Securing WAN Environment against Intrusion using Behavior Based Mechanism

Intrusion Detection System (IDS) has been used as a vital instrument in defending the network from this malicious activity. With the ability to analyze network traffic and recognize incoming and on- going network attack, majority of network administrator has turn to IDS to help them in detecting anomalies in network traffic. The gathering of information and analysis on the anomalies activity can be classified into fast and slow attack. Since fast attack activity make a connection in few second and uses a large amount of packet, detecting this early connection provide the administrator one step ahead in deflecting further damages towards the network infrastructure. This paper describes IDS that detects fast attack intrusion using time based detection method. The time based detection method calculates the statistic of the frequency event which occurs between one second time intervals for each connection made to a host thus providing the crucial information in detecting fast attack. Key word: IDS, Network, UDP flood, ICMP flood, SYN flood, DoS and DDoS, Trojan & Worms.

[1]  Karl N. Levitt Intrusion detection: current capabilities and future directions , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[2]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[3]  B. Ravichandran,et al.  Statistical traffic modeling for network intrusion detection , 2000, Proceedings 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.PR00728).

[4]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[5]  Haitao Sun,et al.  HTTP tunnel Trojan detection based on network behavior , 2011 .

[6]  Wenke Lee,et al.  A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems , 1999 .

[7]  Salvatore J. Stolfo,et al.  Surveillance detection in high bandwidth environments , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[8]  Moses Garuba,et al.  Intrusion Techniques: Comparative Study of Network Intrusion Detection Systems , 2008, Fifth International Conference on Information Technology: New Generations (itng 2008).

[9]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10]  Y. Wang,et al.  Model of Network Intrusion Detection System based on BP Algorithm , 2006, 2006 1ST IEEE Conference on Industrial Electronics and Applications.

[11]  P. Moemeng,et al.  Network Traffic Classification Using Dynamic State Classifier , 2005, 2005 IEEE Aerospace Conference.

[12]  Mohamed Ben Ahmed,et al.  A Framework for an Adaptive Intrusion Detection System using Bayesian Network , 2007, 2007 IEEE Intelligence and Security Informatics.

[13]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[14]  Kevin Borders,et al.  Web tap: detecting covert web traffic , 2004, CCS '04.