By Topic

Packet- vs. session-based modeling for intrusion detection systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Caulkins, B.D. ; Dept. of Modeling & Simulation, Central Florida Univ., Orlando, FL, USA ; Lee, J. ; Wang, M.

In today's interconnected networks, intrusion detection systems (IDSs), encryption devices, firewalls and other hardware and software solutions are critical in providing complete security solutions for corporations and government agencies. Many IDS variants exist which allow security personnel to identify attack network packets primarily through the use of signature detection where the IDS "recognizes" attack packets due to their well-known signatures as those packets cross the network's gateway threshold. However, anomaly-based ID systems identify normal traffic within a network and report abnormal behavior. We report the findings of our research in the area of anomaly-based intrusion detection systems using data-mining techniques to create a decision tree model of our network using the 1999 DARPA intrusion detection evaluation data set. After the model was created, we gathered data from our local campus network and scored the new data through the model using both packet-based and session-based modeling and compare the results.

Published in:

Information Technology: Coding and Computing, 2005. ITCC 2005. International Conference on  (Volume:1 )

Date of Conference:

4-6 April 2005