IACR News item: 17 January 2016
Xuefei Cao, Bo Chen, Lanjun Dang, Hui Li
ePrint Report
A method of network intrusion detection is proposed
based on Bayesian topic models. The method employs tcpdump packets and
extracts multiple features from the packet headers. A topic model is
trained using the normal traffic in order to learn feature
patterns of the normal traffic. Then the test traffic is analyzed against the learned normal feature
patterns to measure the extent to which the test traffic resembles
the learned feature patterns. Since the feature patterns are learned using only the normal traffic, the test traffic
is likely to be normal if its feature pattern resembles the learned feature patterns.
An attack alarm is raised when the test traffic's
resemblance to the learned feature patterns is lower than a threshold. Experiment shows that our
method is efficient in attack detection. It answers the open
question how to detect network intrusions using topic models.
Additional news items may be found on the IACR news page.