Share Email Print

Proceedings Paper

A novel interacting multiple model based network intrusion detection scheme
Author(s): Ruichi Xin; Vijay Venkatasubramanian; Henry Leung
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

In today's information age, information and network security are of primary importance to any organization. Network intrusion is a serious threat to security of computers and data networks. In internet protocol (IP) based network, intrusions originate in different kinds of packets/messages contained in the open system interconnection (OSI) layer 3 or higher layers. Network intrusion detection and prevention systems observe the layer 3 packets (or layer 4 to 7 messages) to screen for intrusions and security threats. Signature based methods use a pre-existing database that document intrusion patterns as perceived in the layer 3 to 7 protocol traffics and match the incoming traffic for potential intrusion attacks. Alternately, network traffic data can be modeled and any huge anomaly from the established traffic pattern can be detected as network intrusion. The latter method, also known as anomaly based detection is gaining popularity for its versatility in learning new patterns and discovering new attacks. It is apparent that for a reliable performance, an accurate model of the network data needs to be established. In this paper, we illustrate using collected data that network traffic is seldom stationary. We propose the use of multiple models to accurately represent the traffic data. The improvement in reliability of the proposed model is verified by measuring the detection and false alarm rates on several datasets.

Paper Details

Date Published: 18 April 2006
PDF: 12 pages
Proc. SPIE 6241, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2006, 62410C (18 April 2006); doi: 10.1117/12.666087
Show Author Affiliations
Ruichi Xin, Univ. of Calgary (Canada)
Vijay Venkatasubramanian, Univ. of Calgary (Canada)
Henry Leung, Univ. of Calgary (Canada)

Published in SPIE Proceedings Vol. 6241:
Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2006
Belur V. Dasarathy, Editor(s)

© SPIE. Terms of Use
Back to Top