Intrusion Detection Method Based on Kernel Density Estimator

通过分析现有入侵检测技术的不足,探讨基于孤立点挖掘的入侵检测技术的优势,提出一种基于核密度估计的入侵检测方法。该方法通过核密度估计求出孤立点的近似集,再通过筛选近似集获得最终的孤立点集合,从而检测入侵记录。阐述了具体实现方案,通过仿真实验验证了该方法的可行性。This paper analyses the disadvantages of the existing intrusion detection technology and discusses the advantages of intrusion detection based on outlier mining,a new intrusion detection method based on kernel density estimator called IDKD is proposed.In IDKD,the approximate set of outliers is calculated by kernel density estimator through one data set pass,and the indeed set of outliers is generated from the approximate set by another data set pass,the anomaly records are detected.This method is applied in KDD99 data set and gets satisfactory results

Machine Learning Techniques for Characterizing IEEE 802.11b Encrypted Data Streams

As wireless networks become an increasingly common part of the infrastructure in industrialized nations, the vulnerabilities of this technology need to be evaluated. Even though there have been major advancements in encryption technology, security protocols and packet header obfuscation techniques, other distinguishing characteristics do exist in wireless network traffic. These characteristics include packet size, signal strength, channel utilization and others. Using these characteristics, windows of size 11, 31, and 51 packets are collected and machine learning (ML) techniques are trained to classify applications accessing the 802.11b wireless channel. The four applications used for this study included E-Mail, FTP, HTTP, and Print. Using neural networks and decision trees, the overall success (correct identification of applications) of the ML systems ranged from a low average of 65.8% for neural networks to a high of 85.9% for decision trees. These averages are a result of all classification attempts including the case where only one application is accessing the medium and also the unique combinations of two and three different applications

On traffic analysis attacks and countermeasures

Security and privacy have gained more and more attention with the rapid growth and public acceptance of the Internet as a means of communication and information dissemination. Security and privacy of a computing or network system may be compromised by a variety of well-crafted attacks. In this dissertation, we address issues related to security and privacy in computer network systems. Specifically, we model and analyze a special group of network attacks, known as traffic analysis attacks, and develop and evaluate their countermeasures. Traffic analysis attacks aim to derive critical information by analyzing traffic over a network. We focus our study on two classes of traffic analysis attacks: link-load analysis attacks and flow-connectivity analysis attacks. Our research has made the following conclusions: 1. We have found that an adversary may effectively discover link load by passively analyzing selected statistics of packet inter-arrival times of traffic flows on a network link. This is true even if some commonly used countermeasures (e.g., link padding) have been deployed. We proposed an alternative effective countermeasure to counter this passive traffic analysis attack. Our extensive experimental results indicated this to be an effective approach. 2. Our newly proposed countermeasure may not be effective against active traffic analysis attacks, which an adversary may also use to discover the link load. We developed methodologies in countering these kinds of active attacks. 3. To detect the connectivity of a flow, an adversary may embed a recognizable pattern of marks into traffic flows by interference. We have proposed new countermeasures based on the digital filtering technology. Experimental results have demonstrated the effectiveness of our method. From our research, it is obvious that traffic analysis attacks present a serious challenge to the design of a secured computer network system. It is the objective of this study to develop robust but cost-effective solutions to counter link-load analysis attacks and flow-connectivity analysis attacks. It is our belief that our methodology can provide a solid foundation for studying the entire spectrum of traffic analysis attacks and their countermeasures

Modeling and control of network traffic for performance and secure communications

The objective of this research is to develop innovative techniques for modeling and control of network congestion. Most existing network controls have discontinuous actions, but such discontinuity in control actions is commonly omitted in analytical models, and instead continuous models were widely adopted in the literature. This approximation works well under certain conditions, but it does cause significant discrepancy in creating robust, responsive control solutions for congestion management. In this dissertation, I investigated three major topics. I proposed a generic discontinuous congestion control model and its design methodology to guarantee asymptotic stability and eliminate traffic oscillation, based on the sliding mode control (SMC) theory. My scheme shows that discontinuity plays a crucial role in optimization of the I-D based congestion control algorithms. When properly modeled, the simple I-D control laws can be made highly robust to parameter and model uncertainties. I discussed applicability of this model to some existing flow or congestion control schemes, e.g. XON/XOFF, rate and window based AIMD, RED, etc. It can also be effectively applied to design of detection and defense of distributed denial of service (DDoS) attacks. DDoS management can be considered a special case of the flow control problem. Based on my generic discontinuous congestion control model, I developed a backward-propagation feedback control strategy for DDoS detection and defense. It not only prevents DDoS attacks but also provides smooth traffic and bounded queue size. Another application of the congestion control algorithms is design of private group communication networks. I proposed a new technique for protection of group communications by concealment of sender-recipient pairs. The basic approach is to fragment and disperse encrypted messages into packets to be transported along different paths, so that the adversary cannot efficiently determine the source/recipient of a message without correct ordering of all packets. Packet flows among nodes are made balanced, to eliminate traffic patterns related to group activities. I proposed a sliding window-based flow control scheme to control transmission of payload and dummy packets. My algorithms allow flexible tradeoff between traffic concealment and performance requirement