Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Statistical Behavior of Packet Counts for Network Intrusion Detection


Affiliations
1 Department of Electronics and Communications, Menoufia University, Menouf, Egypt
2 Department of Electronics and Communications, Menoufia University, Menouf-32952, Egypt
3 Department of Electronics and Communications, Menoufia University, Menouf-32952, Egypt
     

   Subscribe/Renew Journal


Intrusions and attacks have become a very serious problem in network world. This paper presents a statistical characterization of packet counts that can be used for network intrusion detection. The main idea is based on detecting any suspicious behavior in computer networks depending on the comparison between the correlation results of control and data planes in the presence and absence of attacks using histogram analysis. Signal processing tools such as median filtering, moving average filtering, and local variance estimators are exploited to help in developing network anomaly detection approaches. Therefore, detecting dissimilarity can indicate an abnormal behavior.

Keywords

Anomaly Detection, Statistics, Network Intrusion Detection Systems (NIDS).
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 225

PDF Views: 2




  • Statistical Behavior of Packet Counts for Network Intrusion Detection

Abstract Views: 225  |  PDF Views: 2

Authors

Rania A. Ghazy
Department of Electronics and Communications, Menoufia University, Menouf, Egypt
El-Sayed M. El-Rabaie
Department of Electronics and Communications, Menoufia University, Menouf-32952, Egypt
Moawad I. Dessouky
Department of Electronics and Communications, Menoufia University, Menouf-32952, Egypt
Nawal A. El-Feshawy
Department of Electronics and Communications, Menoufia University, Menouf-32952, Egypt
Fathi E. Abd El-Samie
Department of Electronics and Communications, Menoufia University, Menouf-32952, Egypt

Abstract


Intrusions and attacks have become a very serious problem in network world. This paper presents a statistical characterization of packet counts that can be used for network intrusion detection. The main idea is based on detecting any suspicious behavior in computer networks depending on the comparison between the correlation results of control and data planes in the presence and absence of attacks using histogram analysis. Signal processing tools such as median filtering, moving average filtering, and local variance estimators are exploited to help in developing network anomaly detection approaches. Therefore, detecting dissimilarity can indicate an abnormal behavior.

Keywords


Anomaly Detection, Statistics, Network Intrusion Detection Systems (NIDS).