Abstract
In this work we investigate a new approach for detecting network-wide attacks that aim to degrade the network's Quality of Service (QoS). To this end, a new network-based intrusion detection system (NIDS) is proposed. In contrast to the passive approach which most contemporary NIDS follow and which relies solely on production traffic monitoring, the propose NIDS takes the active approach where special crafted probes are sent according to a known probability distribution in order to monitor the network for anomalous behavior. The proposed approach takes away much of the variability of network traffic that makes it so difficult to classify, and therefore can detect subtle attacks which would not be detected passively. Furthermore, the active probing approach allows the NIDS to be effectively trained using only examples of the network's normal states, hence enabling an effective detection of zero-day attacks. Preliminary results on a real-life ISP network topology demonstrate the advantages of the proposed NIDS.
| Original language | English |
|---|---|
| Pages | 1004-1006 |
| Number of pages | 3 |
| DOIs | |
| State | Published - 26 Nov 2012 |
| Event | 2012 ACM Conference on Computer and Communications Security, CCS 2012 - Raleigh, NC, United States Duration: 16 Oct 2012 → 18 Oct 2012 |
Conference
| Conference | 2012 ACM Conference on Computer and Communications Security, CCS 2012 |
|---|---|
| Country/Territory | United States |
| City | Raleigh, NC |
| Period | 16/10/12 → 18/10/12 |
Keywords
- Intrusion detection
- Machine-learning
All Science Journal Classification (ASJC) codes
- Software
- Computer Networks and Communications