Anomaly detection method using network pattern analysis of process

Abstract

The only solution against zero day attack is the anomaly based detection independent of specific signatures. The basic mechanism in the anomaly detection approach is establishing a profile to describe the “normal” situation of a network or machine. If this profile was accurate enough, all attacks should be detected because they are “abnormal” to the profile. Until now, there has no effective method to construct such a perfect profile. Also, the biggest problem is the dilemma between detection rate and false positive. Therefore, in this paper, we present a new solution to reduce false positive by network pattern analysis of process.