The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach
Proceedings of the 2001 workshop on New security paradigms
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Review Article: RePIDS: A multi tier Real-time Payload-based Intrusion Detection System
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
A number of Intrusion Detection Systems (IDS) research efforts have demonstrated that network-based attacks can be detected by modeling normal network packet payloads and watching for anomalies. In this paper, we explore a data mining technique based on Principal Component Analysis that can identify specific features within packet payloads that are highly representative of the network traffic, of their respective services. Apart from reducing the processing overhead through minimization of the feature space, the autonomous identification of such sub-groups of features can readily enable IDS's to develop classifiers that are more apt at separating normal traffic from anomalous traffic. We demonstrate the effectiveness of this techniques by generating feature sets from a collection of network traffic and applying them to the training and detection phases of a payload-based IDS. The results show that it is able to separate network attacks while maintaining low false positive rates. We also show that random sampling of less than 100% of the payload is possible and allows the IDS to combat attack obfuscation.