Network Traffic Anomaly Detection Using Tcp Header Information
نویسندگان
چکیده
Fast and efficient intrusion detection systems are required by bulkier networks these days. Our project, which is a rule-based intrusion detection system based on the idea of NATE ([9, 10]), uses simple TCP header information to detect new TCP anomalies. We use a different clustering strategy and a more stringent dissimilarity calculation, and get better results by performing an empirical comparison with NATE using MIT DARPA data ([4]). We also investigate the influence by a different sampling strategy.
منابع مشابه
Modelling Anomaly Based Network Intrusion Detection System Using Packet Header Protocols
This paper describes an experimental anomaly based Network Intrusion Detection System modelling which analyses the behaviour of packet header field values based on its layer 2, 3 and 4 protocol fields of The ISO OSI Seven Layer Model for Networking. Our model which we call as Protocol based Packet Header Anomaly Detection (PbPHAD) is designed to detect the anomalous behaviour of network traffic...
متن کاملModeling Protocol Based Packet Header Anomaly Detector for Network and Host Intrusion Detection Systems
This paper describes an experimental protocol based packet header anomaly detector for Network and Host Intrusion Detection System modelling which analyses the behaviour of packet header field values based on its layer 2, 3 and 4 protocol fields of the ISO OSI Seven Layer Model for Networking. Our model which we call as Protocol based Packet Header Anomaly Detector (PbPHAD) Intrusion Detection ...
متن کاملApplying Knowledge Discovery in Database Techniques in Modeling Packet Header Anomaly Intrusion Detection Systems
This paper describes packet header anomaly intrusion detection system modeling. The essence of the discussion in this paper is on applying knowledge discovery in database technique to produce expert production rules which is one of the main components of our model which we call as Protocol based Packet Header Anomaly Detector (PbPHAD) Intrusion Detection System. PbPHAD is designed to detect the...
متن کاملPHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic
We describe an experimental packet header anomaly detector (PHAD) that learns the normal range of values for 33 fields of the Ethernet, IP, TCP, UDP, and ICMP protocols. On the 1999 DARPA off-line intrusion detection evaluation data set (Lippmann et al. 2000), PHAD detects 72 of 201 instances (29 of 59 types) of attacks, including all but 3 types that exploit the protocols examined, at a rate o...
متن کاملBoundary Detection in Tokenizing Network Application Payload for Anomaly Detection
Most of the current anomaly detection methods for network traffic rely on the packet header for studying network traffic behavior. We believe that significant information lies in the payload of the packet and hence it is important to model the payload as well. Since many protocols exist and new protocols are frequently introduced, parsing the payload based on the protocol specification is time-...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006