Hello,
No .. you understood me correctly. I am researching it at the moment as only a enthusiast but am thinking about trying to create a small little app that could do network anomaly detection on a small network.
From what I have gathered (which is not much at the moment) network anomaly detection has only really been tested and used in large scale academic networks.
Some papers describe that it has been tested / used on Internet backbones and other large networks and involve monitoring internet traffic.
Most of them tend to agree thought Network Anomaly Detection can not work for a few reasons.
1. By statistically studying the network traffic of any given network it can be noted that there is to much variation to statistically monitor the network.
2. In order to provide a bases for the analyzes you would need to train the anomaly detector on a clean network. This could be a problem.
The last point, it seems so far that most of the documentation I have found is based on using anomaly detection as part of a IDS. Which generates false alarms because not ever anomaly is an attack.
This is why I think it would be possible to create anomaly detector which does only that. Graph and find anomalies (changes) in the network.
So I was curious if any one has had any experience with this before. Insight or documentation would be a great help.
Michael.
Niels Voll wrote:
isn't network anomaly detection typically something, which can only be done on rather large networks? In addition, wouldn't one need management access (at least monitoring) to not only servers but especially to large numbers of routing devices (or have NIDS devices listening on a ton of network segments?).
Or did I misunderstand what you meant by anomaly detection? In what context are you researching (e.g. academic, enthusiast, small business, enterprise, ISP, govt)?
...Niels
Michael Gale wrote:
I'll take the lack of responses a no.
Thanks anyways.
Michael.
Michael Gale wrote:
Hello,
I am fairly new to the list :)
Does any one here have experience with a NIDS (Network Intrusion Detection System) that uses a form of network anomaly detection ? or has any one here used any commercial software that does or claims to do network anomaly detection ?
The reason I am asking is I am trying to research the current topic and have found a lot of view pro and against the method.
I am looking at network anomaly detection for the purpose of only alerting as to what has changed on the network and not as a security measure.
Thanks.
Michael.
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
