UPM Institutional Repository

Host-based packet header anomaly detection using statistical analysis


Yassin, Warusia and Udzir, Nur Izura and Abdullah, Azizol and Abdullah @ Selimun, Mohd Taufik and Muda, Zaiton and Zulzalil, Hazura (2013) Host-based packet header anomaly detection using statistical analysis. In: International Seminars on Mathematics and Natural Sciences (ISMNS 2013), 15-17 Aug. 2013, Samarkand, Uzbekistan. (pp. 1-8).


The exposure of network packets to frequent cyber attacks has increased the need for designing statistical-based anomaly detection recently. Conceptually, the statistical based anomaly detection attracts researcher's attention, but technically, the low attack detection rates remains an open challenges. We propose a Host-based Packet Header Anomaly Detector (HbPHAD) model that is capable of identifying suspicious packet header behaviour based on statistical analysis. We compute scoring function using Relative Percentage Ratio (RPR) in calculating normal scores, integrate Linear Regression Analysis (LRA) to differentiate the behaviour of the packets and Cohen's-d (effect size) measurement to pre-define the best threshold. HbPHAD is an effective solution for statistical-hased anomaly detection 111 identifying suspicious behaviour correctly. The experiment demonstrates that HbPHAD IS effective in accurately detecting suspicious packet at above 99% as an attack detection rate.

Download File

[img] PDF
ID 27210.pdf
Restricted to Repository staff only until 15 August 2014.

Download (399kB)

Additional Metadata

Item Type: Conference or Workshop Item (Paper)
Divisions: Faculty of Computer Science and Information Technology
Notes: Full text are available at Special Collection Division Office.
Keywords: Packet header anomaly detection; Statistical analysis; Linear regression analysis; Cohen's-d
Depositing User: Erni Suraya Abdul Aziz
Date Deposited: 05 Feb 2014 04:36
Last Modified: 08 Jun 2016 08:35
URI: http://psasir.upm.edu.my/id/eprint/27210
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item