DocumentCode :
2338580
Title :
NIDS based on payload word frequencies and anomaly of transitions
Author :
Mrdovic, Sasa ; Perunicic, Branislava
Author_Institution :
Univ. of Sarajevo, Sarajevo
fYear :
2008
fDate :
13-16 Nov. 2008
Firstpage :
334
Lastpage :
339
Abstract :
This paper presents a novel payload analysis method. Consecutive bytes are separated by boundary symbols and defined as words. The frequencies of word appearance and word to word transitions are used to build a model of normal behavior. A simple anomaly score calculation is designed for fast attack detection. The method was tested using real traffic and recent attacks to demonstrate that it can be used in IDS. Tolerance to small number of attack in training data is shown.
Keywords :
security of data; word processing; attack detection; boundary symbols; network intrusion detection system; payload word frequencies; word appearance; word to word transitions; Frequency; Information systems; Intrusion detection; Payloads; Protection; Protocols; Telecommunication traffic; Testing; Traffic control; Training data;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Digital Information Management, 2008. ICDIM 2008. Third International Conference on
Conference_Location :
London
Print_ISBN :
978-1-4244-2916-5
Electronic_ISBN :
978-1-4244-2917-2
Type :
conf
DOI :
10.1109/ICDIM.2008.4746821
Filename :
4746821
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2338580
بازگشت