Design and Analysis of a Method for Synoptic Level Network Intrusion Detection

Current system administrators are missing intrusion alerts hidden by large numbers of false positives. We propose an intrusion detection tool that effectively uses select data to provide a picture of "network health". Our hypothesis is that by utilizing the data available at the node and network levels we can create a synoptic picture of the network providing indications of many intrusions or other network issues. Our major contribution is to provide a revolutionary way to analyze node and network data for patterns, dependence, and effects that indicate network issues. Our first contribution in this vein is to present a method based on utilizing the number of packets sent, number of packets received, node reliability, route reliability, and entropy to develop a synoptic picture of the network health in the presence of a sinkhole.