Home // IMMM 2012, The Second International Conference on Advances in Information Mining and Management // View article

A Novel Dependability Model to Define Normal Network Behavior

Authors:
Maher Salem
Ulrich Buehler

Keywords: correlation matrix; dependability; normal network behavior; linear association

Abstract:
Computer networks augment in heterogeneity so that defining a normal behavior to the network becomes a severe challenge. Particularly, such a normal network behavior is essential for security issues. In addition, this behavior consolidates the intrusion detection system to significantly detect zero-day-attacks. Therefore, in this paper, we introduce a novel dependability model based on the correlation matrix of network features. Moreover, only strongly correlated features are involved in the model such that the normal connections are recognized into the online traffic in advance. The recognition is based on the distance of the incoming traffic to the linear association between the correlated features. Furthermore, the distance is compared to a threshold value to ensure correct recognition. These steps have been evaluated by the benchmark dataset NSL-KDD. The goal of this model is to build an adaptive normal network behavior that represents the intended network continuously, reduces the overhead on the classification, and supports by detecting unknown attacks respectively. The results show that the idea of dependability model in intrusion detection system promises more accuracy and preciseness in anomaly detection

Pages: 15 to 20

Copyright: Copyright (c) IARIA, 2012

Publication date: October 21, 2012

Published in: conference

ISSN: 2326-9332

ISBN: 978-1-61208-227-1

Location: Venice, Italy

Dates: from October 21, 2012 to October 26, 2012