Title

Packet- Vs. Session-Based Modeling For Intrusion Detection Systems

Abstract

In today's interconnected networks, Intrusion Detection Systems (IDSs), encryption devices, firewalls and other hardware and software solutions are critical in providing complete security solutions for corporations and government agencies. Many IDS variants exist which allow security personnel to identify attack network packets primarily through the use of signature detection where the IDS "recognizes" attack packets due to their well-known signatures as those packets cross the network's gateway threshold. However, anomaly-based ID systems identify normal traffic within a network and report abnormal behavior. We report the findings of our research in the area of anomaly-based intrusion detection systems using data-mining techniques to create a decision tree model of our network using the 1999 DARPA Intrusion Detection Evaluation data set. After the model was created, we gathered data from our local campus network and scored the new data through the model using both packet-based and session-based modeling and compare the results. © 2005 IEEE.

Publication Date

9-21-2005

Publication Title

International Conference on Information Technology: Coding and Computing, ITCC

Volume

1

Number of Pages

116-121

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

Socpus ID

24744451207 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/24744451207

This document is currently not available here.

Share

COinS