Constant false alarm rate anomaly-based approach for network intrusion detection

With the rapid growth of communication technologies, the widespread use of the Internet, and the recent introduction of e-services, the number of computer network security threats is dramatically increasing. This paper presents an efficient method for anomaly detection in network traffic. In this method, network traffic is decomposed into control and data planes. As the data traffic generation is based on control traffic, the behavior of the two planes is expected to be similar during normal behavior. Therefore, detecting dissimilarity (via cross-correlation) between the traffic of the two planes can indicate an abnormal behavior. Constant and adaptive thresholding techniques have been developed in this paper for the design of a false alarm rate intrusion detection processors. Simulation experiments have been carried out on a real traffic obtained at King Saud University at the end of 2012.