Sidney C. Smith, R. Hammell, Travis W. Parker, L. Marvel
{"title":"丢包对网络入侵检测影响的理论探讨","authors":"Sidney C. Smith, R. Hammell, Travis W. Parker, L. Marvel","doi":"10.1109/SNPD.2014.6888699","DOIUrl":null,"url":null,"abstract":"In this paper we review the problem of packet loss as it pertains to Network Intrusion Detection, seeking to answer two fundamental research questions which are stepping stones towards building a model that can be used to predict the rate of alert loss based upon the rate of packet loss. The first question deals with how the packet loss rate affects the sensor alert rate, and the second considers how the network traffic composition affects the results of the first question. Potential places where packet loss may occur are examined by dividing the problem into network, host, and sensor based packets loss. We posit theories about how packet loss may present itself and develop the Packet Dropper that induces packet loss into a dataset. Drop rates ranging from 0% to 100% are applied to four different data sets and the resulting abridged data sets are analyzed with Snort to collect alert loss rate. Conclusions are drawn about the importance of the distribution of packet loss and the effect of the network traffic composition.","PeriodicalId":272932,"journal":{"name":"15th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","volume":"2014 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"A theoretical exploration of the impact of packet loss on network intrusion detection\",\"authors\":\"Sidney C. Smith, R. Hammell, Travis W. Parker, L. Marvel\",\"doi\":\"10.1109/SNPD.2014.6888699\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we review the problem of packet loss as it pertains to Network Intrusion Detection, seeking to answer two fundamental research questions which are stepping stones towards building a model that can be used to predict the rate of alert loss based upon the rate of packet loss. The first question deals with how the packet loss rate affects the sensor alert rate, and the second considers how the network traffic composition affects the results of the first question. Potential places where packet loss may occur are examined by dividing the problem into network, host, and sensor based packets loss. We posit theories about how packet loss may present itself and develop the Packet Dropper that induces packet loss into a dataset. Drop rates ranging from 0% to 100% are applied to four different data sets and the resulting abridged data sets are analyzed with Snort to collect alert loss rate. Conclusions are drawn about the importance of the distribution of packet loss and the effect of the network traffic composition.\",\"PeriodicalId\":272932,\"journal\":{\"name\":\"15th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)\",\"volume\":\"2014 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"15th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SNPD.2014.6888699\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"15th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD.2014.6888699","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A theoretical exploration of the impact of packet loss on network intrusion detection
In this paper we review the problem of packet loss as it pertains to Network Intrusion Detection, seeking to answer two fundamental research questions which are stepping stones towards building a model that can be used to predict the rate of alert loss based upon the rate of packet loss. The first question deals with how the packet loss rate affects the sensor alert rate, and the second considers how the network traffic composition affects the results of the first question. Potential places where packet loss may occur are examined by dividing the problem into network, host, and sensor based packets loss. We posit theories about how packet loss may present itself and develop the Packet Dropper that induces packet loss into a dataset. Drop rates ranging from 0% to 100% are applied to four different data sets and the resulting abridged data sets are analyzed with Snort to collect alert loss rate. Conclusions are drawn about the importance of the distribution of packet loss and the effect of the network traffic composition.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
