Analysis of Time-Based Approach for Detecting Anomalous Network Traffic

by Khasgiwala, Jitesh

Abstract (Summary)
The Multiple Self-Organizing map based Intrusion Detection System (MSIDS) is a recent approach for an anomaly-based IDS developed under the Integrated Network-Based Ohio University Network Detective Service (INBOUNDS). It enhanced the previous approach by introducing the time-based behavior of normal network connections. It analyzed the time-based behavior using a pattern and demonstrated the better characterization of network behavior. This thesis provides a detail analysis of this work by investigating various options for time-based approach. The analysis of a heuristic approach for automatic generation of patterns, and generation of two specific patterns is performed. The detailed false positive analysis for these patterns and MSIDS pattern is then accomplished using four training data sets. A methodology is devised for tuning the pattern generation algorithm that eliminates the false positives for the training data sets. The inherent false positive rate resulted from the threshold adopted from previous work is reduced by finding the new threshold value.
Bibliographical Information:


School:Ohio University

School Location:USA - Ohio

Source Type:Master's Thesis

Keywords:intrusion detection system analysis time based approach false positive anomalous network traffic specific patterns for behavior eliminative positives


Date of Publication:01/01/2005

© 2009 All Rights Reserved.