Host Based Detection Approach Using Time Based Module for Fast Attack Detection Behavior

  • Faizal Mohd Abdollah
  • Mohd Zaki Mas’ud
  • Shahrin Sahib
  • Asrul Hadi Yaacob
  • Robiah Yusof
  • Siti Rahayu Selamat
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 157)

Abstract

Intrusion Detection System (IDS) is an important component in a network security infrastructure. IDS need to be accurate and reliable in order to detect the intrusive behaviour of a packet that travelling through the network. With the current technological advancement attack on network infrastructure has evolve to a new level and to make IDS sensitive enough to detect the new attack, the detection framework need to be frequently updated. Both the fast attack and slow attack mechanism has become the subset of phases inside the anatomy of attack. Each of the attack mechanism has their own criteria and fast attack is the important type of attack that need to be considered as any late detection of the fast attack can cause a major bad impact to the organization. Therefore, there is a need to identify a suitable technique to detect the fast attack and based on this, this paper introduce a static threshold using statistical and observation technique for detecting the fast attack intrusion that is within one second time interval. The Threshold selected was based on the real network traffic dataset and verified using classification table on real network traffic.

Keywords

Intrusion Detection Network Traffic Intrusion Detection System Fast Attack Suitable Threshold 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    McHugh, J., Christie, A., Allen, J.: Defending Yourself: he Role of Intrusion Detection System. In: Proceeding of IEEE, Software (2000)Google Scholar
  2. 2.
  3. 3.
    Microsoft, Ruth, A., Hudson, K.: Security + Certification: CompTIA Exam SYO-101. Microsoft Press, USA (2003)Google Scholar
  4. 4.
    Module for CEH (2009)Google Scholar
  5. 5.
    Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: SIAM International Conference on Data Mining (2003)Google Scholar
  6. 6.
    Faizal, M.A., Asrul, H.Y., Shahrin, S.: An Earlier Detection Framework for Network Intrusion Detection System. In: Proceeding of the Second International Conference on Advances in Information Technology, Bangkok, November 1-2 (2007)Google Scholar
  7. 7.
    Abdollah, M.F., Yaacob, A.H., Sahib, S.: Improved Fast Attack Detection Model for Network Intrusion Detection. In: Proceeding of International Conference on Engineering and ICT, UTeM (2007)Google Scholar
  8. 8.
    Lee, W.: A Data Mining Framework for Constructing Feature and Model for Intrusion Detection System. PhD thesis University of Columbia (1999)Google Scholar
  9. 9.
    Zhang, D., Leckie, C.: An Evaluation Technique for Network Intrusion Detection Systems. In: Proceeding of the First International Conference on Scalable Information Systems, Hong-Kong (June 2006)Google Scholar
  10. 10.
  11. 11.
    Snort (2009), http://www.snort.org
  12. 12.
    Allen, J., Christie, A., Fithen, W., Mc Hugh, J., Pickel, J., Stoner, E.: State of the Practice on Intrusion Detection Technologies. Technical Report on Networked Systems Survivability Program. University of Carnegie Mellon, Pittsburgh, USA (2000)Google Scholar
  13. 13.
    Levitt, K.: Intrusion Detection: Current Capabilities and Future Directions. In: Proceeding of the 18th Annual Computer Security Applications Conference. IEEE (2002)Google Scholar
  14. 14.
    Wang, Y., Huang, G.X., Peng, D.G.: Model of Network Intrusion Detection System Based on BP Algorithm. In: Proceeding of IEEE Conference on Industrial Electronics and Applications. IEEE (2006)Google Scholar
  15. 15.
    Tandon, G., Chan, P.K.: Weighting versus Pruning in Rule Validation for Detecting Network and Host Anomalies. In: Proceeding of KDD 2007 Conference. ACM, USA (2007)Google Scholar
  16. 16.
    Idika, N., Mathur, P.A.: A Survey of Malware Detection Technique. In: Proceeding of Software Engineering Research Center Conference, SERC-TR286 (2007)Google Scholar
  17. 17.
    Hussain, A., Heidermann, J., Papadopoulos, C.: A Framework for Classifying Denial of Service Attacks. In: Proceeding of 2003 ACM SIGCOMM, Germany (2003)Google Scholar
  18. 18.
    Kanlayasiri, U., Sanguanpong, S., Jaratmanachot, W.: A Rule Based Approach for Port Scanning. In: Proceeding of Electrical Engineering Conference, Thailand (2000)Google Scholar
  19. 19.
  20. 20.
    Gates, C., Damon, B. (Cpt.): Host Anomalies from Network Data. In: Proceeding from the Sixth Annual IEEE SMC (2005)Google Scholar
  21. 21.
    Darpa99 (2009), http://www.ll.mit.edu/
  22. 22.
    Field, A.: Discovering Statistic Using SPSS, 2nd edn. Sage Publication, London (2005), Schuyler W.HuckGoogle Scholar
  23. 23.
    Hosmer, D.W., Stanley, L.: Applied Logistic Regression, 2nd edn. John Wiley and Son Inc., USA (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Faizal Mohd Abdollah
    • 1
  • Mohd Zaki Mas’ud
    • 1
  • Shahrin Sahib
    • 1
  • Asrul Hadi Yaacob
    • 1
  • Robiah Yusof
    • 1
  • Siti Rahayu Selamat
    • 1
  1. 1.Faculty of Information and Communication TechnologyUniveristi Teknikal MalaysiaDurian TunggalMalaysia

Personalised recommendations