• DocumentCode
    2338580
  • Title

    NIDS based on payload word frequencies and anomaly of transitions

  • Author

    Mrdovic, Sasa ; Perunicic, Branislava

  • Author_Institution
    Univ. of Sarajevo, Sarajevo
  • fYear
    2008
  • fDate
    13-16 Nov. 2008
  • Firstpage
    334
  • Lastpage
    339
  • Abstract
    This paper presents a novel payload analysis method. Consecutive bytes are separated by boundary symbols and defined as words. The frequencies of word appearance and word to word transitions are used to build a model of normal behavior. A simple anomaly score calculation is designed for fast attack detection. The method was tested using real traffic and recent attacks to demonstrate that it can be used in IDS. Tolerance to small number of attack in training data is shown.
  • Keywords
    security of data; word processing; attack detection; boundary symbols; network intrusion detection system; payload word frequencies; word appearance; word to word transitions; Frequency; Information systems; Intrusion detection; Payloads; Protection; Protocols; Telecommunication traffic; Testing; Traffic control; Training data;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Digital Information Management, 2008. ICDIM 2008. Third International Conference on
  • Conference_Location
    London
  • Print_ISBN
    978-1-4244-2916-5
  • Electronic_ISBN
    978-1-4244-2917-2
  • Type

    conf

  • DOI
    10.1109/ICDIM.2008.4746821
  • Filename
    4746821
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2338580