Modeling Protocol Based Packet Header Anomaly Detector for Network and Host Intrusion Detection Systems

This paper describes an experimental protocol based packet header anomaly detector for Network and Host Intrusion Detection System modelling which analyses the behaviour of packet header field values based on its layer 2, 3 and 4 protocol fields of the ISO OSI Seven Layer Model for Networking. Our model which we call as Protocol based Packet Header Anomaly Detector (PbPHAD) Intrusion Detection System is designed to detect the anomalous behaviour of network traffic packets based on three specific network and transport layer protocols namely UDP, TCP and ICMP to identify the degree of maliciousness from a set of detected anomalous packets identified from the sum of statistically modelled individually rated anomalous field values.

[1]  Richard Lippmann,et al.  Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[2]  Sushil Jajodia,et al.  ADAM: Detecting Intrusions by Data Mining , 2001 .

[3]  Pieter H. Hartel,et al.  POSEIDON: a 2-tier anomaly-based network intrusion detection system , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[4]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[5]  Ian Witten,et al.  Data Mining , 2000 .

[6]  Yew-Soon Ong,et al.  Advances in Natural Computation, First International Conference, ICNC 2005, Changsha, China, August 27-29, 2005, Proceedings, Part I , 2005, ICNC.

[7]  Gerald A. Marin,et al.  Modeling networking protocols to test intrusion detection systems , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[8]  Jaideep Srivastava,et al.  Detection of Novel Network Attacks Using Data Mining , 2003 .

[9]  Frank van Vliet Turnover Poseidon : Incremental Learning in Clustering Methods for Anomaly based Intrusion Detection , 2006 .

[10]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[11]  Pieter H. Hartel,et al.  Poseidon: a 2-tier Anomaly-based Intrusion Detection System , 2005, ArXiv.

[12]  Houkuan Huang,et al.  Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection , 2005, ICNC.

[13]  Philip K. Chan,et al.  PHAD: packet header anomaly detection for identifying hostile network traffic , 2001 .

[14]  JaeWon Kang,et al.  Dynamic Bandwidth Adaptation Using Mobile IP in Hybrid Cellular Networks , 2004, ICOIN.

[15]  Philip K. Chan,et al.  Learning rules for anomaly detection of hostile network traffic , 2003, Third IEEE International Conference on Data Mining.