Host-based packet header anomaly detection using statistical analysis

The exposure of network packets to frequent cyber attacks has increased the need for designing statistical-based anomaly detection recently. Conceptually, the statistical based anomaly detection attracts researcher's attention, but technically, the low attack detection rates remains an open cha...

Full description

Saved in:
Bibliographic Details
Main Authors: Yassin, Warusia, Udzir, Nur Izura, Abdullah, Azizol, Abdullah @ Selimun, Mohd Taufik, Muda, Zaiton, Zulzalil, Hazura
Format: Conference or Workshop Item
Language:English
Published: 2013
Online Access:http://psasir.upm.edu.my/id/eprint/27210/1/ID%2027210.pdf
http://psasir.upm.edu.my/id/eprint/27210/
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.upm.eprints.27210
record_format eprints
spelling my.upm.eprints.272102016-06-08T08:35:56Z http://psasir.upm.edu.my/id/eprint/27210/ Host-based packet header anomaly detection using statistical analysis Yassin, Warusia Udzir, Nur Izura Abdullah, Azizol Abdullah @ Selimun, Mohd Taufik Muda, Zaiton Zulzalil, Hazura The exposure of network packets to frequent cyber attacks has increased the need for designing statistical-based anomaly detection recently. Conceptually, the statistical based anomaly detection attracts researcher's attention, but technically, the low attack detection rates remains an open challenges. We propose a Host-based Packet Header Anomaly Detector (HbPHAD) model that is capable of identifying suspicious packet header behaviour based on statistical analysis. We compute scoring function using Relative Percentage Ratio (RPR) in calculating normal scores, integrate Linear Regression Analysis (LRA) to differentiate the behaviour of the packets and Cohen's-d (effect size) measurement to pre-define the best threshold. HbPHAD is an effective solution for statistical-hased anomaly detection 111 identifying suspicious behaviour correctly. The experiment demonstrates that HbPHAD IS effective in accurately detecting suspicious packet at above 99% as an attack detection rate. 2013-08-15 Conference or Workshop Item NonPeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/27210/1/ID%2027210.pdf Yassin, Warusia and Udzir, Nur Izura and Abdullah, Azizol and Abdullah @ Selimun, Mohd Taufik and Muda, Zaiton and Zulzalil, Hazura (2013) Host-based packet header anomaly detection using statistical analysis. In: International Seminars on Mathematics and Natural Sciences (ISMNS 2013), 15-17 Aug. 2013, Samarkand, Uzbekistan. (pp. 1-8).
institution Universiti Putra Malaysia
building UPM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Putra Malaysia
content_source UPM Institutional Repository
url_provider http://psasir.upm.edu.my/
language English
description The exposure of network packets to frequent cyber attacks has increased the need for designing statistical-based anomaly detection recently. Conceptually, the statistical based anomaly detection attracts researcher's attention, but technically, the low attack detection rates remains an open challenges. We propose a Host-based Packet Header Anomaly Detector (HbPHAD) model that is capable of identifying suspicious packet header behaviour based on statistical analysis. We compute scoring function using Relative Percentage Ratio (RPR) in calculating normal scores, integrate Linear Regression Analysis (LRA) to differentiate the behaviour of the packets and Cohen's-d (effect size) measurement to pre-define the best threshold. HbPHAD is an effective solution for statistical-hased anomaly detection 111 identifying suspicious behaviour correctly. The experiment demonstrates that HbPHAD IS effective in accurately detecting suspicious packet at above 99% as an attack detection rate.
format Conference or Workshop Item
author Yassin, Warusia
Udzir, Nur Izura
Abdullah, Azizol
Abdullah @ Selimun, Mohd Taufik
Muda, Zaiton
Zulzalil, Hazura
spellingShingle Yassin, Warusia
Udzir, Nur Izura
Abdullah, Azizol
Abdullah @ Selimun, Mohd Taufik
Muda, Zaiton
Zulzalil, Hazura
Host-based packet header anomaly detection using statistical analysis
author_facet Yassin, Warusia
Udzir, Nur Izura
Abdullah, Azizol
Abdullah @ Selimun, Mohd Taufik
Muda, Zaiton
Zulzalil, Hazura
author_sort Yassin, Warusia
title Host-based packet header anomaly detection using statistical analysis
title_short Host-based packet header anomaly detection using statistical analysis
title_full Host-based packet header anomaly detection using statistical analysis
title_fullStr Host-based packet header anomaly detection using statistical analysis
title_full_unstemmed Host-based packet header anomaly detection using statistical analysis
title_sort host-based packet header anomaly detection using statistical analysis
publishDate 2013
url http://psasir.upm.edu.my/id/eprint/27210/1/ID%2027210.pdf
http://psasir.upm.edu.my/id/eprint/27210/
_version_ 1643829117702897664
score 13.211869