Two-Level Packet Inspection Using Sequential Differentiate Method

Deep Packet Inspection is a vital task in network security applications such as Firewalls and Intrusion Detection Systems (IDS). Patterns based detectors used in Packet Inspection implement multi-pattern matching algorithms to check whether the packet payload have a specified patterns in a patterns set. Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network abnormalities, they need to check all the patterns to identify a suspicious abnormal in the worst case. This is time consuming. This paper proposes an efficient two-level IDS, which applies a statistical patterns approach and a Sequential Differentiate Method (SeqDM) for the detection of unauthorized packets. The two-level system converts high-faceted character space into a low-faceted character space. It is able to reduce the computational cost and integrates groups of patterns into an identical patterns. The integration of patterns reduces the cost involved for valid packet identification. The final decision is made on the integrated low-faceted character space. Finally, the proposed two-level system is evaluated using DARPA 1999 IDS dataset for the detection of unauthorized packets.

[1]  Jeng-Shyang Pan,et al.  Detection of Network Attack and Intrusion Using PCA-ICA , 2008, 2008 3rd International Conference on Innovative Computing Information and Control.

[2]  Jizhou Sun,et al.  A parallel scheme for IDS , 2003, Proceedings of the 2003 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.03EX693).

[3]  Hassen Sallay,et al.  A scalable distributed IDS Architecture for High speed Networks , 2009 .

[4]  Patrick Crowley,et al.  Design of a scalable network programming framework , 2008, ANCS '08.

[5]  Xiangjian He,et al.  Intrusion detection using GSAD model for HTTP traffic on web services , 2010, IWCMC.

[6]  Rebecca Gurley Bace,et al.  Intrusion Detection , 2018, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[7]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[8]  Marc Dacier,et al.  Intrusion detection , 1999, Comput. Networks.

[9]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[10]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[11]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[12]  Xiangjian He,et al.  Network Intrusion Detection based on LDA for payload feature selection , 2010, 2010 IEEE Globecom Workshops.

[13]  James Kay Viruses: Low volume viruses: new tools for criminals , 2005 .

[14]  Nnamdi Nwanze,et al.  Detection of anomalous network packets using lightweight stateless payload inspection , 2008, 2008 33rd IEEE Conference on Local Computer Networks (LCN).

[15]  Matthew V. Mahoney,et al.  Network traffic anomaly detection based on packet bytes , 2003, SAC '03.

[16]  Christopher Krügel,et al.  Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[17]  Moses Garuba,et al.  Intrusion Techniques: Comparative Study of Network Intrusion Detection Systems , 2008, Fifth International Conference on Information Technology: New Generations (itng 2008).

[18]  Dhabaleswar K. Panda,et al.  Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems , 2008, ANCS 2008.