By Topic

Real-time identification of anomalous packet payloads for network intrusion detection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Nwanze, N. ; Dept. of Electr. & Comput. Eng., State Univ. of New York, Binghamton, NY, USA ; Summerville, D.H. ; Skormin, V.A.

A preliminary evaluation of a real-time packet-level anomaly detection approach for network intrusion detection in high-bandwidth network environments is presented. The approach characterizes network traffic using a novel technique that maps packet-level payloads onto a set of counters using bit-pattern hash functions. Machine learning is accomplished by mapping unlabelled training data onto a set of two-dimensional grids and forming a set of bitmaps that identify anomalous and normal regions. These bitmaps are used as the classifiers for real-time detection. Preliminary results using the DARPA intrusion detection evaluation data sets yield a 100% detection of all applicable attacks, with very low false positive rate. Furthermore, the approach is able to detect nearly all of the individual packets that comprised each attack.

Published in:

Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC

Date of Conference:

15-17 June 2005