The popularity of computer networks broadens the scope
for network attackers and increases the damage these
attacks can cause. In this context, Intrusion Detection
Systems (IDS) are included as part of any complete
security package. This work focuses on nIDSs which
work by scanning the network traffic. A serviceindependent
payload processing approach is presented to
increase detection rates in non-flood attacks. Three
different techniques for payload processing are proposed
and they are shown to be able to efficiently detect some of
the attack types. Moreover, the proper integration of the
knowledge of the different techniques, payload-based and
packet header-based, always improves the results. This
work leads us to conclude that payload analysis can be
used in a general manner, with no service- or port-specific
modelling, to detect attacks in network traffic. |
Cite as: Perona, I., Gurrutxaga, I., Arbelaitz, O., Martin, J.I., Muguerza, J. and Ma Perez, J. (2008). Service-independent payload analysis to improve intrusion detection in network traffic. In Proc. Seventh Australasian Data Mining Conference (AusDM 2008), Glenelg, South Australia. CRPIT, 87. Roddick, J. F., Li, J., Christen, P. and Kennedy, P. J., Eds. ACS. 171-178. |