"Learning Rules for Anomaly Detection of Hostile Network Traffic" by Matthew V. Mahoney and Philip K. Chan

Electrical Engineering and Computer Science Faculty Publications

Title

Learning Rules for Anomaly Detection of Hostile Network Traffic

Authors

Matthew V. Mahoney
Philip K. Chan

Document Type

Report

Abstract

We introduce an algorithm called LERAD that learns rules for finding rare events in nominal time-series data with long range dependencies. We use LERAD to find anomalies in network packets and TCP sessions to detect novel intrusions. LERAD outperforms the original participants in the 1999 DARPA/Lincoln Laboratory intrusion detection evaluation, and detected most attacks that eluded a firewall in a university departmental server environment.

Publication Date

1-10-2003

Recommended Citation

Mahoney, M.V., Chan, P.K. (2003). Learning rules for anomaly detection of hostile network traffic (CS-2003-16). Melbourne, FL. Florida Institute of Technology.

Download

Included in

Electrical and Computer Engineering Commons

COinS

Electrical Engineering and Computer Science Faculty Publications

Title

Learning Rules for Anomaly Detection of Hostile Network Traffic

Authors

Document Type

Abstract

Publication Date

Recommended Citation

Included in

Search

Browse

Author Corner

Electrical Engineering and Computer Science Faculty Publications

Title

Learning Rules for Anomaly Detection of Hostile Network Traffic

Authors

Document Type

Abstract

Publication Date

Recommended Citation

Included in

Share

Search

Browse

Author Corner