Skip to main content
SpringerLink
Log in

Normal Profile Updating Method for Enhanced Packet Header Anomaly Detection

  • Conference paper
  • First Online:
Book cover Emerging Trends in Intelligent Computing and Informatics (IRICT 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1073))

Abstract

There is a significant need for various Intrusion Detection Systems (IDS) methods for packet behavior anomaly detection, due to the consistent exposure of packets to frequent intrusion threats. Thus, Packet Header Anomaly Detection (PHAD) considered as one of many significant approaches that is used for detecting threats on network packet. However, this approach still suffers from high generation of false alarm rate. This paper investigates a Normal Profile Updating Method (NPUM) for enhancing the PHAD based IDS model. This method updates normal profile of anomaly IDS using further processing of both the normal and abnormal data identified by anomaly detector. Simulation experiments and DARPA intrusion detection evaluation data sets are used for testing the proposed method. Results show that the proposed method can reduce the false positive alarms and improve the performance in terms of accuracy of detection. The major contributions of this research include the design of an enhanced PHAD-based IDS. This would contribute toward the enhanced IDSs to strengthen network security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials 18(2), 1153–1176 (2016)

    Article  Google Scholar 

  2. Mahoney, M.V.: Network traffic anomaly detection based on packet bytes. In: Proceedings of the 2003 ACM Symposium on Applied Computing, pp. 346–350. ACM (2003)

    Google Scholar 

  3. Mahoney, M.V., Chan, P.K.: PHAD: packet header anomaly detection for identifying hostile network traffic (2001)

    Google Scholar 

  4. Aydın, M.A., Zaim, A.H., Ceylan, K.G.: A hybrid intrusion detection system design for computer network security. Comput. Electr. Eng. 35(3), 517–526 (2009)

    Article  Google Scholar 

  5. Garg, A., Maheshwari, P.: PHAD: packet header anomaly detection. In: 2016 10th International Conference on Intelligent Systems and Control (ISCO), pp. 1–5. IEEE (2016)

    Google Scholar 

  6. Deka, R.K., Kalita, K.P., Bhattacharya, D.K., Kalita, J.K.: Network defense: approaches, methods and techniques. J. Netw. Comput. Appl. 57, 71–84 (2015)

    Article  Google Scholar 

  7. Al-Safwani, N., Fazea, Y., Ibrahim, H.: ISCP: In-depth model for selecting critical security controls. Comput. Secur. 77, 565–577 (2018)

    Article  Google Scholar 

  8. Elbasiony, R.M., Sallam, E.A., Eltobely, T.E., Fahmy, M.M.: A hybrid network intrusion detection framework based on random forests and weighted k-means. Ain Shams Eng. J. 4(4), 753–762 (2013)

    Article  Google Scholar 

  9. Lee, K.-C., Chang, J., Chen, M.-S.: PAID: packet analysis for anomaly intrusion detection. In: Washio, T., Suzuki, E., Ting, K.M., Inokuchi, A. (eds.) PAKDD 2008. LNCS (LNAI), vol. 5012, pp. 626–633. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68125-0_58

  10. Shamsuddin, S.B., Woodward, M.E.: Modeling protocol-based packet header anomaly detector for network and host intrusion detection systems. In: Bao, F., Ling, S., Okamoto, T., Wang, H., Xing, C. (eds.) CANS 2007. LNCS, vol. 4856, pp. 209–227. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76969-9_14

  11. Yassin, W., Udzir, N.I., Abdullah, A., Abdullah, M.T., Muda, Z., Zulzalil, H.: Packet header anomaly detection using statistical analysis. In: de la Puerta, J.G., et al. (eds.) International Joint Conference SOCO 2014-CISIS 2014-ICEUTE 2014. AISC, vol. 299, pp. 473–482. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-07995-0_47

  12. Kamarudin, M.H., Maple, C., Watson, T., Sohrabi, S.N.: A new unified intrusion anomaly detection in identifying unseen web attacks. Secur. Commun. Netw. 2017(2539034), 1–18 (2017)

    Article  Google Scholar 

  13. Cao, X., Chen, B., Li, H., Fu, Y.: Packet header anomaly detection using Bayesian topic models (2016). http://eprint.iacr.org/2016/040.pdf

  14. Mahboubian, M., Udzir, N.I.: A naturally inspired statistical intrusion detection model. Int. J. Comput. Theor. Eng. 5(3), 578 (2013)

    Article  Google Scholar 

  15. Kamarudin, M.H., Maple, C., Watson, T., Sohrabi S.N.: Packet header intrusion detection with binary logistic regression approach in detecting R2L and U2R attacks. In: 2015 4th International Conference on Cyber Security, Cyber Warfare, and Digital Forensic, pp. 101–106 (2015)

    Google Scholar 

  16. Massachusetts Institute of Technology: DARPA intrusion detection scenario specific datasets. Lincoln Laboratory (1999). https://www.ll.mit.edu/ideval/data/1999data.html

  17. Alsharafi, W.M., Omar, M.N.: A detector generating algorithm for intrusion detection inspired by AIS. ARPN J. Eng. Appl. Sci. 10(2) (2015). ISSN-1819-6608

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. InterNetworks Research Laboratory, School of Computing, Universiti Utara Malaysia UUM, 06010, Sintok, Malaysia

    Walid Mohamed Alsharafi, Mohd Nizam Omar & Yousef Fazea

  2. Department of Computer Science and Information Technology, Faculty of Science, Ibb University, Ibb, Yemen

    Walid Mohamed Alsharafi & Nashwan Ahmed Al-Majmar

Authors
  1. Walid Mohamed Alsharafi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohd Nizam Omar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nashwan Ahmed Al-Majmar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yousef Fazea
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohd Nizam Omar .

Editor information

Editors and Affiliations

  1. College of Computer Science and Engineering, Taibah University, Medina, Saudi Arabia

    Faisal Saeed

  2. School of Computing, Universiti Utara Malaysia (UUM), Sintok, Kedah Darul Aman, Malaysia

    Fathey Mohammed

  3. Management of Information Systems Department College of Business Administration, Taibah University, Yanbu, Saudi Arabia

    Nadhmi Gazem

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alsharafi, W.M., Omar, M.N., Al-Majmar, N.A., Fazea, Y. (2020). Normal Profile Updating Method for Enhanced Packet Header Anomaly Detection. In: Saeed, F., Mohammed, F., Gazem, N. (eds) Emerging Trends in Intelligent Computing and Informatics. IRICT 2019. Advances in Intelligent Systems and Computing, vol 1073. Springer, Cham. https://doi.org/10.1007/978-3-030-33582-3_69

Download citation

Publish with us

Policies and ethics

Search

Navigation