loading...
Performance Evaluation of a Multi-Stage Network Event Detection Scheme for Decreasing the False-Positive Rate for a Large Number of Simultaneous, Unknown Events
Sainte-Luce, Martinique, France April 22-April 28
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICN.2007.71Sixth International Conference on Net ...
 This Article 
 
Buy PURCHASE ARTICLE: $19
PDF
HTML
Buy IEEE Xplore Subscribers
 
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
ASCII Text
x 
 
Tutomu Murase, Hiroki Fujiwara, Yukinobu Fukushima, Masayoshi Kobayashi, Tokumi Yokohira, "Performance Evaluation of a Multi-Stage Network Event Detection Scheme for Decreasing the False-Positive Rate for a Large Number of Simultaneous, Unknown Events," International Conference on Networking, pp. 97, Sixth International Conference on Networking (ICN'07), 2007.
 
 
BibTex
x
 
@article{ 10.1109/ICN.2007.71,
author = {Tutomu Murase and Hiroki Fujiwara and Yukinobu Fukushima and Masayoshi Kobayashi and Tokumi Yokohira},
title = {Performance Evaluation of a Multi-Stage Network Event Detection Scheme for Decreasing the False-Positive Rate for a Large Number of Simultaneous, Unknown Events},
journal ={International Conference on Networking},
volume = {0},
year = {2007},
isbn = {0-7695-2805-8},
pages = {97},
doi = {http://doi.ieeecomputersociety.org/10.1109/ICN.2007.71},
publisher = {IEEE Computer Society},
address = {Los Alamitos, CA, USA},
}
 
 
RefWorks Procite/RefMan/Endnote
x 
 
TY - CONF
JO - International Conference on Networking
TI - Performance Evaluation of a Multi-Stage Network Event Detection Scheme for Decreasing the False-Positive Rate for a Large Number of Simultaneous, Unknown Events
SN - 0-7695-2805-8
SP
EP
A1 - Tutomu Murase,
A1 - Hiroki Fujiwara,
A1 - Yukinobu Fukushima,
A1 - Masayoshi Kobayashi,
A1 - Tokumi Yokohira,
PY - 2007
KW - Virus
KW - Worm
KW - Multi-Stage Network Anomaly Detection
KW - Change-Point Detection
KW - Large-Scale Simultaneous Event
VL - 0
JA - International Conference on Networking
ER -
 
Tutomu Murase, NEC Corporation, Japan
Hiroki Fujiwara, Okayama University, Japan
Yukinobu Fukushima, Okayama University, Japan
Masayoshi Kobayashi, NEC Corporation, Japan
Tokumi Yokohira, Okayama University, Japan
Change-point detection schemes are a promising approach for detecting network anomalies, such as attacks and epidemics by unknown viruses and worms. They detect those events as change-points. However, they generally also detect false-positive change-points, those caused by other events such as hardware trouble. A scheme is needed that only detects true-positive change-points, caused by attacks and epidemics. True-positive change-points tend to occur simultaneously in very large numbers, while false-positive change-points tend to occur sporadically. We can exclude false-positive change-points by excluding change-points that occur sporadically, based on information gathered from the entire network. In this paper, we propose a multi-stage network event detection scheme that aggregates change-point information from distributed IDSs (Intrusion Detection Systems) and detects the true-positive change-points. Simulation results show that, compared to a scheme using only one IDS, our method always yields a smaller false-positive rate under the constraint that the detection rate of the true-positive change-points must exceed 0.99.
Index Terms:
Virus, Worm, Multi-Stage Network Anomaly Detection, Change-Point Detection, Large-Scale Simultaneous Event
Citation:
Tutomu Murase, Hiroki Fujiwara, Yukinobu Fukushima, Masayoshi Kobayashi, Tokumi Yokohira, "Performance Evaluation of a Multi-Stage Network Event Detection Scheme for Decreasing the False-Positive Rate for a Large Number of Simultaneous, Unknown Events," icn, pp.97, Sixth International Conference on Networking (ICN'07), 2007
Usage of this product signifies your acceptance of the Terms of Use.