Skip to Main Content
A preliminary evaluation of a real-time packet-level anomaly detection approach for network intrusion detection in high-bandwidth network environments is presented. The approach characterizes network traffic using a novel technique that maps packet-level payloads onto a set of counters using bit-pattern hash functions. Machine learning is accomplished by mapping unlabelled training data onto a set of two-dimensional grids and forming a set of bitmaps that identify anomalous and normal regions. These bitmaps are used as the classifiers for real-time detection. Preliminary results using the DARPA intrusion detection evaluation data sets yield a 100% detection of all applicable attacks, with very low false positive rate. Furthermore, the approach is able to detect nearly all of the individual packets that comprised each attack.