Anomalous Payload-Based Network Intrusion Detection View Full Text


Ontology type: schema:Chapter      Open Access: True


Chapter Info

DATE

2004

AUTHORS

Ke Wang , Salvatore J. Stolfo

ABSTRACT

We present a payload-based anomaly detector, we call PAYL, for intrusion detection. PAYL models the normal application payload of network traffic in a fully automatic, unsupervised and very effecient fashion. We first compute during a training phase a profile byte frequency distribution and their standard deviation of the application payload flowing to a single host and port. We then use Mahalanobis distance during the detection phase to calculate the similarity of new data against the pre-computed profile. The detector compares this measure against a threshold and generates an alert when the distance of the new input exceeds this threshold. We demonstrate the surprising effectiveness of the method on the 1999 DARPA IDS dataset and a live dataset we collected on the Columbia CS department network. In once case nearly 100% accuracy is achieved with 0.1% false positive rate for port 80 traffic. More... »

PAGES

203-222

References to SciGraph publications

Book

TITLE

Recent Advances in Intrusion Detection

ISBN

978-3-540-23123-3
978-3-540-30143-1

Author Affiliations

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-540-30143-1_11

DOI

http://dx.doi.org/10.1007/978-3-540-30143-1_11

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1046166910


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/1005", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Communications Technologies", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/10", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Technology", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "Columbia University", 
          "id": "https://www.grid.ac/institutes/grid.21729.3f", 
          "name": [
            "Computer Science Department, Columbia University, 500 West 120th Street, 10027, New York, NY"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Wang", 
        "givenName": "Ke", 
        "id": "sg:person.015662531051.34", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015662531051.34"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Columbia University", 
          "id": "https://www.grid.ac/institutes/grid.21729.3f", 
          "name": [
            "Computer Science Department, Columbia University, 500 West 120th Street, 10027, New York, NY"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Stolfo", 
        "givenName": "Salvatore J.", 
        "id": "sg:person.01001420634.13", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01001420634.13"
        ], 
        "type": "Person"
      }
    ], 
    "citation": [
      {
        "id": "https://doi.org/10.1145/508791.508835", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1012799055"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/775047.775102", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1014636590"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/952532.952601", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1019126244"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/508171.508186", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1020936982"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/382912.382914", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1026096565"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/s1389-1286(00)00139-0", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1029236591"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-540-45248-5_13", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1037552210", 
          "https://doi.org/10.1007/978-3-540-45248-5_13"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "sg:pub.10.1007/978-3-540-45248-5_13", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1037552210", 
          "https://doi.org/10.1007/978-3-540-45248-5_13"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/msp.2004.28", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1050348736"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1126/science.267.5199.843", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1062549614"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/discex.2003.1194902", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093183580"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/infcom.2003.1209212", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093421908"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/discex.2003.1194879", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093712245"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/secpri.1996.502675", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093902089"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/csac.1998.738566", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1095110610"
        ], 
        "type": "CreativeWork"
      }
    ], 
    "datePublished": "2004", 
    "datePublishedReg": "2004-01-01", 
    "description": "We present a payload-based anomaly detector, we call PAYL, for intrusion detection. PAYL models the normal application payload of network traffic in a fully automatic, unsupervised and very effecient fashion. We first compute during a training phase a profile byte frequency distribution and their standard deviation of the application payload flowing to a single host and port. We then use Mahalanobis distance during the detection phase to calculate the similarity of new data against the pre-computed profile. The detector compares this measure against a threshold and generates an alert when the distance of the new input exceeds this threshold. We demonstrate the surprising effectiveness of the method on the 1999 DARPA IDS dataset and a live dataset we collected on the Columbia CS department network. In once case nearly 100% accuracy is achieved with 0.1% false positive rate for port 80 traffic.", 
    "editor": [
      {
        "familyName": "Jonsson", 
        "givenName": "Erland", 
        "type": "Person"
      }, 
      {
        "familyName": "Valdes", 
        "givenName": "Alfonso", 
        "type": "Person"
      }, 
      {
        "familyName": "Almgren", 
        "givenName": "Magnus", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-540-30143-1_11", 
    "inLanguage": [
      "en"
    ], 
    "isAccessibleForFree": true, 
    "isPartOf": {
      "isbn": [
        "978-3-540-23123-3", 
        "978-3-540-30143-1"
      ], 
      "name": "Recent Advances in Intrusion Detection", 
      "type": "Book"
    }, 
    "name": "Anomalous Payload-Based Network Intrusion Detection", 
    "pagination": "203-222", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1046166910"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-540-30143-1_11"
        ]
      }, 
      {
        "name": "readcube_id", 
        "type": "PropertyValue", 
        "value": [
          "dbea4545196582bd6e6004cb36ea2d4c8fce30e9ed42ecd5d000b25c06477483"
        ]
      }
    ], 
    "publisher": {
      "location": "Berlin, Heidelberg", 
      "name": "Springer Berlin Heidelberg", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-540-30143-1_11", 
      "https://app.dimensions.ai/details/publication/pub.1046166910"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2019-04-16T08:29", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000363_0000000363/records_70068_00000002.jsonl", 
    "type": "Chapter", 
    "url": "https://link.springer.com/10.1007%2F978-3-540-30143-1_11"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-30143-1_11'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-30143-1_11'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-30143-1_11'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-540-30143-1_11'


 

This table displays all metadata directly associated to this object as RDF triples.

