Multilayer packet tagging for network behaviour analysis

Author

Deraman, Mohamad ; Desa, Jalil Md ; Othman, Zulaiha Ali

Author_Institution

R&D Innovation Center, TM R&D Sdn Bhd, Cyberjaya, Malaysia

Volume

2

fYear

2010

fDate

15-17 June 2010

Firstpage

909

Lastpage

913

Abstract

Network behaviour analysis (NBA) is a system that analyses the network data stream or packets characteristics. NBA commonly associated with network intrusion detection and prevention system (IDS/IPS), as the mechanism used in NBA is well known for its capability to discover the hidden information in network packets. Among popular methods empowered the NBA is misuse detection and anomaly detection techniques. Misuse detection is suitable for known attacks that already have list of actions to be taken based on historical events from past attacks. However, misuse detection is inefficient to deal with zero-day type of attack. This paper describes the concept of multilayer packet tagging approach that is possible to compliment the weaknesses found in misuse detection techniques in NBA system.

Keywords

computer network security; NBA system; anomaly detection; misuse detection; multilayer packet tagging; network attack; network behaviour analysis; network data stream; network intrusion detection; network packet; network prevention system; packet characteristics; zero-day attack; Algorithm design and analysis; Artificial neural networks; Computers; anomaly detection; data mining; intrusion detection; misuse detection; network behaviour analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Technology (ITSim), 2010 International Symposium in

Conference_Location

Kuala Lumpur

ISSN

2155-897

Print_ISBN

978-1-4244-6715-0

Type

conf

DOI

10.1109/ITSIM.2010.5561573

Filename

5561573