M., DuMouchel, W., Ju, W.-H., Karr, A.F., Theus, M., Vardi, Y.: Computer intrusion: Detecting masquerades. Stat. Sci. 16, 58–74 (2001)
Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In Proceedings of the 10th USENIX Security Symposium (2001); http://www.usenix.org/publications/library/proceedings/sec01/song.html.
Stevens, W.R.: TCP/IP Illustrated, Volume 1: The Protocols. Addison-Wesley, Reading, MA (1994)
Tan, K.M.C., Maxion, R.A.: “Why 6?” defining the operational limits of stide, an anomaly-based intrusion detector. In IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Washington, DC (2002)
Wegman, E.J., Davies, H.I.: Remarks on some recursive estimators of a probability density. Ann. Stat. 7, 316–327 (1979)
Wegman, E.J., Dorfman, A.: Visualizing cereal world. Technical Report TR 178, George Mason University, Center for Computational Statistics (2001)
Wegman, E.J., Marchette, D.J.: On some techniques for streaming data: a case study of Internet packet headers. JCGS (2003), 12(4), 893–914.
Wierman, J.C., Marchette, D.J.: Modeling computer virus prevalence with a susceptible-infected-susceptible model with reintroduction. Computational Statistics and Data Analysis (2004), 45(1), 3–23.
Wilhelm, A.F.X., Wegman, E.J., Symanzik, J.: Visual clustering and classification: The oronsay particle size data set revisited. Comput. Stat. 109–146 (1999)
Wright, C.V., Ballard, L., Monrose, F., Masson, G.M.: Language identification of encrypted voip traffic: Alejandra y roberto or alice and bob? In SS’07: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 1–12, Berkeley, CA, USA (2007); USENIX Association.
Wulf, W.A., Jones, A.K.: Reflections on cybersecurity. Science 326, 943–944 (2009)
Yamato, H.: Sequential estimation of a continuous probability density function and the mode. Bulletin Math. Stat. 14, 1–12 (1971)
Ye, N., Emran, S.M., Chen, Q., Vilbert, S.: Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Trans. Comput. 51, 810–820 (2002)
Zhou, B., Shi, Q., Merabti, M.: Intrusion detection in pervasive networks based on a chi-square statistic test. In Computer Software and Applications Conference, COMPSAC ’06, vol. 2, pp. 203–208 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Marchette, D.J. (2012). Network Intrusion Detection. In: Gentle, J., Härdle, W., Mori, Y. (eds) Handbook of Computational Statistics. Springer Handbooks of Computational Statistics. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21551-3_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-21551-3_38
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21550-6
Online ISBN: 978-3-642-21551-3
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)