Agent-Based Real Time Intrusion Detection System Against Malformed Packet Attacks

  • Jun-Cheol Jeon
  • Eun-Yeung Choi
  • Kee-Young Yoo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4088)


The current paper proposes a network-based Intrusion Detection System (IDS) that can efficiently detect attacks based on malformed packets that continues to increase, along with more intelligent and skillful hacking techniques. Our system firstly extracts the important features from network packets and analyzes simple attacks and detects IP fragmentation attacks. Thereafter, it collects information from the SA and the FA and other strange information related to the malformed packet. Finally, it judges whether or not an intrusion has occurred on the basis of information gathered from target systems by CAs. The simulation result shows 0% false-positive and 0% false-negative, 100% detection ratio, thereby confirming the accuracy of the proposed IDS in detecting fragmentation attacks.


Intrusion Detection Port Number Detection Ratio Decision Engine Collaboration Agent 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Skoudis, E.: Counter Hack. Prentice-Hall, Englewood Cliffs (2002)Google Scholar
  2. 2.
    Proctor, P.E.: Practical Intrusion Detection Handbook. Prentice Hall PTR, Englewood Cliffs (2001)Google Scholar
  3. 3.
    Bykova, M., Ostermann, S., Tjaden, B.: Detection Network Intrusions via Statistical Analysis of Network Packet Characteristics. 33rd Southeastern Symposium on System Theory (SSST), 309–314 (2001)Google Scholar
  4. 4.
    Forozan, B.A.: TCP/IP Protocol Suite. Mcgraw-Hill Companies, Inc (2000)Google Scholar
  5. 5.
    Biermann, E., Cloete, E., Venter, L.M.: A comparison of Intrusion Detection System. Computers and Security 20, 676–683 (2001)CrossRefGoogle Scholar
  6. 6.
    Northcut, S., Novak, J.: Network Intrusion Detection An Analyst’s Handbook, 2nd edn., New Riders (2001)Google Scholar
  7. 7.
  8. 8.
    Kim, S.-C.: Abnormal IP Packets. Korea Computer Emergency Response Team Coordination Center (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Jun-Cheol Jeon
    • 1
  • Eun-Yeung Choi
    • 2
  • Kee-Young Yoo
    • 1
  1. 1.Department of Computer Engineering at Kyungpook National UniversityDaeguKorea
  2. 2.Planning and Administration Office at Seoul Metropolitan Office of EducationSeoulKorea

Personalised recommendations