An efficient network intrusion detection

被引:30
作者
Chen, Chia-Mei [1 ]
Chen, Ya-Lin [1 ]
Lin, Hsiao-Chung [1 ]
机构
[1] Natl Sun Yat Sen Univ, Dept Informat Management, Kaohsiung 80424, Taiwan
来源
COMPUTER COMMUNICATIONS | 2010年 / 33卷 / 04期
关键词
Anomaly score; Intrusion detection; Network security; Exploit code; ANOMALY DETECTION; DETECTION SYSTEM; MODEL;
D O I
10.1016/j.comcom.2009.10.010
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Exploit code based on system vulnerability is often used by attacker. Such exploit program often sends attack packets in the first few packets. A Lightweight Network intrusion Detection system (LNID) is proposed for detecting such attacks on Telnet traffic. It characterizes normal traffic behavior and computes the anomaly score of a packet based on the deviation from the normal behavior. Instead of processing all traffic packets, an efficient filtering scheme proposed in the study can reduce system workload and only 0.3% of the original traffic volume is examined for anomaly. According to the performance comparisons with other network-based IDS, LNID is the most efficient on detection rate and workload reduction, (C) 2009 Elsevier B.V. All rights reserved.
引用
收藏
页码:477 / 484
页数:8
相关论文
共 40 条
[1]   RT-UNNID: A practical solution to real-time network-based intrusion detection using unsupervised neural networks [J].
Amini, Morteza ;
Jalili, Rasool ;
Shahriari, Hamid Reza .
COMPUTERS & SECURITY, 2006, 25 (06) :459-468
[2]  
[Anonymous], 2005, FPGA 05
[3]  
[Anonymous], 2001, CS200104
[4]  
Asaka M, 2001, IEICE T INF SYST, VE84D, P570
[5]   Intrusion detection through learning behavior model [J].
Balajinath, B ;
Raghavan, SV .
COMPUTER COMMUNICATIONS, 2001, 24 (12) :1202-1212
[6]   A comparison of Intrusion Detection Systems [J].
Biermann, E ;
Cloete, E ;
Venter, LM .
COMPUTERS & SECURITY, 2001, 20 (08) :676-683
[7]   Efficient anomaly detection by modeling privilege flows using hidden Markov model [J].
Cho, SB ;
Park, HJ .
COMPUTERS & SECURITY, 2003, 22 (01) :45-55
[8]   Anomaly detection methods in wired networks: a survey and taxonomy [J].
Estevez-Tapiador, JM ;
Garcia-Teodoro, P ;
Diaz-Verdejo, JE .
COMPUTER COMMUNICATIONS, 2004, 27 (16) :1569-1584
[9]   Fusion of multiple classifiers for intrusion detection in computer networks [J].
Giacinto, G ;
Roli, F ;
Didaci, L .
PATTERN RECOGNITION LETTERS, 2003, 24 (12) :1795-1803
[10]   Detecting intrusion with rule-based integration of multiple models [J].
Han, SJ ;
Cho, SB .
COMPUTERS & SECURITY, 2003, 22 (07) :613-623
1234