Network intrusion detection using an innovative statistical approach
暂无分享,去创建一个
In today's e-commerce world computer security is needed more than ever before. Attacks on computer networks are a serious problem. The constant increase of attacks against networks and their resources creates a necessity to protect these valuable assets. Because most deployed computer systems are vulnerable to attack, intrusion detection (ID) is a rapidly growing field. Intrusion detection is an active area of research and an important technology for the business sector.
Intrusion detection (ID) is the process of identifying that an intrusion has been attempted, is occurring, or has occurred. In other words, detecting unauthorized access to a computer network. In general, IDS are categorized into Network intrusion detection and Host-based intrusion detection. Network intrusion detection monitors packets of information exchanged between network traffic whereas Host-based intrusion detection examine what files were accessed and what applications were executed.
Intrusion Detection Systems (IDS) collect information from a variety of systems and network sources, and then analyze the information for signs of intrusion and misuse. IDS also analyze discrete, time ordered events for patterns of misuse, which includes event logs, operating system audit trails, and network packet analysis [1].
There are two major Intrusion Detection architectures: Signature-Based Detection and Anomaly-Based Detection. Signature-Based Detection relies on comparison of traffic to a database containing signatures of known attack methods. Anomaly-Based Detection compares current network traffic to a known-good baseline to look for anything out of the ordinary.
In this research we will focus on Network Intrusion Detection using Anomaly-Based detection. A Logistic Regression model was build by looking at the TCP/IP packet headers anomalies to predict if an intrusion is occurring (1) or not (0).
The outcome of this research is validated through a Receiver Operating Characteristic (ROC) Curve. The ROC plots the percentage of attacks detected against the percentage of false alarms.
The outcome of the approach illustrated in this dissertation accomplishes the research objectives of generating an accurate prediction model that precisely predicts the number of intrusions, and achieving output of maximum true positives and minimum false positives (false alarms).