Risk Factors to Retrieve Anomaly Intrusion Information and Profile User Behavior

Risk Factors to Retrieve Anomaly Intrusion Information and Profile User Behavior

Yun Wang (Yale University, Yale-New Haven Health System & Qualidigm, USA) and Lee Seidman (Qualidigm, USA)
DOI: 10.4018/978-1-60566-148-3.ch017
OnDemand PDF Download:


The use of network traffic audit data for retrieving anomaly intrusion information and profiling user behavior has been studied previously, but the risk factors associated with attacks remain unclear. This study aimed to identify a set of robust risk factors via the bootstrap resampling and logistic regression modeling methods based on the KDD-cup 1999 data. Of the 46 examined variables, 16 were identified as robust risk factors, and the classification showed similar performances in sensitivity, specificity, and correctly classified rate in comparison with the KDD-cup 1999 winning results that were based on a rule-based decision tree algorithm with all variables. The study emphasizes that the bootstrap simulation and logistic regression modeling techniques offer a novel approach to understanding and identifying risk factors for better information protection on network security.
Chapter Preview


Data Source

The study sample was drawn from the Third International Knowledge Discovery and Data Mining Tools Competition 1999 data (KDD-cup, 1999), which was created based on the 1998 Defense Advanced Research Projects Agency (DARPA) Intrusion Detection Evaluation offline database developed by the Lincoln Laboratory at Massachusetts Institute of Technology (Cunningham, Lippmann, Fried, Garfinkle, Graf, Kendall, et al., 1999). The full KDD-cup data included 7 weeks of TCP dump network traffic, as training data that were processed into about 5 million connection records, 2 weeks of testing data, and 34 different attack types, was generated on a network that simulated 1,000 Unix hosts and 100 users (Lippmann & Cunningham 2000). The test data do not have the same probability distribution as the training data, and they include additional specific attack types that were not in the training data. The data unit is a connection that consists of about 100 bytes of information and represents a sequence of TCP packets starting and ending at a fixed time window, between which data flows to and from a source IP address to a destination IP address under pre-defined protocols. Each connection record is identified as either normal or a specific attack type. This study used 10% of the training data as a derivation dataset, and the full test data as a validation dataset to identify and examine the risk factors.

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
Indranil Bose
Chapter 1
Varadharajan Sridhar
Telecom operators have a wide variety of functions to perform including marketing of telecom products and services, managing their networks... Sample PDF
Strategic Outsourcing: Opportunities and Challenges for Telecom Operators
Chapter 2
Sami J. Habib
This article presents a computer-aided integration tool, iCAD, that can predict a network evolution. We have used the term a network evolution to... Sample PDF
Empirical Prediction of Computer-Network Evolution
Chapter 3
Hak Ju Kim
This article seeks to develop a richer understanding of the suitability of IP telephony in the Public Switched Telephony Network (PSTN) with an... Sample PDF
Suitability of IP Telephony in the Public Switched Telephone Network (PSTN): A Case Study
Chapter 4
Abid Al Ajeeli
This chapter describes a detailed framework configuration infrastructure design for a high performance network. The configuration is described based... Sample PDF
A Framework for High-Speed Networking
Chapter 5
Nurul I. Sarkar, Catherine Byrne, Nabeel A.Y. Al-Qirim
Ethernet network technology is still one of the most popular LAN technologies in use today by many organizations and educational institutions... Sample PDF
Updating on Gigabit Ethernet Implementation: The Case of a Large New Zealand Organization
Chapter 6
M. Chandrasekaran, R. S.D. Wahida Banu
This chapter introduces and analyses a class of non-linear congestion control algorithms called polynomial congestion control algorithms. These... Sample PDF
Interaction Between MIMD-Poly & PIPD-Poly Algorithms and other TCP Variants in Multiple Bottleneck TCP Networks
Chapter 7
Xabiel G. Pañeda
This chapter presents a method for performance analysis and configuration of audio/video-on-demand services. These kind of services makes use of an... Sample PDF
A Systematic Approach to the Analysis and Configuration of Audio/Video-on-Demand Services
Chapter 8
Say Ying Lim
As more and more servers appearing in the wireless environment provide accesses to mobile users, more and more demand and expectation is required by... Sample PDF
Mobile Information Processing Involving Multiple Non-Collaborative Sources
Chapter 9
Vilmos Simon
In the next generation IP-based mobile networks, one of the most important QoS parameters are the delay and the delay variation. The cell handover... Sample PDF
Network Planning Algorithms for Optimizing Signalling Load in Mobile Networks
Chapter 10
Joon-Yeoul Oh, John P. Mullen
This chapter proposes a very effective heuristic algorithm to address a variation of the cellular network expansion problem and discusses each... Sample PDF
A Heuristic Solution to the Large Scale Cellular Telecommunication Network Expansion Problem
Chapter 11
Manuel Vilas
This article introduces a distributed system, called wireless proxy, to mitigate the effects of user mobility over streaming services on IEEE 802.11... Sample PDF
Wireless Proxy: Distributed System to Mitigate the Effects of User Mobility Over Streaming Services on IEEE 802.11 Wireless LANs
Chapter 12
R. Radhakrishnan, K. R. Shankarkumar, A. Ebenezer Jeyakumar
In this chapter, we propose a new scheme for Multi User Detection (MUD) using Parallel Interference Cancellation (PIC) technique. This technique... Sample PDF
Soft Decision Parallel Interference Cancellation for Multi-Carrier DS-CDMA
Chapter 13
Ghassan Kbar
This chapter introduces a new radio resource management technique based on distributed dynamic channel assignment, and sharing load among Access... Sample PDF
Distributed Resources Management in Wireless LANs that Support Fault Tolerance
Chapter 14
Mieso K. Denko
This article proposes a cooperative data caching and prefetching scheme for Mobile Ad Hoc Networks (MANETs). In this scheme, multiple hosts... Sample PDF
Cooperative Data Caching and Prefetching in Wireless Ad Hoc Networks
Chapter 15
Essam Natsheh
The challenge in creating a routing protocol for ad-hoc networks is to design a single protocol that can adapt to the wide variety of conditions... Sample PDF
A Survey on Fuzzy Reasoning Applications for Routing Protocols in Wireless Ad-Hoc Networks
Chapter 16
Essam Natsheh
Mobile ad-hoc network is a network without infrastructure, where every node has its own protocols and services for powerful cooperation in the... Sample PDF
Fuzzy Linguistic Knowledge for Active Queue Management in Wireless Ad-Hoc Networks
Chapter 17
Yun Wang, Lee Seidman
The use of network traffic audit data for retrieving anomaly intrusion information and profiling user behavior has been studied previously, but the... Sample PDF
Risk Factors to Retrieve Anomaly Intrusion Information and Profile User Behavior
Chapter 18
Rania Wehbi
In Inter-Vehicle Communication (IVC) networks, the high mobility and lack of infrastructure pose major challenges in designing secure routing... Sample PDF
Network Setup for Secure Routing in Inter-Vehicle Communication Networks
Chapter 19
Antonios Alexiou, Christos Bouras, John Papagiannopoulos, Dimitrios Primpas
This chapter presents the design principles that cover the implementation of broadband infrastructure in the region of Western Greece, by examining... Sample PDF
Metropolitan Broadband Networks: Design and Implementation Aspects, and Business Models
About the Contributors