Two-Level Packet Inspection Using Sequential Differentiate Method

Deep Packet Inspection is a vital task in network security applications such as Firewalls and Intrusion Detection Systems (IDS). Patterns based detectors used in Packet Inspection implement multi-pattern matching algorithms to check whether the packet payload have a specified patterns in a patterns set. Computational cost is one of the major concerns of the commercial Intrusion Detection Systems (IDSs). Although these systems are proven to be promising in detecting network abnormalities, they need to check all the patterns to identify a suspicious abnormal in the worst case. This is time consuming. This paper proposes an efficient two-level IDS, which applies a statistical patterns approach and a Sequential Differentiate Method (SeqDM) for the detection of unauthorized packets. The two-level system converts high-faceted character space into a low-faceted character space. It is able to reduce the computational cost and integrates groups of patterns into an identical patterns. The integration of patterns reduces the cost involved for valid packet identification. The final decision is made on the integrated low-faceted character space. Finally, the proposed two-level system is evaluated using DARPA 1999 IDS dataset for the detection of unauthorized packets.