| Despite advances in the field of intrusion detection, network-based attacks still prevail within the global digital landscape causing tremendous amounts of damage. The research work presented here details an anomaly-based network Intrusion Detection System (IDS) approach that uses network packet payloads as the determining feature to classifying packets. Designed from the start with the goals of high-speed hardware (or software) implementation, accurate detection, and low resource requirements, the system aims to make early and accurate detection decisions while the packet is in transit through the intrusion detection system. Intrusion decisions are made on a per-packet basis with no connection state maintained, leading to low resource requirements and prevention of attacks that slip in under-the-radar in a fail-open implementation or that launch a resource exhaustion denial-of-service attack in a fail-closed implementation. By keeping resource costs down, widespread deployment in network interfaces, switches and routers is envisioned. The approach characterizes traffic on a per-service basis and separately on inbound and outbound traffic, which has the advantage that learning is tailored for specific traffic flows making it easier to detect insider attacks or compromised machines within a network.;The proposed approach is novel in its employment of a unique and efficient hashing technique that provides a low-dimensional feature space to characterize each service type and its use of two-dimensional quantized feature spaces for efficient classifier implementation. Experimental results on standard benchmarks and real traffic have yielded high detection rates and low false-positive rates. |
PDF Full Text Request