Learning Rules for Anomaly Detection of Hostile Network Traffic

Authors

Matthew V. Mahoney
Philip K. Chan

Document Type

Report

Abstract

We introduce an algorithm called LERAD that learns rules for finding rare events in nominal time-series data with long range dependencies. We use LERAD to find anomalies in network packets and TCP sessions to detect novel intrusions. LERAD outperforms the original participants in the 1999 DARPA/Lincoln Laboratory intrusion detection evaluation, and detected most attacks that eluded a firewall in a university departmental server environment.

Publication Date

1-10-2003

Recommended Citation

Mahoney, M.V., Chan, P.K. (2003). Learning rules for anomaly detection of hostile network traffic (CS-2003-16). Melbourne, FL. Florida Institute of Technology.