Cryptology ePrint Archive: Report 2016/040

Packet Header Anomaly Detection Using Bayesian Topic Models

Xuefei Cao, Bo Chen, Hui Li and Yulong Fu

Abstract: A method of network intrusion detection is proposed based on Bayesian topic models. The method employs tcpdump packets and extracts multiple features from the packet headers. A topic model is trained using the normal traffic in order to learn feature patterns of the normal traffic. Then the test traffic is analyzed against the learned normal feature patterns to measure the extent to which the test traffic resembles the learned feature patterns. Since the feature patterns are learned using only the normal traffic, the test traffic is likely to be normal if its feature pattern resembles the learned feature patterns. An attack alarm is raised when the test traffic's resemblance to the learned feature patterns is lower than a threshold. Experiment shows that our method is efficient in attack detection. It answers the open question how to detect network intrusions using topic models.

Category / Keywords: intrusion detection, network security, topic model, DARPA99

Date: received 15 Jan 2016, last revised 17 Jan 2016

Contact author: xfcao at xidian edu cn

Available format(s): PDF | BibTeX Citation

Version: 20160118:041608 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]