Towards Multi-Stage Intrusion Detection using IP Flow Records
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2016, Vol 7, Issue 10
Abstract
Traditional network-based intrusion detection sys-tems using deep packet inspection are not feasible for modern high-speed networks due to slow processing and inability to read encrypted packet content. As an alternative to packet-based intrusion detection, researchers have focused on flow-based intrusion detection techniques. Flow-based intrusion detection systems analyze IP flow records for attack detection. IP flow records contain summarized traffic information. However, flow data is very large in high-speed networks and cannot be processed in real-time by the intrusion detection system. In this paper, an efficient multi-stage model for intrusion detection using IP flows records is proposed. The first stage in the model classifies the traffic as normal or malicious. The malicious flows are further analyzed by a second stage. The second stage associates an attack type with malicious IP flows. The proposed multi-stage model is efficient because the majority of IP flows are discarded in the first stage and only malicious flows are examined in detail. We also describe the implementation of our model using machine learning techniques.
Authors and Affiliations
Muhammad Umer, Imran Khan
Keywords
Related Articles
- EP ID EP118251
- DOI 10.14569/IJACSA.2016.071046
- Views 110
- Downloads 0
Resolution Method in Linguistic Propositional Logic
In the present paper, the resolution method for a linguistic propositional logic with truth value in a logical algebra - refined hedge algebra, is focused. The preliminaries of refined hedge algebra are given first. Then...
Extended Fuzzy Analytical Hierarchy Process Approach in Determinants of Employees’ Competencies in the Fourth Industrial Revolution
This paper explored the education factors and ranked their impacts on the employees’ competencies development in Vietnam. Factors contributing to the employees’ competencies in the Vietnamese context are proposed based o...
An Adaptive Learning Mechanism for Selection of Increasingly More Complex Systems
Recently it has been demonstrated that causal entropic forces can lead to the emergence of complex phenomena associated with human cognitive niche such as tool use and social cooperation. Here I show that even more funda...
Web Security: Detection of Cross Site Scripting in PHP Web Application using Genetic Algorithm
Cross site scripting (XSS) is one of the major threats to the web application security, where the research is still underway for an effective and useful way to analyse the source code of web application and removes this...
Constraints in the IoT: The World in 2020 and Beyond
The Internet of Things (IoT), often referred as the future Internet; is a collection of interconnected devices integrated into the world-wide network that covers almost everything and could be available anywhere. IoT is...