Extending of IDS for detecting abnormal intrusion traffic simulations based on SSFNet

The cyber attacks become more and more complex and variable. So, common type of Intrusion Detection System (IDS) which uses Rule Based matching process is hard to detect such malicious traffics. We propose more intelligent IDS system. Our system can detect dynamic abnormal traffics without the exact detection rules. This paper proposes an IDS which have rule based matching features and ability of detecting some unpredictable malicious traffic by itself. We implement this IDS based on SSFNet simulation framework. Performing various types of simulations for network intrusion, the implemented IDS on the simulation show that it plays the same property as that of actual networks.

[1]  Seung-Kyu Park,et al.  Network intrusion and defense simulation framework based on SSFNet , 2004, The 6th International Conference on Advanced Communication Technology, 2004..

[2]  Alfonso Valdes,et al.  Next-generation Intrusion Detection Expert System (NIDES)A Summary , 1997 .

[3]  Dorothy E. Denning,et al.  Information Warfare And Security , 1998 .

[4]  Seung Kyu Park,et al.  Network intrusion model for analyzing intrusion patterns , 2004, The 6th International Conference on Advanced Communication Technology, 2004..

[5]  Salim Hariri,et al.  Abnormality metrics to detect and protect against network attacks , 2004, The IEEE/ACS International Conference onPervasive Services, 2004. ICPS 2004. Proceedings..

[6]  Alfonso Valdes Detecting novel scans through pattern anomaly detection , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[7]  Donald Welch,et al.  A Framework for an Information Warfare Simulation , 2001 .