Conferences in Research and Practice in Information Technology
  

Online Version - Last Updated - 20 Jan 2012

 

 
Home
 

 
Procedures and Resources for Authors

 
Information and Resources for Volume Editors
 

 
Orders and Subscriptions
 

 
Published Articles

 
Upcoming Volumes
 

 
Contact Us
 

 
Useful External Links
 

 
CRPIT Site Search
 
    

Service-independent payload analysis to improve intrusion detection in network traffic

Perona, I., Gurrutxaga, I., Arbelaitz, O., Martin, J.I., Muguerza, J. and Ma Perez, J.

    The popularity of computer networks broadens the scope for network attackers and increases the damage these attacks can cause. In this context, Intrusion Detection Systems (IDS) are included as part of any complete security package. This work focuses on nIDSs which work by scanning the network traffic. A serviceindependent payload processing approach is presented to increase detection rates in non-flood attacks. Three different techniques for payload processing are proposed and they are shown to be able to efficiently detect some of the attack types. Moreover, the proper integration of the knowledge of the different techniques, payload-based and packet header-based, always improves the results. This work leads us to conclude that payload analysis can be used in a general manner, with no service- or port-specific modelling, to detect attacks in network traffic.
Cite as: Perona, I., Gurrutxaga, I., Arbelaitz, O., Martin, J.I., Muguerza, J. and Ma Perez, J. (2008). Service-independent payload analysis to improve intrusion detection in network traffic. In Proc. Seventh Australasian Data Mining Conference (AusDM 2008), Glenelg, South Australia. CRPIT, 87. Roddick, J. F., Li, J., Christen, P. and Kennedy, P. J., Eds. ACS. 171-178.
pdf (from crpit.com) pdf (local if available) BibTeX EndNote GS
 

 

ACS Logo© Copyright Australian Computer Society Inc. 2001-2014.
Comments should be sent to the webmaster at crpit@scem.uws.edu.au.
This page last updated 16 Nov 2007