By Topic

Noise-Resistant Payload Anomaly Detection for Network Intrusion Detection Systems

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Sun-il Kim ; Dept. of Comput. Sci., Univ. of Alabama in Huntsville, Huntsville, AL ; Nwanze, N.

Anomaly-based intrusion detection systems are an essential part of a global security solution and effectively complement signature-based detection schemes. Its strength in detecting previously unknown and never seen attacks make it attractive, but it is more prone to higher false positives. In this paper, we present a simple payload based intrusion detection scheme that is resilient to contaminated traffic that may unintentionally be used during training. Our results show that, by adjusting the two tuning parameters used in our approach, the ability to detect attacks while maintaining low false positives is not hindered, even when 10% of the training traffic consists of attacks. Test results also show that our approach is not sensitive to changes in the parameters, and a wide range of values can be used to yield high per-packet detection rates (over 99.5%) while keeping false positives low (below 0.3%).

Published in:

Performance, Computing and Communications Conference, 2008. IPCCC 2008. IEEE International

Date of Conference:

7-9 Dec. 2008