Academic Journals Database
Disseminating quality controlled scientific knowledge

A Multi-Stage Network Anomaly Detection Method for Improving Efficiency and Accuracy

Author(s): Yuji Waizumi | Hiroshi Tsunoda | Masashi Tsuji | Yoshiaki Nemoto

Journal: Journal of Information Security
ISSN 2153-1234

Volume: 03;
Issue: 01;
Start page: 18;
Date: 2011;
Original page

Keywords: Network Anomaly Detection | Timeslot-Based Analysis | Flow-Based Analysis | Multi-Stage Traffic Analysis | Flow Reduction

Because of an explosive growth of the intrusions, necessity of anomaly-based Intrusion Detection Systems (IDSs) which are capable of detecting novel attacks, is increasing. Among those systems, flow-based detection systems which use a series of packets exchanged between two terminals as a unit of observation, have an advantage of being able to detect anomaly which is included in only some specific sessions. However, in large-scale networks where a large number of communications takes place, analyzing every flow is not practical. On the other hand, a timeslot-based detection systems need not to prepare a number of buffers although it is difficult to specify anomaly communications. In this paper, we propose a multi-stage anomaly detection system which is combination of timeslot-based and flow-based detectors. The proposed system can reduce the number of flows which need to be subjected to flow-based analysis but yet exhibits high detection accuracy. Through experiments using data set, we present the effectiveness of the proposed method.
Why do you need a reservation system?      Save time & money - Smart Internet Solutions