Title :
Protocol analysis in intrusion detection using decision tree
Author :
Abbes, Tarek ; Bouhoula, Adel ; Rusinowitch, Michaël
Author_Institution :
LORIA/INRIA, Nancy, France
Abstract :
Network based intrusion detection are the most deployed IDS. They frequently rely on signature matching detection method and focus on the security of low level network protocols. Because of the large number of false positives from one side, and the incapacity to detect some attack types from another side, IDS must allow more interest to the monitoring of application level protocols. We propose in this paper a combination of pattern matching and protocol analysis approaches. While the first method of detection relies on a multipattern matching strategy, the second one benefits from an efficient decision tree adaptive to the network traffic characteristics.
Keywords :
decision trees; message authentication; pattern matching; protocols; telecommunication security; telecommunication traffic; application level protocols monitoring; attack types; decision tree; false positives; low level network protocols; multipattern matching strategy; network based intrusion detection; network traffic characteristics; pattern matching; protocol analysis; signature matching detection method; Decision trees; Intelligent networks; Intrusion detection; Monitoring; Pattern analysis; Pattern matching; Performance analysis; Telecommunication traffic; Traffic control; Transport protocols;
Conference_Titel :
Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004. International Conference on
Print_ISBN :
0-7695-2108-8
DOI :
10.1109/ITCC.2004.1286488
