Attack-norm separation for detecting attack-induced quality problems on computers and networks

Nong Ye, Qiang Chen

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

Cyber attacks on computer and network systems induce system quality and reliability problems, and present a significant threat to the computer and network systems that we are heavily dependent on. Cyber attack detection involves monitoring system data and detecting the attack-induced quality and reliability problems of computer and network systems caused by cyber attacks. Usually there are ongoing normal user activities on computer and network systems when an attack occurs. As a result, the observed system data may be a mixture of attack data and normal use data (norm data). We have established a novel attack-norm separation approach to cyber attack detection that includes norm data cancelation to improve the data quality as an important part of this approach. Aiming at demonstrating the importance of norm data cancelation, this paper presents a set of data modeling and analysis techniques developed to perform norm data cancelation before applying an existing technique of anomaly detection, the chi-square distance monitoring (CSDM), to residual data obtained after norm data cancelation for cyber attack detection. Specifically, a Markov chain model of norm data and an artificial neural network (ANN) of norm data cancelation are developed and tested. This set of techniques is compared with using CSDM alone for cyber attack detection. The results show a significant improvement of detection performance by CSDM with norm data cancelation over CSDM alone.

Original languageEnglish (US)
Pages (from-to)545-553
Number of pages9
JournalQuality and Reliability Engineering International
Volume23
Issue number5
DOIs
StatePublished - Aug 2007

Fingerprint

Monitoring
Markov processes
Data structures
Attack
Neural networks
Cancellation

Keywords

  • Artificial neural network
  • Attack-norm separation
  • Chi-square distance monitoring
  • Cyber attack detection

ASJC Scopus subject areas

  • Engineering (miscellaneous)
  • Management Science and Operations Research

Cite this

Attack-norm separation for detecting attack-induced quality problems on computers and networks. / Ye, Nong; Chen, Qiang.

In: Quality and Reliability Engineering International, Vol. 23, No. 5, 08.2007, p. 545-553.

Research output: Contribution to journalArticle

@article{7b3bc492f66d4614b664beaaf888b119,
title = "Attack-norm separation for detecting attack-induced quality problems on computers and networks",
abstract = "Cyber attacks on computer and network systems induce system quality and reliability problems, and present a significant threat to the computer and network systems that we are heavily dependent on. Cyber attack detection involves monitoring system data and detecting the attack-induced quality and reliability problems of computer and network systems caused by cyber attacks. Usually there are ongoing normal user activities on computer and network systems when an attack occurs. As a result, the observed system data may be a mixture of attack data and normal use data (norm data). We have established a novel attack-norm separation approach to cyber attack detection that includes norm data cancelation to improve the data quality as an important part of this approach. Aiming at demonstrating the importance of norm data cancelation, this paper presents a set of data modeling and analysis techniques developed to perform norm data cancelation before applying an existing technique of anomaly detection, the chi-square distance monitoring (CSDM), to residual data obtained after norm data cancelation for cyber attack detection. Specifically, a Markov chain model of norm data and an artificial neural network (ANN) of norm data cancelation are developed and tested. This set of techniques is compared with using CSDM alone for cyber attack detection. The results show a significant improvement of detection performance by CSDM with norm data cancelation over CSDM alone.",
keywords = "Artificial neural network, Attack-norm separation, Chi-square distance monitoring, Cyber attack detection",
author = "Nong Ye and Qiang Chen",
year = "2007",
month = "8",
doi = "10.1002/qre.830",
language = "English (US)",
volume = "23",
pages = "545--553",
journal = "Quality and Reliability Engineering International",
issn = "0748-8017",
publisher = "John Wiley and Sons Ltd",
number = "5",

}

TY - JOUR

T1 - Attack-norm separation for detecting attack-induced quality problems on computers and networks

AU - Ye, Nong

AU - Chen, Qiang

PY - 2007/8

Y1 - 2007/8

N2 - Cyber attacks on computer and network systems induce system quality and reliability problems, and present a significant threat to the computer and network systems that we are heavily dependent on. Cyber attack detection involves monitoring system data and detecting the attack-induced quality and reliability problems of computer and network systems caused by cyber attacks. Usually there are ongoing normal user activities on computer and network systems when an attack occurs. As a result, the observed system data may be a mixture of attack data and normal use data (norm data). We have established a novel attack-norm separation approach to cyber attack detection that includes norm data cancelation to improve the data quality as an important part of this approach. Aiming at demonstrating the importance of norm data cancelation, this paper presents a set of data modeling and analysis techniques developed to perform norm data cancelation before applying an existing technique of anomaly detection, the chi-square distance monitoring (CSDM), to residual data obtained after norm data cancelation for cyber attack detection. Specifically, a Markov chain model of norm data and an artificial neural network (ANN) of norm data cancelation are developed and tested. This set of techniques is compared with using CSDM alone for cyber attack detection. The results show a significant improvement of detection performance by CSDM with norm data cancelation over CSDM alone.

AB - Cyber attacks on computer and network systems induce system quality and reliability problems, and present a significant threat to the computer and network systems that we are heavily dependent on. Cyber attack detection involves monitoring system data and detecting the attack-induced quality and reliability problems of computer and network systems caused by cyber attacks. Usually there are ongoing normal user activities on computer and network systems when an attack occurs. As a result, the observed system data may be a mixture of attack data and normal use data (norm data). We have established a novel attack-norm separation approach to cyber attack detection that includes norm data cancelation to improve the data quality as an important part of this approach. Aiming at demonstrating the importance of norm data cancelation, this paper presents a set of data modeling and analysis techniques developed to perform norm data cancelation before applying an existing technique of anomaly detection, the chi-square distance monitoring (CSDM), to residual data obtained after norm data cancelation for cyber attack detection. Specifically, a Markov chain model of norm data and an artificial neural network (ANN) of norm data cancelation are developed and tested. This set of techniques is compared with using CSDM alone for cyber attack detection. The results show a significant improvement of detection performance by CSDM with norm data cancelation over CSDM alone.

KW - Artificial neural network

KW - Attack-norm separation

KW - Chi-square distance monitoring

KW - Cyber attack detection

UR - http://www.scopus.com/inward/record.url?scp=34547849701&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34547849701&partnerID=8YFLogxK

U2 - 10.1002/qre.830

DO - 10.1002/qre.830

M3 - Article

AN - SCOPUS:34547849701

VL - 23

SP - 545

EP - 553

JO - Quality and Reliability Engineering International

JF - Quality and Reliability Engineering International

SN - 0748-8017

IS - 5

ER -