| Rapid response, minimal false alarm rate, and the capability to detect a wide spectrum of attacks are the crucial features of intrusion detection systems. Once the set of observables is decided upon, sequential change-point detection algorithms can be used to minimize the detection delay for a given maximum false alarm rate. In this thesis, based on the advanced change-point detection methods, we propose an efficient anomaly detection system that detects denial-of-service attacks with minimal detection delay for a given false alarm rate.; The sequential detection algorithm is nonparametric and utilizes thresholding of a test statistic to achieve a fixed rate of false positives. The proposed constant false alarm rate detector is self-learning and adapts to various network loads and usage patterns. The results of the theoretical and experimental studies are also presented. |
