This week I focused on doing parameterization for the sequence length for Stide and the window size for pH.
To test the parameterization of the sequence length for the anomaly detectors, four attacks were used including their preamble and exploit.
The four attacks used were FTP, Restore, Samba and Traceroute. However, because the data of the Traceroute attack was insignificant due to its short attack length, it has been removed from the analysis.
To generate the anomaly rate for the specified sequence length, the database was trained on the normal data using the current sequence length being tested, and then the anomaly rate for the preamble and exploit was recorded.
For each application attack, the sequence length was incremented by two. There were a total of 100 tests performed for each exploit and preamble, as the maximum sequence length that Stide allows is 198.
This research is sponsored by NSERC and the Canadian Distributed Mentorship Project.
/ Ending Area of Table //>
best viewed with Internet Explorer 7.0 or Mozilla Firefox 2.0