Unsupervised Anomaly Detection System for nIDS-s based on payload and Probabilistic Suffix Trees

Perona Balda, Iñigo; Arbelaiz Gallego, Olatz; Gurrutxaga Goikoetxea, Ibai; Martín Aramburu, José Ignacio; Muguerza Rivero, Javier Francisco; Pérez de la Fuente, Jesús María

View/Open

Texto completo (752.5Kb)

Date

2009-11-19

Author

Perona Balda, Iñigo

Arbelaiz Gallego, Olatz

Gurrutxaga Goikoetxea, Ibai

Martín Aramburu, José Ignacio

Muguerza Rivero, Javier Francisco

Pérez de la Fuente, Jesús María

Metadata

Show full item record

Estadisticas en RECOLECTA
(LA Referencia)

IADIS International Conference Applied Computing 2009 : 11-18 (2009)

URI

http://hdl.handle.net/10810/71804

Abstract

Due to the popularity of computer networks, detection of network attacks is a critical aspect of the security of the companies. As a consequence, any complete security package includes a network Intrusion Detection System (nIDS). This work focuses on nIDSs which work by scanning the network traffic. We combined classifiers based on packet header information with a service-independent payload based approach based on Probabilistic Suffix Trees (PST) to increase detection rates in non-flood attacks. This option is efficient since there is not need of payload processing and besides it outperforms systems based on the ad hoc payload processing proposed in kddcup99, detecting efficiently most of the attack types. This leads us to conclude that payload analysis based on PST is an efficient manner, with no service- or port-specific modeling, to detect attacks in network traffic.

Collections

Comunicaciones