An Effective Anomaly Detection Method in SMTP Traffic
نویسندگان
چکیده
We investigate an effective and robust mechanism for detecting SMTP traffic anomaly. Our detection method cumulates the deviation of current delivering status from history behavior based on the leaky integrate-and-fire model to detect anomaly. The simplicity of our detection method is that the method requires neither the set of anomalies to be detected, nor the thresholds to be supplied by the user. Furthermore the proposed method need not store history profile and has low computation overhead, which makes the detection method itself immune to attacks. The performance evaluation results show that leaky integrate-and-fire method is quite effective at detecting constant intensity attacks and increasing intensity attacks in the SMTP traffic. Compared with other anomaly detection method, our detection method has better detecting performance.
منابع مشابه
Anomaly-based Web Attack Detection: The Application of Deep Neural Network Seq2Seq With Attention Mechanism
Today, the use of the Internet and Internet sites has been an integrated part of the people’s lives, and most activities and important data are in the Internet websites. Thus, attempts to intrude into these websites have grown exponentially. Intrusion detection systems (IDS) of web attacks are an approach to protect users. But, these systems are suffering from such drawbacks as low accuracy in ...
متن کاملDetecting Unknown Network Attacks Using Language Models
We propose a method for network intrusion detection based on language models such as n-grams and words. Our method proceeds by extracting these models from TCP connection payloads and applying unsupervised anomaly detection. The essential part of our approach is linear-time computation of similarity measures between language models stored in trie data structures. Results of our experiments cond...
متن کاملEffectively Generating Frequent Episode Rules for Anomaly-based Intrusion Detection*
Datamining is a useful tool for building classifiers to distinguish intrusive behavior from normal network traffic. In this paper, we provide new pruning techniques for the reduction of frequent episode rules to build anomaly-based intrusion detection systems (IDS). This reduction is crucial to use datamining for anomaly detection of unknown attacks. Otherwise, the rule search space may escalat...
متن کاملMoving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملF-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management
Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 6 شماره
صفحات -
تاریخ انتشار 2008