TKK |
Tietoverkkolaboratorio
| Opetus
Materials to form topics for S-38.4030 Postgraduate Course on Networking Technology
General instructions
Avoid overlap
Course personnel acknowledges that students taking this course probably do not initially know that much about anomaly detection systems. Be that as it may, we do not wish to see all presentations beginning with "a quick 15-slide introduction to anomaly detection systems". We will expect that a couple of the course participants will make it their task to present the introduction to anomaly detection systems and then we'll assume that everyone else knows the basics.
Work together, form networks with colleagues
To avoid unnnecessary overlap every participant should know what others are doing. Communicate, participate, contribute and educate your fellow students so that you all know what you are doing and you may avoid overlap in content.
Tentative list of materials
Each participant will choose/suggest a topic based on his/her interests and the list of materials below. The participant may also
reserve/suggest his/her own presentation topic together with a list of materials. In general, a good topic for this course will have roughly 6-10 papers as its basis, 2-3 of them from the lists below. Final assignment of
topics will be organized on the first meeting of the seminar.
Below you'll find works and material that deal with anomaly detection. The classification to architectures, systems and methods is somewhat ambiguous and overlaps exist. Expect updates! We also strongly encourage the student to do their own searches on their chosen topic area.
Material is downloadable only within hut.fi or tkk.fi domains!!
General issues and IDS-systems
At least the following points should be considered in the paper&presentation: What is intrusion detection, how does it relate to other areas of network security? What are the different approaches to intrusion detection? How do the different approaches differ from and resemble each other? Are there any common properties between approaches?
Possible topics
- What is anomaly detection?
- Different anomaly types and how are they detected in a network. (Taxonomy for anomalies)
- ...
Anomaly detection-architectures
At least the following points should be considered in the paper&presentation: Do different architectures share similarities? In regards to the traffic process, when is AD applied? How do different networks differ from the viewpoint of AD? How are they the same? Can you form a model on which you could implement an AD-system? Analyze the strengths and weaknesses of the presented solutions.
- (Presentation only): Rob Beverly: A Robust Classifier for Passive TCP/IP Fingerprinting
- Aleksandar Lazarevic, Aysel Ozgur, Levent Ertoz, Jaideep Srivastava and Vipin Kumar: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection
- Theuns Verwoerd and Ray Hunt: Intrusion Detection Techniques and Approaches
- Marina Thottan and Chuanyi Ji :Proactive Anomaly Detection Using Distributed Intelligent Agents
- Roland Büschkes, Dogan Kesdogan, Peter Reichl: How to Increase Security in Mobile Networks by Anomaly Detection
- Roy A. Maxion and Kymie M.C. Tan: Anomaly Detection in Embedded Systems
- Rocky K. C. Chang: Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial
- Constantine Manikopoulos and Symeon Papavassiliou: Network Intrusion and Fault Detection: A Statistical Anomaly Approach
- Stelios Sidiroglou and Angelos D. Keromytis: A Network Worm Vaccine Architecture
- Bo Sun, Kui Wu and Udo W. Pooch: Routing Anomaly Detection in Mobile Ad Hoc Networks
- Michel Mandjes, Iraj Saniee and Alexander L. Stolyar: Load Characterization and Anomaly Detection for Voice Over IP Traffic
- Yong Tang and Shigang Chen: Defending Against Internet Worms: A Signature-Based Approach
- L. Lawrence Ho, Christopher J. Macey, and Ronald Hiller: A Distributed and Reliable Platform for Adaptive Anomaly Detection in IP Networks
- Amy Ward, Peter Glynn and Kathy Richardson: Internet Service Performance Failure Detection
- Paul Barford, Jeffrey Kline, David Plonka and Amos Ron: A Signal Analysis of Network Traffic Anomalies
- Christopher Krügel, Thomas Toth and Engin Kirda: Service Specific Anomaly Detection for Network Intrusion Detection
- Christopher Krügel and Giovanni Vigna: Anomaly Detection of Web-based Attacks
- Yongguang Zhang and Wenke Lee: Intrusion Detection in Wireless Ad-Hoc Networks
- Vinod Yegneswaran, Paul Barford and Dave Plonka: On the Design and Use of Internet Sinks for Network Abuse Monitoring
- Joel Sommers, Paul Barford and Walter Willinger: SPLAT: A visualization tool for mining Internet measurements
Suggested topics
- Overviw on architectural solutions for anomaly detection
- Applicability/Feasibility of a set of solutions and suggested improvements
- ...
AD-methods
At least the following points should be considered in the paper&presentation: What area/type of mathematics and/or statistical analysis is used? Explain what is monitored and how the monitoring results are analysed? How are the analysis results fed into the method? Computationally, how expensive (heavy) is the method? Is the method intended to be real-time? How quickly will it react to anomalies/intrusion attempts? Is the presented method feasible, realistic? Analyze the strengths and weaknesses of the presented methods.
- Data mining in ID
- John E. Dickerson and Julie A. Dickerson:Fuzzy Network Profiling for Intrusion Detection
- V. Alarcon-Aquino and J.A. Barria: Anomaly detection in communication networks using wavelets
- Daniel J. Burroughs, Linda F. Wilson and George V. Cybenko: Analysis of Distributed Intrusion Detection Systems Using Bayesian Methods
- Srnivas Mukkamala, Guadalupe Janoski and Andrew Sung: Intrusion Detection using Neural Networks and Support Vector Machines
- Binh Viet Nguyen: An Application of Support Vector Machines to Anomaly Detection
- Marina Thottan and Chuanyi Ji: Anomaly Detection in IP Networks
- Emre Kýcýman and Armando Fox: Detecting Application-Level Failures in Component-Based Internet Services
- Soon Tee Teoh, Kwan-Liu Ma, S. Felix Wu and Xiaoliang Zhao: A Visual Technique for Internet Anomaly Detection
- Wenke Lee, Salvatore J. Stolfo and Philip K. Chan: Real Time Data Mining-based Intrusion Detection
- Alefiya Hussain John Heidemann Christos Papadopoulos: Identification of Repeated Attacks Using Network Traffic Forensics
- Myron L. Cramer, James Cannady and Jay Harrell: New Methods of Intrusion Detection using Control-
Loop Measurement
- Jungwon Kim and Peter Bentley: An Artificial Immune Model for Network Intrusion Detection
- Sumeet Singh, Cristian Estan, George Varghese and Stefan Savage: Automated Work Fingerprinting
- Soon Tee Teoh, Ke Zhang, Shih-Ming Tseng, Kwan-Liu Ma, and S. Felix Wu: Combining Visual and Automated Data Mining for Near-Real-Time Anomaly Detection and Analysis in BGP
- Tom Anderson, Timothy Roscoe and David Wetherall: Preventing Internet Denial-of-Service with Capabilities
- James Cannady: Artificial Neural Networks for Misuse Detection
- Ke Wang and Salvatore J. Stolfo: Anomalous Payload-based Network Intrusion Detection
- Akhil Lodha: Anomaly Detection using similarity in Packets (seminar report)
Suggested topics
- Classification/Taxonomy of anomaly detection methods
- Analysis of method this and that and suggested improvements
- Things measured in anomaly detection.
- ...
Tietoverkkolaboratorio on nyt osa Tietoliikenne- ja tietoverkkotekniikan
laitosta. Tällä sivulla oleva tieto voi olla
vanhentunutta.
Kurssien ajantasainen tieto on MyCourses-palvelussa.