• DocumentCode
    3723220
  • Title

    Exploiting N-Gram Location for Intrusion Detection

  • Author

    Fabrizio Angiulli;Luciano Argento;Angelo Furfaro

  • Author_Institution
    DIMES, Univ. of Calabria, Rende, Italy
  • fYear
    2015
  • Firstpage
    1093
  • Lastpage
    1098
  • Abstract
    Signature-based and protocol-based intrusion detection systems (IDS) are employed as means to reveal content-based network attacks. Such systems have proven to be effective in identifying known intrusion attempts and exploits but they fail to recognize new types of attacks or carefully crafted variants of well known ones. This paper presents the design and the development of an anomaly-based IDS technique which is able to detect content-based attacks carried out over application level protocols, like HTTP and FTP. In order to identify anomalous packets, the payload is split up in chunks of equal length and the n-gram technique is used to learn which byte sequences usually appear in each chunk. The devised technique builds a different model for each pair and uses them to classify the incoming traffic. Models are build by means of a semi-supervised approach. Experimental results witness that the technique achieves an excellent accuracy with a very low false positive rate.
  • Keywords
    "Payloads","Intrusion detection","Protocols","Standards","Computer security","Ports (Computers)"
  • Publisher
    ieee
  • Conference_Titel
    Tools with Artificial Intelligence (ICTAI), 2015 IEEE 27th International Conference on
  • ISSN
    1082-3409
  • Type

    conf

  • DOI
    10.1109/ICTAI.2015.155
  • Filename
    7372252