An Adaptive Approach to Improve the Accuracy of Packet Pre-Filtering

2011 ◽  
Vol 367 ◽  
pp. 241-248
Author(s):  
Sofiya Jesudoss ◽  
Auxeeliya Jesudoss ◽  
Ashraph Sulaiman
Keyword(s):  
Network Security ◽  
Behavior Analysis ◽  
False Positives ◽  
Network Behavior ◽  
Dos Attacks ◽  
Ip Address ◽  
Detection Systems ◽  
Security Environment ◽  
Network Intrusion ◽  
Incoming Packet

The current day networks are under deliberate, continuous and premeditated attacks such as Hacker attacks, DoS attacks, IP Address Spoofing, Phishing, Sniffer attacks etc. The Network Intrusion Detection Systems (NIDS) proved to be reliable in parrying most of the issues and challenges faced by the corporate network security systems. But, the NID systems fall short in providing a completely fool-proof network security environment. False negatives and false positives proved to be considerable bottle necks in securing the networks from the attacks. This paper deals with the introduction of a software approach for the packet pre-filtering to ease security threats and the introduction of Network Behavior Analysis to enhance the security of the network. The Network Behavior Analysis helps the system to ease the burdens to the network and security of the network by the false positives. The NIDS compares all the incoming packets with the pre-defined rules or signatures to find suspicious patterns. The pre-filtering approach used in this paper is a result of the observation that very rarely an incoming packet matches the signatures or the IDS rules. During the pre-filtering step, a small portion of the packet is compared against the predefined signatures for any suspicious patterns and the initial pre-filtering match is considered for a full match. For time efficiency, this strategy is compared to more optimistic schemes that allow reassignment of flows between threads, and evaluated using several network packet traces.

scholarly journals CNN-Based Network Intrusion Detection against Denial-of-Service Attacks

Electronics ◽  
2020 ◽  
Vol 9 (6) ◽  
pp. 916 ◽  
Author(s):  
Jiyeon Kim ◽  
Jiwon Kim ◽  
Hyunjung Kim ◽  
Minsun Shim ◽  
Eunjung Choi
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Denial Of Service ◽  
Intrusion Detection Systems ◽  
Network Intrusion Detection ◽  
National Defense ◽  
Dos Attacks ◽  
Detection Systems ◽  
Network Intrusion

As cyberattacks become more intelligent, it is challenging to detect advanced attacks in a variety of fields including industry, national defense, and healthcare. Traditional intrusion detection systems are no longer enough to detect these advanced attacks with unexpected patterns. Attackers bypass known signatures and pretend to be normal users. Deep learning is an alternative to solving these issues. Deep Learning (DL)-based intrusion detection does not require a lot of attack signatures or the list of normal behaviors to generate detection rules. DL defines intrusion features by itself through training empirical data. We develop a DL-based intrusion model especially focusing on denial of service (DoS) attacks. For the intrusion dataset, we use KDD CUP 1999 dataset (KDD), the most widely used dataset for the evaluation of intrusion detection systems (IDS). KDD consists of four types of attack categories, such as DoS, user to root (U2R), remote to local (R2L), and probing. Numerous KDD studies have been employing machine learning and classifying the dataset into the four categories or into two categories such as attack and benign. Rather than focusing on the broad categories, we focus on various attacks belonging to same category. Unlike other categories of KDD, the DoS category has enough samples for training each attack. In addition to KDD, we use CSE-CIC-IDS2018 which is the most up-to-date IDS dataset. CSE-CIC-IDS2018 consists of more advanced DoS attacks than that of KDD. In this work, we focus on the DoS category of both datasets and develop a DL model for DoS detection. We develop our model based on a Convolutional Neural Network (CNN) and evaluate its performance through comparison with an Recurrent Neural Network (RNN). Furthermore, we suggest the optimal CNN design for the better performance through numerous experiments.

