Risk Factors to Retrieve Anomaly Intrusion Information and Profile User Behavior

Risk Factors to Retrieve Anomaly Intrusion Information and Profile User Behavior

Yun Wang (Yale University, Yale-New Haven Health System & Qualidigm, USA) and Lee Seidman (Qualidigm, USA)
DOI: 10.4018/978-1-60566-148-3.ch017
OnDemand PDF Download:
$37.50

Abstract

The use of network traffic audit data for retrieving anomaly intrusion information and profiling user behavior has been studied previously, but the risk factors associated with attacks remain unclear. This study aimed to identify a set of robust risk factors via the bootstrap resampling and logistic regression modeling methods based on the KDD-cup 1999 data. Of the 46 examined variables, 16 were identified as robust risk factors, and the classification showed similar performances in sensitivity, specificity, and correctly classified rate in comparison with the KDD-cup 1999 winning results that were based on a rule-based decision tree algorithm with all variables. The study emphasizes that the bootstrap simulation and logistic regression modeling techniques offer a novel approach to understanding and identifying risk factors for better information protection on network security.
Chapter Preview
Top

Methods

Data Source

The study sample was drawn from the Third International Knowledge Discovery and Data Mining Tools Competition 1999 data (KDD-cup, 1999), which was created based on the 1998 Defense Advanced Research Projects Agency (DARPA) Intrusion Detection Evaluation offline database developed by the Lincoln Laboratory at Massachusetts Institute of Technology (Cunningham, Lippmann, Fried, Garfinkle, Graf, Kendall, et al., 1999). The full KDD-cup data included 7 weeks of TCP dump network traffic, as training data that were processed into about 5 million connection records, 2 weeks of testing data, and 34 different attack types, was generated on a network that simulated 1,000 Unix hosts and 100 users (Lippmann & Cunningham 2000). The test data do not have the same probability distribution as the training data, and they include additional specific attack types that were not in the training data. The data unit is a connection that consists of about 100 bytes of information and represents a sequence of TCP packets starting and ending at a fixed time window, between which data flows to and from a source IP address to a destination IP address under pre-defined protocols. Each connection record is identified as either normal or a specific attack type. This study used 10% of the training data as a derivation dataset, and the full test data as a validation dataset to identify and examine the risk factors.

