Multivariate Statistical Analysis - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Multivariate Statistical Analysis

Description:

Multivariate Statistical Analysis for Network Attack Detection Nitin Nimran Abstract Online monitoring mechanism to collect important aspects of network traffic and ... – PowerPoint PPT presentation

Number of Views:142
Avg rating:3.0/5.0
Slides: 15
Provided by: Jennife699
Learn more at: https://www.cs.odu.edu
Category:

less

Transcript and Presenter's Notes

Title: Multivariate Statistical Analysis


1
Multivariate Statistical Analysis for Network
Attack Detection
Nitin Nimran
2
Abstract
  • Online monitoring mechanism to collect important
    aspects of network traffic and host data to
    effectively detect network attacks
  • Validation of algorithm for proactively detecting
    attacks such as DDoS, SQL Slammer Worm and Email
    Spam attack

3
Attack detection strategies
  • Rule Based Detection
  • Comparing signatures of well known attacks with
    observed behavior
  • Anomaly Based Detection
  • Build baseline from elements normal behavior.
  • Detect deviation from baseline profile.

4
Measurement attributes to describe behavior
  • Network systems have multiple Measurement
    Attributes (MA)
  • MAs define the operational state (normal,
    uncertain or abnormal) of network element

5
General Measurement Attributes
6
Multivariate Statistical Analysis
  • Multivariate Analysis is applied to quantify the
    behavior based on correlation between MAs
  • Baseline MA is constructed using Hotellings T2
    method

7
Network Model - MANA
  • Multivariate Analysis for Network Attack
    detection (MANA) algorithm is used for online
    monitoring.

8
Test Bed at University of Arizona
9
Email Worm Attack
  • Measurement Attributes used
  • Number of emails invocations per minute
  • DNS request rate

10
SQL Slammer Attack
  • Measurement Attributes used
  • UDP packet rate
  • Outgoing ARP packet rate

11
DoS Attack
  • Measurement Attributes used
  • Legitimate TCP packet rate (TCPout)
  • Total TCP packet rate (TCPtotalRate)

12
Conclusion
  • Strengths
  • The online monitoring and analysis algorithm
    builds an adaptive behavior profile of system
    resources to detect abnormal behavior caused by
    network attacks.
  • Weakness
  • The algorithm is validated only for well known
    attacks such as DoS, Email Worm Spam and MS SQL
    Slammer worm.

13
Reference
  • Qu.Guangzhi, S.Hariri, M.Yousif on
  • Multivariate statistical analysis for network
    attacks detection
  • from The 3rd ACS/IEEE International Conference
    on Computer Systems and Applications, On Page 9,
    2005.

14
  • THANK
  • YOU
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Multivariate Statistical Analysis" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!