Paper 2016/040

Packet Header Anomaly Detection Using Bayesian Topic Models

Xuefei Cao, Bo Chen, Hui Li, and Yulong Fu


A method of network intrusion detection is proposed based on Bayesian topic models. The method employs tcpdump packets and extracts multiple features from the packet headers. A topic model is trained using the normal traffic in order to learn feature patterns of the normal traffic. Then the test traffic is analyzed against the learned normal feature patterns to measure the extent to which the test traffic resembles the learned feature patterns. Since the feature patterns are learned using only the normal traffic, the test traffic is likely to be normal if its feature pattern resembles the learned feature patterns. An attack alarm is raised when the test traffic's resemblance to the learned feature patterns is lower than a threshold. Experiment shows that our method is efficient in attack detection. It answers the open question how to detect network intrusions using topic models.

Available format(s)
-- withdrawn --
Publication info
Preprint. MINOR revision.
intrusion detectionnetwork securitytopic modelDARPA99
Contact author(s)
xfcao @ xidian edu cn
2020-05-15: withdrawn
2016-01-17: received
See all versions
Short URL
Creative Commons Attribution
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.