JSM 2005 - Toronto

Abstract #303684

This is the preliminary program for the 2005 Joint Statistical Meetings in Minneapolis, Minnesota. Currently included in this program is the "technical" program, schedule of invited, topic contributed, regular contributed and poster sessions; Continuing Education courses (August 7-10, 2005); and Committee and Business Meetings. This on-line program will be updated frequently to reflect the most current revisions.

To View the Program:
You may choose to view all activities of the program or just parts of it at any one time. All activities are arranged by date and time.



The views expressed here are those of the individual authors
and not necessarily those of the ASA or its board, officers, or staff.

The Program has labeled the meeting rooms with "letters" preceding the name of the room, designating in which facility the room is located:

Minneapolis Convention Center = “MCC” Hilton Minneapolis Hotel = “H” Hyatt Regency Minneapolis = “HY”

Back to main JSM 2005 Program page
Legend: = Applied Session, = Theme Session, = Presenter
Activity Number: 440
Type: Topic Contributed
Date/Time: Wednesday, August 10, 2005 : 2:00 PM to 3:50 PM
Sponsor: Section on Statisticians in Defense and National Security
Abstract - #303684
Title: A Nonparametric Multichart CUSUM Test for Rapid Intrusion Detection
Author(s): Alexander G. Tartakovsky*+ and Boris Rozovskii
Companies: University of Southern California and University of Southern California
Address: 3620 S. Vermont Avenue, Los Angeles, CA, 90089-2532, USA
Keywords: Change Point Detection ; Multichart CUSUM tests ; Computer Intrusion Detection ; Denial of Service Attacks
Abstract:

In this paper, we propose an efficient sequential nonparametric multichart (multichannel) CUSUM-type detection test for detecting changes in multichannel sensor systems. While there is a wide spectrum of applications where it is necessary to consider multichannel generalizations and general statistical models in change-point detection problems, the study in this paper is motivated by network security. Many kinds of intrusions in computer networks lead to abrupt changes in network traffic. These changes have to be detected as rapidly as possible while maintaining a false alarm rate at a low level. Computer intrusion detection encourages the development of a nonparametric, multichannel, change-point detection test that does not use exact legitimate (prechange) and attack (postchange) traffic models. The proposed nonparametric detection procedure can be applied effectively to detect a variety of attacks, such as external denial of service attacks, worm-based attacks, port scanning, and insider man-in-the-middle attacks. We present theoretical frameworks for the asymptotic performance analysis of the detection procedure and results of experiments for real flooding attack traces.

  • The address information is for the authors that have a + after their name.
  • Authors who are presenting talks have a * after their name.

Back to the full JSM 2005 program

JSM 2005 For information, contact jsm@amstat.org or phone (888) 231-3473. If you have questions about the Continuing Education program, please contact the Education Department.
Revised March 2005