Complete Chapter List

Search this Book:
Reset
Dedication
Editorial Advisory Board
Table of Contents
Preface
Indranil Bose
Chapter 1
Varadharajan Sridhar
Telecom operators have a wide variety of functions to perform including marketing of telecom products and services, managing their networks... Sample PDF
Strategic Outsourcing: Opportunities and Challenges for Telecom Operators
$37.50
Chapter 2
Sami J. Habib
This article presents a computer-aided integration tool, iCAD, that can predict a network evolution. We have used the term a network evolution to... Sample PDF
Empirical Prediction of Computer-Network Evolution
$37.50
Chapter 3
Hak Ju Kim
This article seeks to develop a richer understanding of the suitability of IP telephony in the Public Switched Telephony Network (PSTN) with an... Sample PDF
Suitability of IP Telephony in the Public Switched Telephone Network (PSTN): A Case Study
$37.50
Chapter 4
Abid Al Ajeeli
This chapter describes a detailed framework configuration infrastructure design for a high performance network. The configuration is described based... Sample PDF
A Framework for High-Speed Networking
$37.50
Chapter 5
Nurul I. Sarkar, Catherine Byrne, Nabeel A.Y. Al-Qirim
Ethernet network technology is still one of the most popular LAN technologies in use today by many organizations and educational institutions... Sample PDF
Updating on Gigabit Ethernet Implementation: The Case of a Large New Zealand Organization
$37.50
Chapter 6
M. Chandrasekaran, R. S.D. Wahida Banu
This chapter introduces and analyses a class of non-linear congestion control algorithms called polynomial congestion control algorithms. These... Sample PDF
Interaction Between MIMD-Poly & PIPD-Poly Algorithms and other TCP Variants in Multiple Bottleneck TCP Networks
$37.50
Chapter 7
Xabiel G. Pañeda
This chapter presents a method for performance analysis and configuration of audio/video-on-demand services. These kind of services makes use of an... Sample PDF
A Systematic Approach to the Analysis and Configuration of Audio/Video-on-Demand Services
$37.50
Chapter 8
Say Ying Lim
As more and more servers appearing in the wireless environment provide accesses to mobile users, more and more demand and expectation is required by... Sample PDF
Mobile Information Processing Involving Multiple Non-Collaborative Sources
$37.50
Chapter 9
Vilmos Simon
In the next generation IP-based mobile networks, one of the most important QoS parameters are the delay and the delay variation. The cell handover... Sample PDF
Network Planning Algorithms for Optimizing Signalling Load in Mobile Networks
$37.50
Chapter 10
Joon-Yeoul Oh, John P. Mullen
This chapter proposes a very effective heuristic algorithm to address a variation of the cellular network expansion problem and discusses each... Sample PDF
A Heuristic Solution to the Large Scale Cellular Telecommunication Network Expansion Problem
$37.50
Chapter 11
Manuel Vilas
This article introduces a distributed system, called wireless proxy, to mitigate the effects of user mobility over streaming services on IEEE 802.11... Sample PDF
Wireless Proxy: Distributed System to Mitigate the Effects of User Mobility Over Streaming Services on IEEE 802.11 Wireless LANs
$37.50
Chapter 12
R. Radhakrishnan, K. R. Shankarkumar, A. Ebenezer Jeyakumar
In this chapter, we propose a new scheme for Multi User Detection (MUD) using Parallel Interference Cancellation (PIC) technique. This technique... Sample PDF
Soft Decision Parallel Interference Cancellation for Multi-Carrier DS-CDMA
$37.50
Chapter 13
Ghassan Kbar
This chapter introduces a new radio resource management technique based on distributed dynamic channel assignment, and sharing load among Access... Sample PDF
Distributed Resources Management in Wireless LANs that Support Fault Tolerance
$37.50
Chapter 14
Mieso K. Denko
This article proposes a cooperative data caching and prefetching scheme for Mobile Ad Hoc Networks (MANETs). In this scheme, multiple hosts... Sample PDF
Cooperative Data Caching and Prefetching in Wireless Ad Hoc Networks
$37.50
Chapter 15
Essam Natsheh
The challenge in creating a routing protocol for ad-hoc networks is to design a single protocol that can adapt to the wide variety of conditions... Sample PDF
A Survey on Fuzzy Reasoning Applications for Routing Protocols in Wireless Ad-Hoc Networks
$37.50
Chapter 16
Essam Natsheh
Mobile ad-hoc network is a network without infrastructure, where every node has its own protocols and services for powerful cooperation in the... Sample PDF
Fuzzy Linguistic Knowledge for Active Queue Management in Wireless Ad-Hoc Networks
$37.50
Chapter 17
Yun Wang, Lee Seidman
The use of network traffic audit data for retrieving anomaly intrusion information and profiling user behavior has been studied previously, but the... Sample PDF
Risk Factors to Retrieve Anomaly Intrusion Information and Profile User Behavior
$37.50
Chapter 18
Rania Wehbi
In Inter-Vehicle Communication (IVC) networks, the high mobility and lack of infrastructure pose major challenges in designing secure routing... Sample PDF
Network Setup for Secure Routing in Inter-Vehicle Communication Networks
$37.50
Chapter 19
Antonios Alexiou, Christos Bouras, John Papagiannopoulos, Dimitrios Primpas
This chapter presents the design principles that cover the implementation of broadband infrastructure in the region of Western Greece, by examining... Sample PDF
Metropolitan Broadband Networks: Design and Implementation Aspects, and Business Models
$37.50
About the Contributors