Skip to Main Content
 

Global Search Box

 
 
 
 

ETD Abstract Container

Abstract Header

Probabilistic Model for Detecting Network Traffic Anomalies

Yellapragada, Ramani

Abstract Details

2004, Master of Science (MS), Ohio University, Computer Science (Engineering).

Anomaly-based intrusion detection is a research area in Computer Security, wherein computer and network attacks are differentiated from normal computer interactions. Anomaly-based intrusion detection systems detect attacks by analyzing either computer or network data and flagging abnormalities as intrusions. The abnormalities are detected by analyzing certain parameters that are present in the data. Our approach analyzes certain network parameters, which characterize either a connection or a network service on a monitored host or a network service on a monitored network. This categorization of parameters helps detect varied classes of attacks including denial-of-service, port scan and buffer overflow attacks.

Anomaly-based systems use various analysis techniques to detect parameter anomalies. A new approach based on Bayesian Networks technique for analyzing and detecting anomalies is presented here. The advantage of Bayesian Networks lies in their ability to adaptively learn normal values of parameters without much training, which makes it suitable for real-time analysis. Bayesian Network can be used to combine current evidence and previous knowledge to obtain the probability of anomaly. This property helps in detecting previously seen attacks faster, since the previous knowledge provides strong evidence of an attack. The same property helps reduce the number of false positives, since considerable evidence needs to accumulate for the Bayesian Network to report high probability of anomaly.

Shawn Ostermann (Advisor)
102 p.

Recommended Citations

Citations

  • Yellapragada, R. (2004). Probabilistic Model for Detecting Network Traffic Anomalies [Master's thesis, Ohio University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1088538020

    APA Style (7th edition)

  • Yellapragada, Ramani. Probabilistic Model for Detecting Network Traffic Anomalies. 2004. Ohio University, Master's thesis. OhioLINK Electronic Theses and Dissertations Center, http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1088538020.

    MLA Style (8th edition)

  • Yellapragada, Ramani. "Probabilistic Model for Detecting Network Traffic Anomalies." Master's thesis, Ohio University, 2004. http://rave.ohiolink.edu/etdc/view?acc_num=ohiou1088538020

    Chicago Manual of Style (17th edition)