Tech Reports

ULCS-16-002

Temporal Data Streams for Anomaly Intrusion Detection (Extended Version)

Abdulbasit Ahmed, Alexei Lisitsa, Clare Dixon

Abstract

Intrusion detection systems (IDS) aim to protect computer systems against attacks. The detection methods employed in anomaly-based IDS are based, in particular, on monitoring networks for patterns of activity that differ from normal behaviour. Issues to be addressed with anomaly-based systems include deciding and representing what constitutes normal behaviour as well as being able to detect deviations from this efficiently in high speed networks. Here we describe an approach to anomaly-based intrusion detection utilising temporal logic and stream data processing. Temporal logic is used to specify the normality conditions which, after translation into data stream queries, are efficiently executed on streams of network packets. The proposed approach allows the concise representation of patterns of normal behaviour, possibly involving multiple steps, as well as being able to detect their violations over a high volume of data in high speed networks.

[Full Paper]

For each technical report listed here, copyright and all intellectual property rights remain with the respective authors. Copyright is effective from the year of publication in each case. By downloading a file from this page, you agree to use it only for purposes of research and scholarship. Any other use of this material or storage of it in any medium or its sale or distribution in any form is expressly forbidden without prior written permission from the authors concerned.

Why choose Liverpool?
It’s an important question. And there are thousands of answers.

Study with Liverpool

Find a course

Search courses

Select type

Our courses

About studying with us

Research with real world impact

Our research

Research

Postgraduate Research

Research and business collaboration

Advancing knowledge to transform lives

About us

Our story

Key information

Our locations

Search