scholarly journals MULTI-GIGABIT PATTERN FOR DATA IN NETWORK SECURITY

2013 ◽  
pp. 249-256
Author(s):  
Praveen Kumar . Ch ◽  
Prof.P.Vijai Bhaskar ◽  
Ravi. Ch ◽  
B.Rambhupal Reddy
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Pattern Matching ◽  
Intrusion Detection Systems ◽  
Search Pattern ◽  
Detection Systems ◽  
Network Intrusion ◽  
Matching Techniques ◽  
Detection Search ◽  
Perfect Hashing

In the current scenario network security is emerging the world. Matching large sets of patterns against an incoming stream of data is a fundamental task in several fields such as network security or computational biology. High-speed network intrusion detection systems (IDS) rely on efficient pattern matching techniques to analyze the packet payload and make decisions on the significance of the packet body. However, matching the streaming payload bytes against thousands of patterns at multi-gigabit rates is computationally intensive. Various techniques have been proposed in past but the performance of the system is reducing because of multi-gigabit rates.Pattern matching is a significant issue in intrusion detection systems, but by no means the only one. Handling multi-content rules, reordering, and reassembling incoming packets are also significant for system performance. We present two pattern matching techniques to compare incoming packets against intrusion detection search patterns. The first approach, decoded partial CAM (DpCAM), pre-decodes incoming characters, aligns the decoded data, and performs logical AND on them to produce the match signal for each pattern. The second approach, perfect hashing memory (PHmem), uses perfect hashing to determine a unique memory location that contains the search pattern and a comparison between incoming data and memory output to determine the match. The suggested methods have implemented in vhdl coding and we use Xilinx for synthesis.

scholarly journals Intruder Detection Systems on Computer Networks Using Host Based Intrusion Detection System Techniques

2021 ◽  
Vol 3 (1) ◽  
pp. 21
Author(s):  
Rio Widodo ◽  
Imam Riadi
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Accurate Information ◽  
Processing Unit ◽  
Dos Attacks ◽  
Wifi Networks ◽  
Central Processing ◽  
Detection Systems

The openness of access to information raises various problems, including maintaining the validity and integrity of data, so a network security system is needed that can deal with potential threats that can occur quickly and accurately by utilizing an IDS (intrusion detection system). One of the IDS tools that are often used is Snort which works in real-time to monitor and detect the ongoing network by providing warnings and information on potential threats in the form of DoS attacks. DoS attacks run to exhaust the packet path by requesting packets to a target in large and continuous ways which results in increased usage of CPU (central processing unit), memory, and ethernet or WiFi networks. The snort IDS implementation can help provide accurate information on network security that you want to monitor because every communication that takes place in a network, every event that occurs and potential attacks that can paralyze the internet network are monitored by snort.

scholarly journals Launching Adversarial Attacks against Network Intrusion Detection Systems for IoT

2021 ◽  
Vol 1 (2) ◽  
pp. 252-273
Author(s):  
Pavlos Papadopoulos ◽  
Oliver Thornewill von Essen ◽  
Nikolaos Pitropakis ◽  
Christos Chrysoulas ◽  
Alexios Mylonas ◽  
...  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
Intrusion Detection Systems ◽  
Learning Models ◽  
Detection Systems ◽  
Network Intrusion ◽  
Robust Model ◽  
Significant Probability ◽  
Adversarial Examples ◽  
Attack Surface

As the internet continues to be populated with new devices and emerging technologies, the attack surface grows exponentially. Technology is shifting towards a profit-driven Internet of Things market where security is an afterthought. Traditional defending approaches are no longer sufficient to detect both known and unknown attacks to high accuracy. Machine learning intrusion detection systems have proven their success in identifying unknown attacks with high precision. Nevertheless, machine learning models are also vulnerable to attacks. Adversarial examples can be used to evaluate the robustness of a designed model before it is deployed. Further, using adversarial examples is critical to creating a robust model designed for an adversarial environment. Our work evaluates both traditional machine learning and deep learning models’ robustness using the Bot-IoT dataset. Our methodology included two main approaches. First, label poisoning, used to cause incorrect classification by the model. Second, the fast gradient sign method, used to evade detection measures. The experiments demonstrated that an attacker could manipulate or circumvent detection with significant probability.

Sign in / Sign up

Export Citation Format

Share Document