Digital Library

cab1

 
Title:      UNSUPERVISED ANOMALY DETECTION SYSTEM FOR NIDS-S BASED ON PAYLOAD AND PROBABILISTIC SUFFIX TREES
Author(s):      Iñigo Perona , Olatz Arbelaitz , Ibai Gurrutxaga , José́ I. Martí́n , Javier Muguerza , Jesús M. Pérez
ISBN:      978-972-8924-97-3
Editors:      Hans Weghorn and Pedro Isaías
Year:      2009
Edition:      V I, 2
Keywords:      Network intrusion detection, outlier detection, payload, probabilistic suffix trees, clustering
Type:      Full Paper
First Page:      11
Last Page:      18
Language:      English
Cover:      cover          
Full Contents:      click to dowload Download
Paper Abstract:      Due to the popularity of computer networks, detection of network attacks is a critical aspect of the security of the companies. As a consequence, any complete security package includes a network Intrusion Detection System (nIDS). This work focuses on nIDSs which work by scanning the network traffic. We combined classifiers based on packet header information with a service-independent payload based approach based on Probabilistic Suffix Trees (PST) to increase detection rates in non-flood attacks. This option is efficient since there is not need of payload processing and besides it outperforms systems based on the ad hoc payload processing proposed in kddcup99, detecting efficiently most of the attack types. This leads us to conclude that payload analysis based on PST is an efficient manner, with no serviceor port-specific modeling, to detect attacks in network traffic.
   

Social Media Links

Search

Login