By Topic

Anomaly detection system based on analysis of packet header and payload histograms

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Hareesh, I. ; Dept. of Comput. Sci. & Eng., Thiagarajar Coll. of Eng., Madurai, India ; Prasanna, S. ; Vijayalakshmi, M. ; Shalinie, S.M.

Now a day's computer networks are very popular, so network attacks are inevitable. As a consequence, any complete security package includes a network Intrusion Detection System (nIDS). This work focuses on nIDSs which work by scanning the network traffic. We have combined classifiers based on packet header information with classifiers based on payload distribution to increase detection rates in non-flood attacks. We have divided packet processing into two parts as header information processing and payload processing. In header information processing we select features from packet header and create model for normal behavior with histograms, then find out the deviation from created models and classify the network traffic. In payload processing we create models of normal payload by generating histograms of payload ASCII distribution and find deviation from created models and classify traffic. Our work differs from previous anomaly based detection techniques by creating histograms for both network header features and for payload of packet, so that our detection system identifies both flooding attacks and non flooding attacks efficiently.

Published in:

Recent Trends in Information Technology (ICRTIT), 2011 International Conference on

Date of Conference:

3-5 June 2011