Title :
Effectiveness of Hierarchical Heavy Hitter Identification for Intrusion Detection
Author :
Uppal, Saba Pervez ; Butt, Sara Tahir ; Karim, Asim
Author_Institution :
Dept. of Comput. Sci., Lahore Univ. of Manage. Sci., Lahore
Abstract :
Network traffics volume is employed extensively for monitoring and identification of traffic patterns. A straight forward approach that maintains the volume for all flows and their aggregations is computationally intractable for today´s high speed networks. Recently, the online hierarchical heavy hitter algorithm has been proposed for efficient change detection in network streams. We implement the hierarchical heavy hitter identification into an intrusion detection system and evaluate its effectiveness using the DARPA intrusion detection evaluation data sets. Our results show that this approach can be particularly valuable for detecting denial of service attacks and port sweeps. We explore the strengths and weakness of the approach for various attack types.
Keywords :
security of data; telecommunication security; telecommunication traffic; DARPA; denial of service attacks; intrusion detection; network traffics; online hierarchical heavy hitter identification; port sweeps; traffic pattern identification; traffic pattern monitoring; Business communication; Change detection algorithms; Computer crime; Computer networks; Computerized monitoring; High-speed networks; Internet; Intrusion detection; Protocols; Telecommunication traffic;
Conference_Titel :
Multitopic Conference, 2007. INMIC 2007. IEEE International
Conference_Location :
Lahore
Print_ISBN :
978-1-4244-1552-6
Electronic_ISBN :
978-1-4244-1553-3
DOI :
10.1109/INMIC.2007.4557719
