By Topic

A data correlation method for anomaly detection systems using regression relations

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Hassanzadeh, A. ; Dept. of Comput. Eng., Amirkabir Univ. of Technol., Tehran, Iran ; Sadeghiyan, B.

Normal profiles have specific properties which would be changed when an attack occurs. The main property we have considered for each behavior is the correlation between the parameters of it. We compute a correlation matrix for normal sessions in the training phase. Then we select effective security parameters for our detection engine using an equivalent class with a graphical illustration namely correlation relation graph (CRG). These extracted parameters among all parameters of each normal behavior have a relation with each other which could be computed by regression relations. Each behavior has some pairs of selected parameters including the independent parameter and the dependent one. As an inline detection process, we look at the value of selected parameters of each current session and put them into their computed regression relation. If the computed value of the dependent parameter of each pair has a value greater then what we compute by their regression relation, it will be considered as a deviation. Number of deviations per session and the combination of them is used to label a session as normal or attack. The results show that our proposed method has suitable detection rate and false alarm.

Published in:

Future Information Networks, 2009. ICFIN 2009. First International Conference on

Date of Conference:

14-17 Oct. 2009