Agent-Based Real Time Intrusion Detection System Against Malformed Packet Attacks
The current paper proposes a network-based Intrusion Detection System (IDS) that can efficiently detect attacks based on malformed packets that continues to increase, along with more intelligent and skillful hacking techniques. Our system firstly extracts the important features from network packets and analyzes simple attacks and detects IP fragmentation attacks. Thereafter, it collects information from the SA and the FA and other strange information related to the malformed packet. Finally, it judges whether or not an intrusion has occurred on the basis of information gathered from target systems by CAs. The simulation result shows 0% false-positive and 0% false-negative, 100% detection ratio, thereby confirming the accuracy of the proposed IDS in detecting fragmentation attacks.
KeywordsIntrusion Detection Port Number Detection Ratio Decision Engine Collaboration Agent
Unable to display preview. Download preview PDF.
- 1.Skoudis, E.: Counter Hack. Prentice-Hall, Englewood Cliffs (2002)Google Scholar
- 2.Proctor, P.E.: Practical Intrusion Detection Handbook. Prentice Hall PTR, Englewood Cliffs (2001)Google Scholar
- 3.Bykova, M., Ostermann, S., Tjaden, B.: Detection Network Intrusions via Statistical Analysis of Network Packet Characteristics. 33rd Southeastern Symposium on System Theory (SSST), 309–314 (2001)Google Scholar
- 4.Forozan, B.A.: TCP/IP Protocol Suite. Mcgraw-Hill Companies, Inc (2000)Google Scholar
- 6.Northcut, S., Novak, J.: Network Intrusion Detection An Analyst’s Handbook, 2nd edn., New Riders (2001)Google Scholar
- 8.Kim, S.-C.: Abnormal IP Packets. Korea Computer Emergency Response Team Coordination Center (2001)Google Scholar