Title
Packet- Vs. Session-Based Modeling For Intrusion Detection Systems
Abstract
In today's interconnected networks, Intrusion Detection Systems (IDSs), encryption devices, firewalls and other hardware and software solutions are critical in providing complete security solutions for corporations and government agencies. Many IDS variants exist which allow security personnel to identify attack network packets primarily through the use of signature detection where the IDS "recognizes" attack packets due to their well-known signatures as those packets cross the network's gateway threshold. However, anomaly-based ID systems identify normal traffic within a network and report abnormal behavior. We report the findings of our research in the area of anomaly-based intrusion detection systems using data-mining techniques to create a decision tree model of our network using the 1999 DARPA Intrusion Detection Evaluation data set. After the model was created, we gathered data from our local campus network and scored the new data through the model using both packet-based and session-based modeling and compare the results. © 2005 IEEE.
Publication Date
9-21-2005
Publication Title
International Conference on Information Technology: Coding and Computing, ITCC
Volume
1
Number of Pages
116-121
Document Type
Article; Proceedings Paper
Personal Identifier
scopus
Copyright Status
Unknown
Socpus ID
24744451207 (Scopus)
Source API URL
https://api.elsevier.com/content/abstract/scopus_id/24744451207
STARS Citation
Caulkin, Bruce D.; Lee, Joohan; and Wang, Morgan, "Packet- Vs. Session-Based Modeling For Intrusion Detection Systems" (2005). Scopus Export 2000s. 3715.
https://stars.library.ucf.edu/scopus2000/3715