Scheduled System Maintenance:
On Monday, April 27th, IEEE Xplore will undergo scheduled maintenance from 1:00 PM - 3:00 PM ET (17:00 - 19:00 UTC). No interruption in service is anticipated.
By Topic

A flow based anomaly detection system using chi-square technique

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Muraleedharan, N. ; Comput. Networking & Internet Eng., Centre for Dev. of Adv. Comput. (C-DAC), Bangalore, India ; Parmar, A. ; Kumar, M.

Various tools, which are capable to evade different security mechanisms like firewall, IDS and IPS, exist and that helps the intruders for sending malicious traffic to the network or system. So, inspection of malicious traffic and identification of anomalous activity is very much essential to stop future activity of intruders which can be a possible attack. In this paper we present a flow based system to detect anomalous activity by using IP flow characteristics with chi-square detection mechanism. This system provides solution to identify anomalous activities like scan and flood attack by means of automatic behavior analysis of the network traffic and also give detailed information of attacker, victim, type and time of the attack which can be used for corresponding defense. Anomaly Detection capability of the proposed system is compared with SNORT Intrusion detection system and results prove the very high detection rate of the system over SNORT for different scan and flood attack. The proposed system detects different stealth scan and malformed packets scan. Since the probability of using stealth scan in real attack is very high, this system can identify the real attacks in the initial stage itself and preventive action can be taken.

Published in:

Advance Computing Conference (IACC), 2010 IEEE 2nd International

Date of Conference:

19-20 Feb. 2010