{"title":"Real-time identification of anomalous packet payloads for network intrusion detection","authors":"N. Nwanze, D. Summerville, V. Skormin","doi":"10.1109/IAW.2005.1495995","DOIUrl":null,"url":null,"abstract":"A preliminary evaluation of a real-time packet-level anomaly detection approach for network intrusion detection in high-bandwidth network environments is presented. The approach characterizes network traffic using a novel technique that maps packet-level payloads onto a set of counters using bit-pattern hash functions. Machine learning is accomplished by mapping unlabelled training data onto a set of two-dimensional grids and forming a set of bitmaps that identify anomalous and normal regions. These bitmaps are used as the classifiers for real-time detection. Preliminary results using the DARPA intrusion detection evaluation data sets yield a 100% detection of all applicable attacks, with very low false positive rate. Furthermore, the approach is able to detect nearly all of the individual packets that comprised each attack.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495995","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
A preliminary evaluation of a real-time packet-level anomaly detection approach for network intrusion detection in high-bandwidth network environments is presented. The approach characterizes network traffic using a novel technique that maps packet-level payloads onto a set of counters using bit-pattern hash functions. Machine learning is accomplished by mapping unlabelled training data onto a set of two-dimensional grids and forming a set of bitmaps that identify anomalous and normal regions. These bitmaps are used as the classifiers for real-time detection. Preliminary results using the DARPA intrusion detection evaluation data sets yield a 100% detection of all applicable attacks, with very low false positive rate. Furthermore, the approach is able to detect nearly all of the individual packets that comprised each attack.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