125 TRIPLES      23 PREDICATES      41 URIs      20 LITERALS      8 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-540-30143-1_11 schema:about anzsrc-for:10
2 anzsrc-for:1005
3 schema:author Nf53e53526d5d4e2f8fd7aa697fa4f1c3
4 schema:citation sg:pub.10.1007/978-3-540-45248-5_13
5 https://doi.org/10.1016/s1389-1286(00)00139-0
6 https://doi.org/10.1109/csac.1998.738566
7 https://doi.org/10.1109/discex.2003.1194879
8 https://doi.org/10.1109/discex.2003.1194902
9 https://doi.org/10.1109/infcom.2003.1209212
10 https://doi.org/10.1109/msp.2004.28
11 https://doi.org/10.1109/secpri.1996.502675
12 https://doi.org/10.1126/science.267.5199.843
13 https://doi.org/10.1145/382912.382914
14 https://doi.org/10.1145/508171.508186
15 https://doi.org/10.1145/508791.508835
16 https://doi.org/10.1145/775047.775102
17 https://doi.org/10.1145/952532.952601
18 schema:datePublished 2004
19 schema:datePublishedReg 2004-01-01
20 schema:description We present a payload-based anomaly detector, we call PAYL, for intrusion detection. PAYL models the normal application payload of network traffic in a fully automatic, unsupervised and very effecient fashion. We first compute during a training phase a profile byte frequency distribution and their standard deviation of the application payload flowing to a single host and port. We then use Mahalanobis distance during the detection phase to calculate the similarity of new data against the pre-computed profile. The detector compares this measure against a threshold and generates an alert when the distance of the new input exceeds this threshold. We demonstrate the surprising effectiveness of the method on the 1999 DARPA IDS dataset and a live dataset we collected on the Columbia CS department network. In once case nearly 100% accuracy is achieved with 0.1% false positive rate for port 80 traffic.
21 schema:editor Nd85f6694640d4c4c986636f32834c12b
22 schema:genre chapter
23 schema:inLanguage en
24 schema:isAccessibleForFree true
25 schema:isPartOf Ncf90314db2ff4951a29a98a3ef19cde9
26 schema:name Anomalous Payload-Based Network Intrusion Detection
27 schema:pagination 203-222
28 schema:productId N7996a0b28fbe4cd3bc37ef65889204ac
29 N7f052b5d090e4bef9a26e6189e265788
30 N82fac4ff0bf546859fe37a9c1a8bfa78
31 schema:publisher Nc6e45ed5a7df4f309603294936605e3a
32 schema:sameAs https://app.dimensions.ai/details/publication/pub.1046166910
33 https://doi.org/10.1007/978-3-540-30143-1_11
34 schema:sdDatePublished 2019-04-16T08:29
35 schema:sdLicense https://scigraph.springernature.com/explorer/license/
36 schema:sdPublisher N6bff9e931fec4eb0897079f655bb8067
37 schema:url https://link.springer.com/10.1007%2F978-3-540-30143-1_11
38 sgo:license sg:explorer/license/
39 sgo:sdDataset chapters
40 rdf:type schema:Chapter
41 N374dfd5214704833865e4d4a95cbd3d8 rdf:first Nbb1c52912dd74876b8b1d5e4fc464e6a
42 rdf:rest N641dfd8df82c45afb0a540233b9734f8
43 N5f06fdf0df444fe59c99f247b3561e30 schema:familyName Jonsson
44 schema:givenName Erland
45 rdf:type schema:Person
46 N641dfd8df82c45afb0a540233b9734f8 rdf:first N8ec47b40c7dd479e938a78d831b38124
47 rdf:rest rdf:nil
48 N69d54489f27d48a1afd50b82e46b7030 rdf:first sg:person.01001420634.13
49 rdf:rest rdf:nil
50 N6bff9e931fec4eb0897079f655bb8067 schema:name Springer Nature - SN SciGraph project
51 rdf:type schema:Organization
52 N7996a0b28fbe4cd3bc37ef65889204ac schema:name readcube_id
53 schema:value dbea4545196582bd6e6004cb36ea2d4c8fce30e9ed42ecd5d000b25c06477483
54 rdf:type schema:PropertyValue
55 N7f052b5d090e4bef9a26e6189e265788 schema:name dimensions_id
56 schema:value pub.1046166910
57 rdf:type schema:PropertyValue
58 N82fac4ff0bf546859fe37a9c1a8bfa78 schema:name doi
59 schema:value 10.1007/978-3-540-30143-1_11
60 rdf:type schema:PropertyValue
61 N8ec47b40c7dd479e938a78d831b38124 schema:familyName Almgren
