Attack-norm separation for detecting attack-induced quality problems on computers and networks

Nong Ye, Qiang Chen

Research output: Contribution to journalArticle

4 Scopus citations

Abstract

Cyber attacks on computer and network systems induce system quality and reliability problems, and present a significant threat to the computer and network systems that we are heavily dependent on. Cyber attack detection involves monitoring system data and detecting the attack-induced quality and reliability problems of computer and network systems caused by cyber attacks. Usually there are ongoing normal user activities on computer and network systems when an attack occurs. As a result, the observed system data may be a mixture of attack data and normal use data (norm data). We have established a novel attack-norm separation approach to cyber attack detection that includes norm data cancelation to improve the data quality as an important part of this approach. Aiming at demonstrating the importance of norm data cancelation, this paper presents a set of data modeling and analysis techniques developed to perform norm data cancelation before applying an existing technique of anomaly detection, the chi-square distance monitoring (CSDM), to residual data obtained after norm data cancelation for cyber attack detection. Specifically, a Markov chain model of norm data and an artificial neural network (ANN) of norm data cancelation are developed and tested. This set of techniques is compared with using CSDM alone for cyber attack detection. The results show a significant improvement of detection performance by CSDM with norm data cancelation over CSDM alone.

Original languageEnglish (US)
Pages (from-to)545-553
Number of pages9
JournalQuality and Reliability Engineering International
Volume23
Issue number5
DOIs
StatePublished - Aug 1 2007

Keywords

  • Artificial neural network
  • Attack-norm separation
  • Chi-square distance monitoring
  • Cyber attack detection

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Management Science and Operations Research

Fingerprint Dive into the research topics of 'Attack-norm separation for detecting attack-induced quality problems on computers and networks'. Together they form a unique fingerprint.

  • Cite this