Abstract
Detection of anomalous network traffic is accomplished using a generalized likelihood ratio test (GLRT) applied to traffic arrival times. The network traffic arrival times are modelled using a Markov modulated Poisson process (MMPP). The GLRT is implemented using an estimate of the MMPP parameter obtained from training data that is not anomalous. MMPP parameter estimation is accomplished using Ryden's expectation-maximization (EM) approach. Using data from the 1999DARPA intrusion detection evaluation, the performance of a GLRT using an MMPP, a Poisson process, and a mixture of exponentials is compared. The MMPP-based GLRT has the best performance and the largest computational requirements.
Paper version not known (
Free)
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call