62 schema:givenName Magnus
63 rdf:type schema:Person
64 Nbb1c52912dd74876b8b1d5e4fc464e6a schema:familyName Valdes
65 schema:givenName Alfonso
66 rdf:type schema:Person
67 Nc6e45ed5a7df4f309603294936605e3a schema:location Berlin, Heidelberg
68 schema:name Springer Berlin Heidelberg
69 rdf:type schema:Organisation
70 Ncf90314db2ff4951a29a98a3ef19cde9 schema:isbn 978-3-540-23123-3
71 978-3-540-30143-1
72 schema:name Recent Advances in Intrusion Detection
73 rdf:type schema:Book
74 Nd85f6694640d4c4c986636f32834c12b rdf:first N5f06fdf0df444fe59c99f247b3561e30
75 rdf:rest N374dfd5214704833865e4d4a95cbd3d8
76 Nf53e53526d5d4e2f8fd7aa697fa4f1c3 rdf:first sg:person.015662531051.34
77 rdf:rest N69d54489f27d48a1afd50b82e46b7030
78 anzsrc-for:10 schema:inDefinedTermSet anzsrc-for:
79 schema:name Technology
80 rdf:type schema:DefinedTerm
81 anzsrc-for:1005 schema:inDefinedTermSet anzsrc-for:
82 schema:name Communications Technologies
83 rdf:type schema:DefinedTerm
84 sg:person.01001420634.13 schema:affiliation https://www.grid.ac/institutes/grid.21729.3f
85 schema:familyName Stolfo
86 schema:givenName Salvatore J.
87 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.01001420634.13
88 rdf:type schema:Person
89 sg:person.015662531051.34 schema:affiliation https://www.grid.ac/institutes/grid.21729.3f
90 schema:familyName Wang
91 schema:givenName Ke
92 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015662531051.34
93 rdf:type schema:Person
94 sg:pub.10.1007/978-3-540-45248-5_13 schema:sameAs https://app.dimensions.ai/details/publication/pub.1037552210
95 https://doi.org/10.1007/978-3-540-45248-5_13
96 rdf:type schema:CreativeWork
97 https://doi.org/10.1016/s1389-1286(00)00139-0 schema:sameAs https://app.dimensions.ai/details/publication/pub.1029236591
98 rdf:type schema:CreativeWork
99 https://doi.org/10.1109/csac.1998.738566 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095110610
100 rdf:type schema:CreativeWork
101 https://doi.org/10.1109/discex.2003.1194879 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093712245
102 rdf:type schema:CreativeWork
103 https://doi.org/10.1109/discex.2003.1194902 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093183580
104 rdf:type schema:CreativeWork
105 https://doi.org/10.1109/infcom.2003.1209212 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093421908
106 rdf:type schema:CreativeWork
107 https://doi.org/10.1109/msp.2004.28 schema:sameAs https://app.dimensions.ai/details/publication/pub.1050348736
108 rdf:type schema:CreativeWork
109 https://doi.org/10.1109/secpri.1996.502675 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093902089
110 rdf:type schema:CreativeWork
111 https://doi.org/10.1126/science.267.5199.843 schema:sameAs https://app.dimensions.ai/details/publication/pub.1062549614
112 rdf:type schema:CreativeWork
113 https://doi.org/10.1145/382912.382914 schema:sameAs https://app.dimensions.ai/details/publication/pub.1026096565
114 rdf:type schema:CreativeWork
115 https://doi.org/10.1145/508171.508186 schema:sameAs https://app.dimensions.ai/details/publication/pub.1020936982
116 rdf:type schema:CreativeWork
117 https://doi.org/10.1145/508791.508835 schema:sameAs https://app.dimensions.ai/details/publication/pub.1012799055
118 rdf:type schema:CreativeWork
119 https://doi.org/10.1145/775047.775102 schema:sameAs https://app.dimensions.ai/details/publication/pub.1014636590
120 rdf:type schema:CreativeWork
121 https://doi.org/10.1145/952532.952601 schema:sameAs https://app.dimensions.ai/details/publication/pub.1019126244
122 rdf:type schema:CreativeWork
123 https://www.grid.ac/institutes/grid.21729.3f schema:alternateName Columbia University
124 schema:name Computer Science Department, Columbia University, 500 West 120th Street, 10027, New York, NY
125 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...