Automatic Detection of Anomalous Behavior in Networks

Abstract

Detection of anomalous behavior in networks is a difficult problem. We created automatic tools that will detect, through traffic monitoring, anomalous behaviors in computer networks. Because signature techniques cannot detect new forms of attacks, we focused on designing adaptive solution to quickly detect new (and old) attacks while minimizing the false alarm rate. Our approach is to form a model of the normal behavior of a network element and then monitor incoming/outing traffic for anomalies. As part of our research, we have also researched methods to model human behavior to detect anomalies in user patterns through mouse movements. In particular, we monitor each user's keystroke, mouse and GUI behavior to determine if he/she is a valid user or an imposter.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2006
Accession Number
ADA458332

Entities

People

  • C. E. Brodley

Organizations

  • Purdue University

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Application Protocols
  • Computer Networks
  • Computer Science
  • Cybersecurity
  • Data Mining
  • Detection
  • False Alarms
  • Feature Extraction
  • Information Science
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Machine Learning
  • Network Science
  • Supervised Machine Learning
  • Transport Protocols

Fields of Study

  • Computer science

Readers

  • Database Systems and Applications
  • Sensor Fusion and Tracking Systems.
  • Systems Analysis and Design