Abstract
This paper describes an experimental protocol based packet header anomaly detector for Network and Host Intrusion Detection System modelling which analyses the behaviour of packet header field values based on its layer 2, 3 and 4 protocol fields of the ISO OSI Seven Layer Model for Networking. Our model which we call as Protocol based Packet Header Anomaly Detector (PbPHAD) Intrusion Detection System is designed to detect the anomalous behaviour of network traffic packets based on three specific network and transport layer protocols namely UDP, TCP and ICMP to identify the degree of maliciousness from a set of detected anomalous packets identified from the sum of statistically modelled individually rated anomalous field values.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
MIT Lincoln Laboratory 1999 DARPA Intrusion Detection Data Sets (1999), http://www.ll.mit.edu/IST/ideval/data/1999/1999_data_index.html
Wang, K., Stolfo, S.J.: Anomalous Payload-based Network Intrusion Detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 201–222. Springer, Heidelberg (2004)
Mahoney, M.V., Chan, P.K.: Learning Rules for Anomaly Detection of Hostile Network Traffic. In: Proceeding of the 3rd IEEE International Conference on Data Mining (2003)
Luo, S., Marin, G.A.: Modeling Networking Protocols to Test Intrusion Detection Systems. In: LCN 2004. Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks (2004)
Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P.N., Dokas, P., Kumar, V., Srivastava, J.: Detection of Novel Network Attacks Using Data Mining. In: Proc. of SIAM Conf. Data Mining (2003)
Bolzoni, D., Etalle, S., Hartel, P., Zambon, E.: POSEIDON: A 2-Tier Anomaly Based Intrusion Detection System. In: IWIA 2006. Proceedings of the Fourth IEEE International Workshop on Information Assurance, pp. 144–156 (2006)
Vliet, F.V.: Turnover Poseidon: Incremental Learning in Clustering Methods for Anomaly based Intrusion Detection. In: Proceedings of Twente Student Conference on IT, University of Twente (2006)
Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: Detecting intrusions by data mining. In: Proc. of the IEEE Workshop on Information Assurance and Security (June 2001)
Yin, C., Tian, S., Huang, H., He, J.: Applying Genetic Programming to Evolve Learned Rules for Network Anomaly Detection. In: Wang, L., Chen, K., Ong, Y.S. (eds.) ICNC 2005. LNCS, vol. 3612, pp. 323–331. Springer, Heidelberg (2005)
Mahoney, M.V., Chan, P.K.: PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic. Technical report, Florida Tech., technical report CS-2001-4 (April 2001)
Lippmann, R.P., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA Off-Line Intrusion Detection Evaluation. MIT Lincoln Lab Technical Report (2000)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shamsuddin, S.B., Woodward, M.E. (2007). Modeling Protocol Based Packet Header Anomaly Detector for Network and Host Intrusion Detection Systems. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds) Cryptology and Network Security. CANS 2007. Lecture Notes in Computer Science, vol 4856. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76969-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-540-76969-9_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76968-2
Online ISBN: 978-3-540-76969-9
eBook Packages: Computer ScienceComputer Science (R0)