A Data Correlation Method for Anomaly Detection Systems using Regression Relations
Normal profiles have specific properties which would be changed when an attack occurs. The main property we have considered for each behavior is the correlation between the parameters of it. We compute a correlation matrix for normal sessions in the training phase. Then we select effective security parameters for our detection engine using an equivalent class with a graphical illustration namely Correlation Relation Graph (CRG). These extracted parameters among all parameters of each normal behavior have a relation with each other which could be computed by regression relations. Each behavior has some pairs of selected parameters including the independent parameter and the dependent one. As an inline detection process, we look at the value of selected parameters of each current session and put them into their computed regression relation. If the computed value of the dependent parameter of each pair has a value greater then what we compute by their regression relation, it will be considered as a deviation. Number of deviations per session and the combination of them is used to label a session as normal or attack. The results show that our proposed method has suitable detection rate and false alarm.
Anomaly Detection Data Correlation Correlation Coefficient Correlation Relation Graph Regression Relation Confidence Interval
Amin Hassanzadeh Babak Sadeghiyan
Data Security Research Lab (DSRL)Department of Computer Engineering and IT,Amirkabir University of Technology,Tehran,Iran
国际会议
2009 First International Conference on Future Information Networks(第一届未来信息网络国际会议)
北京
英文
242-248
2009-10-14(万方平台首次上网日期,不代表论文的发表时间)