Detection of anomalous network packets using lightweight stateless payload inspection

Proceedings - Conference on Local Computer Networks, LCN

Volumn , Issue , 2008, Pages 911-918

  Nwanze, Nnamdi ^a   Summerville, Douglas ^a  

^a State University of New York at Binghamton   (United States)

Author keywords

Anomaly detection; Network intrusion detection

Indexed keywords

COMPUTER NETWORKS; COMPUTERS; HARDWARE; INTERNET; LEARNING SYSTEMS; MACHINE COMPONENTS; METROPOLITAN AREA NETWORKS; SIGNAL DETECTION;

ANOMALY DETECTION; BIT MAPS; FALSE POSITIVE RATES; FEATURE SPACES; HARDWARE AND SOFTWARES; HARDWARE IMPLEMENTATIONS; HASH FUNCTIONS; HIGH-SPEED NETWORKS; HYPERCUBE; IMPLEMENTATION EFFICIENCIES; MACHINE LEARNINGS; NETWORK APPLIANCES; NETWORK INTRUSION DETECTION; NETWORK PACKETS; NOVEL TECHNIQUES; OFFLINE; POTENTIAL LOSSES; REAL TRAFFICS; TIME DETECTIONS;

INTRUSION DETECTION;

EID: 58049125337     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/LCN.2008.4664303     Document Type: Conference Paper

References (28)

1. S. Axelsson, The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection, ACM Conference on Computer and Communications Security 1999.
2. D. Bolzoni, and S. Etalle, APHRODITE: an Anomaly-based Architecture for False Positive Reduction, Technical Report TR-CTIT-06-13 Centre for Telematics and Information Technology, University of Twente, Enschede. ISSN 1381-3625, 2006.
3. E. Eskin, A. Arnold, M. Prerau, L. Portnor, and S. Stolfo, A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data, Data Mining for Security App., Kluwer, 2002.
4. A. Gupta and R. Sekar, An Approach for Detecting Self-Propagating Email Using Anomaly Detection, 2003 International Symp. on Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, Sept, 2003.
5. M. Hussein, and M. Zulkernine, Intrusion detection aware component-based systems: A specification-based framework, Journal of Systems and Software 80, 5 (May. 2007), pp. 700-710. DOI=http://dx.doi.org/10.1016/j. jss.2006.08.017.
6. O. Kolesnikov, D. Dagon, and W. Lee, Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic, in USENIX Security Symposium. 2006: Vancouver, BC, Canada.
7. C. Kruegel, T. Toth, and E. Kirda, Service Specific Anomaly Detection for Network Intrusion Detection, Symp. on Applied Computing (SAC), ACM Digital Library, Spain, Mar 2002.
8. W. Lee and S. Stolfo, A Framework for Constructing Features and Models for Intrusion Detection Systems, ACM Trans on Information and System Security, vol.3, no.4, pp. 227-261, November 2000.
9. LinkLogger, http://www.linklogger.com/.
10. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, K. Das., The 1999 DARPA Off-Line Intrusion Detection Evaluation, MIT Lincoln Lab Technical Report, 2000.
11. M. Mahoney, Network Traffic Anomaly Detection Based on Packet Bytes, In Proceedings of the 18th ACM Symp. Applied Computing, pp. 346-350, 2003.
12. P. Mell, V. Hu, R. Lippmann, J. Haines, and M. Zissman, An Overview of Issues in Testing Intrusion Detection Systems, June 2003 http://csrc.nist.gov/publications/nistir/index.html.
13. Metasploit Framework, http://framework.metasploit.com/msf/.
14. P.G. Neumann and P.A. Poras, Experiences with Emerald to Date, In Proceedings of the 1st Usenix Workshop on Intrusion Detection and Network Monitoring, Santa Clara, CA, Apr 11-12, 1999.
15. N. Nwanze, D. Summerville, V. Skormin, Real-Time Identification of Anomalous Packet Payloads for Network Intrusion Detection, Proceedings of the 6th IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY, pp. 448-449, June 2005.
16. I. Onuta, and A. Ghorbani, SVision: A novel visual network-anomaly identification technique, Computers & Security, vol. 26, Issue 3, pp 201-212, May 2007.
17. T.H. Ptacek and T. N. Newsham, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Secure Networks, Inc., Jan 1998, http://www.snort.org/idspaper/.
18. M. Roesch, Snort - Lightweight Intrusion Detection for Networks, http://www.snort.org/docs/lisapaper.txt.
19. V. Skormin, D. Summerville, J. Moronski, Detecting Malicious Codes by the presence of their Gene of Self-Replication, Computer Network Security, LNCS, Volume 2776, Springer, 2003.
20. Stonesoft Inc., Winning the Battle against False Positives, October 1, 2003, http://www.stonesoft.com/files/products/StoneGate/ SGWP_WinningTheBattleAgainstFalsePositives_print.pdf.
21. D. Summerville, N. Nwanze, and V. Skormin, Anomalous Packet Identification for Network Intrusion Detection, Proceedings of the 5th IEEE Systems, Man and Cybernetics Information Assurance Workshop, West Point, NY, pp. 60-67, June 2004.
22. C. Taylor and J. Alves-Foss, NATE- Network Analysis of Anomolous Traffic Events, A Low Cost Approach, In Proceedings of the NSPW'01, Sept 10-13, 2001, pp. 89-96.
23. T. Toth and C. Kruegel, Accurate Buffer Overflow Detection via Abstract Payload Execution, 5th Symp on Recent Advances in Intrusion Detection (RAID), LNCS, Springer Verlag, Switzerland, pp. 274-91, Oct 2002.
24. Viruslist.com, Kaspersky Security Bulletin 2006: Internet Attacks, http://www.viruslist.com/en/analysis?pubid=204791921.
25. K. Wang and S.J. Stolfo, Anomalous Payload-based Network Intrusion Detection, Columbia University Technical Report, Feb. 2nd, 2004, http://www1.cs.columbia.edu/ids/publications/Payl-AD.02.01.04-final.PDF.
26. K. Wang, J.J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant To Mimicry Attack, In Proceedings of the Nineth International Symposium on Recent Advances in Intrusion Detection (RAID 2006).
27. Viruslist.com, Online Scanner Top Twenty..., http://www.viruslist. com-/en/analysis.
28. A. Yee, Making false positives go away, Computerworld, 28/01/2004.