Title :
An architecture for network stream splitting in support of intrusion detection
Author :
Judd, John D. ; McEachen, John C.
Author_Institution :
Dept. of Comput. Sci., Naval Postgraduate Sch., Monterey, CA, USA
Abstract :
We describe a system where fuzzy reasoning is used to selectively reduce the amount of traffic sent to an intrusion detection system (IDS) while simultaneously both reducing the number of false alarms generated by the IDS and maintaining the ability of the IDS to accurately recognize network attacks. Specifically, we apply a type of filtering we term "IDS stream splitting," which consists of classifying each packet as either trusted or un-trusted when it is encountered between the sniffer and the IDS (within the firewall). This classification allows for fewer packets to be sent to an IDS devoted to examining un-trusted traffic. The logic of the splitter looks at each packet as part of a connection and give it a trust ranking from [0..1] using a fuzzy logic model. Initial results indicate that this approach can significantly reduce false alarm rates while increasing system up time.
Keywords :
computer networks; fuzzy logic; message authentication; telecommunication traffic; IDS stream splitting; false alarms; fuzzy logic model; intrusion detection system; network attacks; network stream splitting; sniffer; system up time; trusted traffic; untrusted traffic; Computer architecture; Computer networks; Computer science; Filtering; Fuzzy logic; Intelligent networks; Intrusion detection; Maintenance engineering; Telecommunication traffic; Traffic control;
Conference_Titel :
Information, Communications and Signal Processing, 2003 and Fourth Pacific Rim Conference on Multimedia. Proceedings of the 2003 Joint Conference of the Fourth International Conference on
Print_ISBN :
0-7803-8185-8
DOI :
10.1109/ICICS.2003.1292760
