Paper 2016/040

Packet Header Anomaly Detection Using Bayesian Topic Models

Xuefei Cao, Bo Chen, Hui Li, and Yulong Fu

Abstract

A method of network intrusion detection is proposed based on Bayesian topic models. The method employs tcpdump packets and extracts multiple features from the packet headers. A topic model is trained using the normal traffic in order to learn feature patterns of the normal traffic. Then the test traffic is analyzed against the learned normal feature patterns to measure the extent to which the test traffic resembles the learned feature patterns. Since the feature patterns are learned using only the normal traffic, the test traffic is likely to be normal if its feature pattern resembles the learned feature patterns. An attack alarm is raised when the test traffic's resemblance to the learned feature patterns is lower than a threshold. Experiment shows that our method is efficient in attack detection. It answers the open question how to detect network intrusions using topic models.

Metadata
Available format(s)
-- withdrawn --
Category
Applications
Publication info
Preprint. MINOR revision.
Keywords
intrusion detectionnetwork securitytopic modelDARPA99
Contact author(s)
xfcao @ xidian edu cn
History
2020-05-15: withdrawn
2016-01-17: received
See all versions
Short URL
https://ia.cr/2016/040
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.