In this note, we consider the problem of detecting network portscans through the use of anomaly detection. First, we introduce some static tests for analyzing traffic rates. Then, we make use of two dynamic chi-square tests to detect anomalous packets. Further, we model network traffic as a marked point process and introduce a general portscan model. Simulation results for correct detects and false alarms are presented using this portscan model and the statistical tests.
Nonlinear filtering is an important and effective tool for handling
estimation of signals when observations are incomplete, distorted, and
corrupted. Quite often in real world applications, the signals to be estimated contain unknown parameters which need to be determined.
Herein, we develop and analyze non-recursive and recursive methods, which can deal with combined state and parameter estimation for nonlinear partially-observed stochastic systems. For the non-recursive
method, we obtain the unknown parameters through solving a system of non-singular finite order linear equations. For the recursive method, we generalize the least squares method and develop a particle prediction error identification algorithm so that it can be applied to general nonlinear stochastic systems. We use the branching particle filter to do the signal state estimation and implement simulations for both methods.