Effectiveness of Hierarchical Heavy Hitter Identification for Intrusion Detection

Author

Uppal, Saba Pervez ; Butt, Sara Tahir ; Karim, Asim

Author_Institution

Dept. of Comput. Sci., Lahore Univ. of Manage. Sci., Lahore

fYear

2007

fDate

28-30 Dec. 2007

Firstpage

1

Lastpage

5

Abstract

Network traffics volume is employed extensively for monitoring and identification of traffic patterns. A straight forward approach that maintains the volume for all flows and their aggregations is computationally intractable for today´s high speed networks. Recently, the online hierarchical heavy hitter algorithm has been proposed for efficient change detection in network streams. We implement the hierarchical heavy hitter identification into an intrusion detection system and evaluate its effectiveness using the DARPA intrusion detection evaluation data sets. Our results show that this approach can be particularly valuable for detecting denial of service attacks and port sweeps. We explore the strengths and weakness of the approach for various attack types.

Keywords

security of data; telecommunication security; telecommunication traffic; DARPA; denial of service attacks; intrusion detection; network traffics; online hierarchical heavy hitter identification; port sweeps; traffic pattern identification; traffic pattern monitoring; Business communication; Change detection algorithms; Computer crime; Computer networks; Computerized monitoring; High-speed networks; Internet; Intrusion detection; Protocols; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Multitopic Conference, 2007. INMIC 2007. IEEE International

Conference_Location

Lahore

Print_ISBN

978-1-4244-1552-6

Electronic_ISBN

978-1-4244-1553-3

Type

conf

DOI

10.1109/INMIC.2007.4557719

Filename

4557719