Title :
Payload modeling for network Intrusion Detection Systems
Author :
Nwanze, Nnamdi ; Kim, Sun-il ; Summerville, Douglas H.
Author_Institution :
Electr. & Comput. Eng., State Univ. of New York at Binghamton, Vestal, NY, USA
Abstract :
A number of Intrusion Detection Systems (IDS) research efforts have demonstrated that network-based attacks can be detected by modeling normal network packet payloads and watching for anomalies. In this paper, we explore a data mining technique based on Principal Component Analysis that can identify specific features within packet payloads that are highly representative of the network traffic. of their respective services. Apart from reducing the processing overhead through minimization of the feature space, the autonomous identification of such sub-groups of features can readily enable IDS´s to develop classifiers that are more apt at separating normal traffic from anomalous traffic. We demonstrate the effectiveness of this techniques by generating feature sets from a collection of network traffic and applying them to the training and detection phases of a payload-based IDS. The results show that it is able to separate network attacks while maintaining low false positive rates. We also show that random sampling of less than 100% of the payload is possible and allows the IDS to combat attack obfuscation.
Keywords :
Internet; data mining; principal component analysis; security of data; data mining; network intrusion detection systems; network traffic; network-based attacks; payload modeling; principal component analysis; Computer networks; Face detection; Inspection; Intrusion detection; Payloads; Principal component analysis; Sampling methods; Systems engineering and theory; Telecommunication traffic; Traffic control;
Conference_Titel :
Military Communications Conference, 2009. MILCOM 2009. IEEE
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4244-5238-5
Electronic_ISBN :
978-1-4244-5239-2
DOI :
10.1109/MILCOM.2009.5379723
