"Detecting Novel Attacks by Identifying Anomalous Network Packet Header" by Philip K. Chan and Matthew V. Mahoney

Electrical Engineering and Computer Science Faculty Publications

Title

Detecting Novel Attacks by Identifying Anomalous Network Packet Headers

Authors

Philip K. Chan
Matthew V. Mahoney

Document Type

Report

Abstract

We describe a simple and efficient network intrusion detection algorithm that detects novel attacks by flagging anomalous field values in packet headers at the data link, network, and transport layers. In the 1999 DARPA off-line intrusion detection evaluation test set (Lippmann et. al. 2000), we detect 76% of probes and 48% of denial of service attacks (at 10 false alarms per day). When this system is merged with the 18 systems in the original evaluation, the average detection rate for attacks of all types increases from 61% to 65%. We investigate the effect on performance when attack free training data is not available.

Publication Date

10-7-2001

Recommended Citation

Mahoney, M.V., Chan, P.K. (2001). Detecting novel attacks by identifying anomalous network packet headers (CS-2001-2). Melbourne, FL. Florida Institute of Technolgy

Download

Included in

Electrical and Computer Engineering Commons

COinS

Electrical Engineering and Computer Science Faculty Publications

Title

Detecting Novel Attacks by Identifying Anomalous Network Packet Headers

Authors

Document Type

Abstract

Publication Date

Recommended Citation

Included in

Search

Browse

Author Corner

Electrical Engineering and Computer Science Faculty Publications

Title

Detecting Novel Attacks by Identifying Anomalous Network Packet Headers

Authors

Document Type

Abstract

Publication Date

Recommended Citation

Included in

Share

Search

Browse

Author Corner