ISP anomaly detection for home users
REU Project 2004
Problem Statement

Similar to a credit card company watching for suspect transactions, we consider an anomaly detection system for home users. In this project, students will develop a mechanism which allows an ISP to evaluate consumer usage patterns and identify deviations from these patterns to detect possible hostile activity. Theses basic patterns should include layer 4 information, direction of traffic flows, and time of day usage patterns. Students are required to have programming knowledge in any object-oriented language.

Background Information The participants need to be familar with intrusion detection systems, in particular anomaly detection and network programming. Study the following materials:

Intrusion Detection and anomaly detection

Network Programming Possible Approach
  1. Develop a Java program that will build a dynamic database of consumer usage patterns
  2. Develop a Java program that will identify deviations from the consumer usage patterns in order to detect hostile activities.
  3. Develop test data for simulation
Expected Outcomes
  1. Understanding of intrusion detection systems and anomaly detection
  2. Write a survey of intrusion detection systems, describing the different types
  3. Develop Java programs that will build the dynamic database of consumer usage patterns and identify deviations in order to detect hostile activities
  4. Simulate activity on an ISP to determine hostile activities
  5. Write a project report including the programs and results of the simulation
Tentative Timetable

Tentative schedule for Summer 2004 (May 24 -July 30) is as follows:

Week Day Activity Project
1 Monday Breakfast, Faculty introduction, Welcome meeting
Campus and facility tours
Library resources
Survey Literature
  Tuesday-Friday Introduction to computer networks (training session) "
Friday night Welcome party at CS department
2 Monday Project adjustment Design solution
Tuesday-Friday Students work on projects
Research seminar
Mentor-student meetings (at least twice per week)
"
  Saturday Field trip 1  
3-5 Monday-Friday Students work on projects
Mentor-student meetings (at least twice per week)
Code prototype
6 Monday Mid-semester reports by students; Assessment 1 preliminary testing
Tuesday-Thursday Students work on projects
Research seminar
Mentor-student meetings (at least twice per week)
"
  Saturday Field trip 2
7-9 Monday-Friday Students work on projects
Mentor-student meetings (at least twice per week)
Coding and debugging
10 Monday-Thursday Mentor-student meetings (at least twice per week)
Research seminar
"
Friday Final reports /seminars; Assessment 2
  Friday night Farewell party at CS department

 

Facilities Required
  1. PC for coding (either Java or C++)
  2. secure lab for testing