Enhanced fast attack detection technique for network intrusion detection system
In the last decade, the network has grown both in size and importance. In particular TCP/IP network and most notably the world wide Internet have become the main infrastructure to exchange data and carry out transaction. They have also become the main mean to attack host. The popularity of intrusion...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2009
|
| Subjects: | |
| Online Access: | http://eprints.utem.edu.my/id/eprint/14764/1/Enhanced%20fast%20attack%20detection%20technique%20for%20network%20intrusion%20detection%20system100_2.pdf http://eprints.utem.edu.my/id/eprint/14764/2/Enhanced%20fast%20attack%20detection%20technique%20for%20network%20intrusion%20detection%20system.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | In the last decade, the network has grown both in size and importance. In particular TCP/IP network and most notably the world wide Internet have become the main infrastructure to exchange data and carry out transaction. They have also become the main mean to attack host. The popularity of intrusion tools and script are the main contribution of the attack inside the network. Gathering valuable information from vulnerable machine such as IP address and vulnerable application is the first step for the attackers to launch an attack to the vulnerable machine. There are numerous techniques to get this information such as sweeping, scanning, probing and so on. These information gathering techniques can be divided into two categories which are Fast Attack and Slow Attack. Fast attack can be defined as an attack that uses a large amount of packets or connections within a short period in few seconds. Meanwhile the Slow Attack can be defined as an attack which takes much longer time in the sense of few minutes to few hours to complete. In order to detect these attacks, introducing intrusion detection system (IDS) inside the network is necessary. An IDS has the capability to analyze the network traffic and recognize incoming and ongoing intrusion. IDS has several weaknesses which need to be tackled to improve the accuracy of detection. The current weakness is on selecting the suitable threshold for detecting the intrusion activity. Selecting too high of value may generate excessive false alarm while too low may miss the malicious activity. Hence, this research introduces a new technique in selecting a suitable threshold for detecting the intrusion activity especially for Fast Attack. The threshold selected in this research has been analyzed, examined, tested and proven that it is able to increase the accuracy of detection to 99.5% using statistical approach and decrease the speed of detection. Besides introducing a new technique to identify and select the threshold, this research also revealed the feature influence and reason behind the selection of the feature. Selecting unnecessary features may cause computational issues and decrease the accuracy of detection. Furthermore, current research more concentrates more on technique of detection rather than feature selection. Most research uses the features without highlighting the influence of the feature inside the system itself. Thus this research will reveal the influence of the features in predicting the result of the detection. The results show that the selection of features and the threshold selected using the new technique has a strong potential to detect the fast attack and significantly reduce the false alarm generated by the intrusion detection system. |
|---|