Detecting attack signatures in the real network traffic with ANNIDA

Authors:
Lília de Sá Silva;Adriana C. Ferrari dos Santos;Thiago Dias Mancilha;José Demísio Simíes da Silva;Antonio Montes
Affiliations:
Instituto Nacional de Pesquisas Espaciais (INPE), Av. dos Astronautas, 1758, P.O. Box 515, Jardim da Granja, São José dos Campos, São Paulo 12227-010, Brazil;Instituto Nacional de Pesquisas Espaciais (INPE), Av. dos Astronautas, 1758, P.O. Box 515, Jardim da Granja, São José dos Campos, São Paulo 12227-010, Brazil;Instituto Nacional de Pesquisas Espaciais (INPE), Av. dos Astronautas, 1758, P.O. Box 515, Jardim da Granja, São José dos Campos, São Paulo 12227-010, Brazil;Instituto Nacional de Pesquisas Espaciais (INPE), Av. dos Astronautas, 1758, P.O. Box 515, Jardim da Granja, São José dos Campos, São Paulo 12227-010, Brazil;Centro de Pesquisas Renato Archer (CenPRA), Campinas, São Paulo, Brazil
Venue:
Expert Systems with Applications: An International Journal
Year:
2008

Citing 3
Cited 2

Improving intrusion detection performance using keyword selection and neural networks

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Hamming Net and LVQ Neural Networks for Classification of Computer Network Attacks: A Comparative Analysis

SBRN '06 Proceedings of the Ninth Brazilian Symposium on Neural Networks
Computational intelligence for network intrusion detection: recent contributions

CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part I

An adaptive genetic-based signature learning system for intrusion detection

Expert Systems with Applications: An International Journal
A new approach to intrusion detection using Artificial Neural Networks and fuzzy clustering

Expert Systems with Applications: An International Journal

Quantified Score

Hi-index	12.05

Visualization

Abstract

In this paper, an improved version of ANNIDA for detecting attack signatures in the payload of network packets is presented. The Hamming Net artificial neural network methodology was used with good results. A review of the application's development is followed by a summary of the modifications made in the application in order to classify real data. Application improvements are reported, solving the problems of time delays in writing/reading data in the files and data collision effects when generating numeric keys used to model data for the neural network. Test results highlight the increased accuracy and efficiency of the new application when submitted to real data from HTTP network traffic containing actual traces of attacks and legitimate data. Finally, an evaluation of the application to detect signatures in real network traffic data is presented.