Title :
Analysis of Payload Based Application level Network Anomaly Detection
Author :
Zhang, Like ; White, Gregory B.
Author_Institution :
Div. of Comput. Sci., Texas Univ., San Antonio, TX
Abstract :
Most network anomaly detection research is based on packet header fields, while the payload is usually discarded. Preventing unknown attacks and Internet worms has led to a need for application level network anomaly detection. Payload based detection schemes in experiments are often misleading. In this paper, we discuss the problems associated with the experimental results. In the first section, a brief review would be given for application level anomaly detection research. Introduction to several major payload based approaches would be given in section 2. Then we use the DARPA ´99 dataset to evaluate the ALAD mechanism, and discuss the problems by using original DARPA ´99 datasets for evaluation. In the fourth section, an improved method would be proposed with a focus on detecting payload related attacks. In section 5, we demonstrate how to justify the payload based detection mechanism using the DARPA ´99 dataset, and compare with ALAD to demonstrate its advantages
Keywords :
computer networks; security of data; DARPA 99 dataset; Internet worms; packet header fields; payload based application level network anomaly detection; Application software; Computer science; Computer worms; Data mining; Fingerprint recognition; IP networks; Intrusion detection; Payloads; Protocols; Telecommunication traffic;
Conference_Titel :
System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on
Conference_Location :
Waikoloa, HI
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2007.75
