Proceedings Article10.1109/ICACC.2012.10
Two-Level Packet Inspection Using Sequential Differentiate Method
N. Kannaiya Raja,K. Arulanandam,B. Raja Rajeswari +2 more
- 09 Aug 2012
- pp 42-45
TL;DR: An efficient two-level IDS, which applies a statistical patterns approach and a Sequential Differentiate Method (SeqDM) for the detection of unauthorized packets is proposed, able to reduce the computational cost and integrates groups of patterns into an identical patterns.
read more
Abstract: Deep Packet Inspection is a vital task in network security applications such as Firewalls and Intrusion Detection Systems (IDS). Patterns based detectors used in Packet Inspection implement multi-pattern matching algorithms to check whether the packet payload have a specified patterns in a patterns set. Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network abnormalities, they need to check all the patterns to identify a suspicious abnormal in the worst case. This is time consuming. This paper proposes an efficient two-level IDS, which applies a statistical patterns approach and a Sequential Differentiate Method (SeqDM) for the detection of unauthorized packets. The two-level system converts high-faceted character space into a low-faceted character space. It is able to reduce the computational cost and integrates groups of patterns into an identical patterns. The integration of patterns reduces the cost involved for valid packet identification. The final decision is made on the integrated low-faceted character space. Finally, the proposed two-level system is evaluated using DARPA 1999 IDS dataset for the detection of unauthorized packets.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Proceedings Article
Intrusion Detection
Organizer: Roy A. Maxion,Speakers: Marc Dacier,Sami Saydjari +2 more
- 15 Jun 1999
TL;DR: The relationship between intrusion detection and fault tolerance is highlighted, drawing on the body of knowledge that has been developed within the traditional dependability community, and noting the opportunities for these two communities to work together to solve this important problem.
342
Evaluating Computer Intrusion Detection Systems: A Survey of Common Practices
TL;DR: This article defines a design space structured into three parts: workload, metrics, and measurement methodology, and provides an overview of the common practices in evaluation of intrusion detection systems by surveying evaluation approaches and methods related to each part of the design space.
210
•Book
Systems Benchmarking: For Scientists and Engineers
Klaus-Dieter Lange,Jóakim von Kistowski,Samuel Kounev +2 more
- 28 Aug 2020
34
A Novel Approach to Deep Packet Inspection for Intrusion Detection
Thaksen J. Parvat,Pravin Chandra +1 more
TL;DR: A new model to improve performance of deep packet inspection for Intrusion detection system is suggested and may support by a signatures or heuristics.
20
Evaluation of Intrusion Detection Systems in Virtualized Environments Using Attack Injection
Aleksandar Milenkoski,Bryan D. Payne,Nuno Antunes,Marco Vieira,Samuel Kounev,Alberto Avritzer,Matthias Luft +6 more
- 02 Nov 2015
TL;DR: In this article, a tool called hInjector is proposed to generate representative IDS evaluation workloads by injecting such attacks during regular operation of a virtualized environment, which enables for the first time the injection of attacks in virtualized environments for the purpose of generating representative I/O workloads.
16
References
An Intrusion-Detection Model
TL;DR: A model of a real-time intrusion-detection expert system capable of detecting break-ins, penetrations, and other forms of computer abuse is described, based on the hypothesis that security violations can be detected by monitoring a system's audit records for abnormal patterns of system usage.
Bro: a system for detecting network intruders in real-time
Vern Paxson,Vern Paxson +1 more
TL;DR: An overview of the Bro system's design, which emphasizes high-speed (FDDI-rate) monitoring, real-time notification, clear separation between mechanism and policy, and extensibility, is given.
2.7K
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Animesh Patcha,Jung-Min Park +1 more
TL;DR: This paper provides a comprehensive survey of anomaly detection systems and hybrid intrusion detection systems of the recent past and present and discusses recent technological trends in anomaly detection and identifies open problems and challenges in this area.
1.7K
•Proceedings Article
Intrusion Detection
Organizer: Roy A. Maxion,Speakers: Marc Dacier,Sami Saydjari +2 more
- 15 Jun 1999
TL;DR: The relationship between intrusion detection and fault tolerance is highlighted, drawing on the body of knowledge that has been developed within the traditional dependability community, and noting the opportunities for these two communities to work together to solve this important problem.
342
Related Papers (5)
Young H. Cho,William H. Mangione-Smith +1 more
- 13 Jun 2005
R. C. Sekar,Y. Guang,S. Verma,T. Shanbhag +3 more
- 01 Nov 1999
Victor C. Valgenti,Min Sik Kim +1 more
- 21 Mar 2011