ACTIDS: An active strategy for detecting and localizing network attacks

Eitan Menahem, Yuval Elovici, Nir Amar, Gabi Nakibly

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

In this work we investigate a new approach for detecting attacks which aim to degrade the network's Quality of Service (QoS). To this end, a new network-based intrusion detection system (NIDS) is proposed. Most contemporary NIDSs take a passive approach by solely monitoring the network's production traffic. This paper explores a complementary approach in which distributed agents actively send out periodic probes. The probes are continuously monitored to detect anomalous behavior of the network. The proposed approach takes away much of the variability of the network's production traffic that makes it so difficult to classify. This enables the NIDS to detect more subtle attacks which would not be detected using the passive approach alone. Furthermore, the active probing approach allows the NIDS to be effectively trained using only examples of the network's normal states, hence enabling an effective detection of zero day attacks. Using realistic experiments, we show that an NIDS which also leverages the active approach is considerably more effective in detecting attacks which aim to degrade the network's QoS when compared to an NIDS which relies solely on the passive approach.

Original languageEnglish
Title of host publicationAISec 2013 - Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security, Co-located with CCS 2013
Pages55-66
Number of pages12
DOIs
StatePublished - 9 Dec 2013
Event2013 6th Annual ACM Workshop on Artificial Intelligence and Security, AISec 2013, Co-located with the 20th ACM Conference on Computer and Communications Security, CCS 2013 - Berlin, Germany
Duration: 4 Nov 20134 Nov 2013

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Conference

Conference2013 6th Annual ACM Workshop on Artificial Intelligence and Security, AISec 2013, Co-located with the 20th ACM Conference on Computer and Communications Security, CCS 2013
Country/TerritoryGermany
CityBerlin
Period4/11/134/11/13

Keywords

  • meta-learning
  • quality-of-service attacks

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'ACTIDS: An active strategy for detecting and localizing network attacks'. Together they form a unique fingerprint.

Cite this