Multivariate Statistical Online Analysis for Self Protection against Network Attacks

Detection and self-protection against viruses, worms, and network attacks is urgently needed to protect network systems and their applications from catastrophic loss. Once a network component is infected by viruses, worms, or became a target of the network attacks, its operation state will shift from normal to abnormal. Online monitoring mechanism can be used to collect important aspects of network traffic and host data (CPU utilization, memory usage, etc.), that can effectively detect abnormal behaviors caused by attacks. In this paper, we develop an online multivariate analysis algorithm MANA based on Hotelling’s T multivariate statistical technique [6] to analyze the behaviors of system resources and network protocols in order to proactively detect network attacks. The new algorithm builds an adaptive behavior profile of normal operation for system resources. We have validated this algorithm and showed how it can proactively detect well-known attacks such as Distributed Denial of Service, SQL Slammer Worm, and Email spam attacks. Keyword: Abnormality Distance Metric, Multivariate Online Analysis, Attack Detection, Self Protection