Poster: Network-based intrusion detection systems go active!

Eitan Menahem, Yuval Elovici, Gabi Nakibly

Research output: Contribution to conferencePoster

2 Scopus citations

Abstract

In this work we investigate a new approach for detecting network-wide attacks that aim to degrade the network's Quality of Service (QoS). To this end, a new network-based intrusion detection system (NIDS) is proposed. In contrast to the passive approach which most contemporary NIDS follow and which relies solely on production traffic monitoring, the propose NIDS takes the active approach where special crafted probes are sent according to a known probability distribution in order to monitor the network for anomalous behavior. The proposed approach takes away much of the variability of network traffic that makes it so difficult to classify, and therefore can detect subtle attacks which would not be detected passively. Furthermore, the active probing approach allows the NIDS to be effectively trained using only examples of the network's normal states, hence enabling an effective detection of zero-day attacks. Preliminary results on a real-life ISP network topology demonstrate the advantages of the proposed NIDS.

Original languageEnglish GB
Pages1004-1006
Number of pages3
DOIs
StatePublished - 26 Nov 2012
Event2012 ACM Conference on Computer and Communications Security, CCS 2012 - Raleigh, NC, United States
Duration: 16 Oct 201218 Oct 2012

Conference

Conference2012 ACM Conference on Computer and Communications Security, CCS 2012
Country/TerritoryUnited States
CityRaleigh, NC
Period16/10/1218/10/12

Keywords

  • Intrusion detection
  • Machine-learning

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Poster: Network-based intrusion detection systems go active!'. Together they form a unique fingerprint.

Cite this