Abstract

Information security has become a primary concern in enterprise and government networks. In this respect, Network-based Intrusion Detection System (NIDS) is a critical component of an organization’s security strategy. This chapter is the result of the effort to design an Anomaly-based Network Intrusion Detection System (A-NIDS), which is capable of detecting network attacks using entropy-based behavioral traffic profiles. These profiles are used as a baseline to define the normal behavior of certain traffic features. The Method of Remaining Elements (MRE) is the core for the task of traffic profiling. In this method, a new measure of uncertainty called Proportional Uncertainty (PU) is proposed, which provides an important characteristic: the exposure of anomalies for those traffic slots related to anomalous behavior. Moreover, PU increases the sensitivity for early detection, and allows detection of a wide range of attacks with respect to naïve entropy estimation. The performance evaluation of the proposed architecture was accomplished through MIT-DARPA dataset and also on an academic LAN by implementing real attacks. The results show that this architecture is effective in the early detection of intrusions, as well as some attacks designed to bypass detection measures.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.