Towards Multi-Stage Intrusion Detection using IP Flow Records
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2016, Vol 7, Issue 10
Abstract
Traditional network-based intrusion detection sys-tems using deep packet inspection are not feasible for modern high-speed networks due to slow processing and inability to read encrypted packet content. As an alternative to packet-based intrusion detection, researchers have focused on flow-based intrusion detection techniques. Flow-based intrusion detection systems analyze IP flow records for attack detection. IP flow records contain summarized traffic information. However, flow data is very large in high-speed networks and cannot be processed in real-time by the intrusion detection system. In this paper, an efficient multi-stage model for intrusion detection using IP flows records is proposed. The first stage in the model classifies the traffic as normal or malicious. The malicious flows are further analyzed by a second stage. The second stage associates an attack type with malicious IP flows. The proposed multi-stage model is efficient because the majority of IP flows are discarded in the first stage and only malicious flows are examined in detail. We also describe the implementation of our model using machine learning techniques.
Authors and Affiliations
Muhammad Umer, Imran Khan
Keywords
Related Articles
- EP ID EP118251
- DOI 10.14569/IJACSA.2016.071046
- Views 86
- Downloads 0
Decision Support System for Agriculture Industry using Crowd Sourced Predictive Analytics
It is really tough to manually examine the raw data. The Datamining strategies are used to detect the applicable information from uncooked data. The data mining algorithms are efficient for retrieving a specific pattern....
Multivariate Copula Modeling with Application in Software Project Management and Information Systems
This paper discusses application of copulas in software project management and information systems. Successful software projects depend on accurate estimation of software development schedule. In this research, three maj...
A Novel Framework for Drug Synergy Prediction using Differential Evolution based Multinomial Random Forest
An efficient prediction of drug synergy plays a significant role in the medical domain. Examination of different drug-drug interaction can be achieved by considering the drug synergy score. With an rapid increase in canc...
BHA-160: Constructional Design of Hash Function based on NP-hard Problem
Secure hash function is used to protect the integrity of the message transferred on the unsecured network. Changes on the bits of the sender’s message are recognized by the message digest produced by the hash function. H...
Spatial-Temporal Variations of Turbidity and Ocean Current Velocity of the Ariake Sea Area, Kyushu, Japan Through Regression Analysis with Remote Sensing Satellite Data
Regression analysis based method for turbidity and ocean current velocity estimation with remote sensing satellite data is proposed. Through regressive analysis with MODIS data and measured data of turbidity and ocean cu...