Title:
|
UNSUPERVISED ANOMALY DETECTION SYSTEM FOR NIDS-S BASED ON PAYLOAD AND PROBABILISTIC SUFFIX TREES |
Author(s):
|
Iñigo Perona , Olatz Arbelaitz , Ibai Gurrutxaga , José́ I. Martí́n , Javier Muguerza , Jesús M. Pérez |
ISBN:
|
978-972-8924-97-3 |
Editors:
|
Hans Weghorn and Pedro Isaías |
Year:
|
2009 |
Edition:
|
V I, 2 |
Keywords:
|
Network intrusion detection, outlier detection, payload, probabilistic suffix trees, clustering |
Type:
|
Full Paper |
First Page:
|
11 |
Last Page:
|
18 |
Language:
|
English |
Cover:
|
|
Full Contents:
|
click to dowload
|
Paper Abstract:
|
Due to the popularity of computer networks, detection of network attacks is a critical aspect of the security of the
companies. As a consequence, any complete security package includes a network Intrusion Detection System (nIDS).
This work focuses on nIDSs which work by scanning the network traffic. We combined classifiers based on packet
header information with a service-independent payload based approach based on Probabilistic Suffix Trees (PST) to
increase detection rates in non-flood attacks. This option is efficient since there is not need of payload processing and
besides it outperforms systems based on the ad hoc payload processing proposed in kddcup99, detecting efficiently most
of the attack types. This leads us to conclude that payload analysis based on PST is an efficient manner, with no serviceor
port-specific modeling, to detect attacks in network traffic. |
|
|
|
|