Unsupervised Anomaly Detection System for nIDS-s based on payload and Probabilistic Suffix Trees
View/ Open
Date
2009-11-19Author
Perona Balda, Iñigo
Arbelaiz Gallego, Olatz
Muguerza Rivero, Javier Francisco
Metadata
Show full item record
IADIS International Conference Applied Computing 2009 : 11-18 (2009)
Abstract
Due to the popularity of computer networks, detection of network attacks is a critical aspect of the security of the companies. As a consequence, any complete security package includes a network Intrusion Detection System (nIDS). This work focuses on nIDSs which work by scanning the network traffic. We combined classifiers based on packet header information with a service-independent payload based approach based on Probabilistic Suffix Trees (PST) to increase detection rates in non-flood attacks. This option is efficient since there is not need of payload processing and besides it outperforms systems based on the ad hoc payload processing proposed in kddcup99, detecting efficiently most of the attack types. This leads us to conclude that payload analysis based on PST is an efficient manner, with no service- or port-specific modeling, to detect attacks in network traffic.