Enhanced fast attack detection technique for network intrusion detection system

Mohd Faizal, Abdollah (2009) Enhanced fast attack detection technique for network intrusion detection system. PhD thesis, UTeM.

[img] Text (24 Page)
Enhanced fast attack detection technique for network intrusion detection system100_2.pdf - Submitted Version
Restricted to Registered users only

Download (5MB)

Abstract

In the last decade, the network has grown both in size and importance. In particular TCP/IP network and most notably the world wide Internet have become the main infrastructure to exchange data and carry out transaction. They have also become the main mean to attack host. The popularity of intrusion tools and script are the main contribution of the attack inside the network. Gathering valuable information from vulnerable machine such as IP address and vulnerable application is the first step for the attackers to launch an attack to the vulnerable machine. There are numerous techniques to get this information such as sweeping, scanning, probing and so on. These information gathering techniques can be divided into two categories which are Fast Attack and Slow Attack. Fast attack can be defined as an attack that uses a large amount of packets or connections within a short period in few seconds. Meanwhile the Slow Attack can be defined as an attack which takes much longer time in the sense of few minutes to few hours to complete. In order to detect these attacks, introducing intrusion detection system (IDS) inside the network is necessary.An IDS has the capability to analyze the network traffic and recognize incoming and ongoing intrusion. IDS has several weaknesses which need to be tackled to improve the accuracy of detection. The current weakness is on selecting the suitable threshold for detecting the intrusion activity. Selecting too high of value may generate excessive false alarm while too low may miss the malicious activity. Hence, this research introduces a new technique in selecting a suitable threshold for detecting the intrusion activity especially for Fast Attack. The threshold selected in this research has been analyzed, examined, tested and proven that it is able to increase the accuracy of detection to 99.5% using statistical approach and decrease the speed of detection. Besides introducing a new technique to identify and select the threshold, this research also revealed the feature influence and reason behind the selection of the feature. Selecting unnecessary features may cause computational issues and decrease the accuracy of detection. Furthermore, current research more concentrates more on technique of detection rather than feature selection. Most research uses the features without highlighting the influence of the feature inside the system itself. Thus this research will reveal the influence of the features in predicting the result of the detection. The results show that the selection of features and the threshold selected using the new technique has a strong potential to detect the fast attack and significantly reduce the false alarm generated by the intrusion detection system.

Item Type: Thesis (PhD)
Uncontrolled Keywords: Computer security, Computer networks -- Security measures, Internet -- Security measures, Computer networks -- Access control Technological innovations
Subjects: T Technology > T Technology (General)
T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions: Library > Tesis > FTMK
Depositing User: Zulkarnaen Mahat
Date Deposited: 28 Jul 2015 06:17
Last Modified: 28 Jul 2015 06:17
URI: http://eprints.utem.edu.my/id/eprint/14764
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item