Analysis of Time-Based Approach for Detecting Anomalous Network Traffic
The Multiple Self-Organizing map based Intrusion Detection System (MSIDS) is a recent approach for an anomaly-based IDS developed under the Integrated Network-Based Ohio University Network Detective Service (INBOUNDS). It enhanced the previous approach by introducing the time-based behavior of normal network connections. It analyzed the time-based behavior using a pattern and demonstrated the better characterization of network behavior. This thesis provides a detail analysis of this work by investigating various options for time-based approach. The analysis of a heuristic approach for automatic generation of patterns, and generation of two specific patterns is performed. The detailed false positive analysis for these patterns and MSIDS pattern is then accomplished using four training data sets. A methodology is devised for tuning the pattern generation algorithm that eliminates the false positives for the training data sets. The inherent false positive rate resulted from the threshold adopted from previous work is reduced by finding the new threshold value.
School Location:USA - Ohio
Source Type:Master's Thesis
Keywords:intrusion detection system analysis time based approach false positive anomalous network traffic specific patterns for behavior eliminative positives
Date of Publication:01/01/2005