Skip to main content
SpringerLink
Log in

Host Based Detection Approach Using Time Based Module for Fast Attack Detection Behavior

  • Conference paper
Recent Progress in Data Engineering and Internet Technology

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 157))

Abstract

Intrusion Detection System (IDS) is an important component in a network security infrastructure. IDS need to be accurate and reliable in order to detect the intrusive behaviour of a packet that travelling through the network. With the current technological advancement attack on network infrastructure has evolve to a new level and to make IDS sensitive enough to detect the new attack, the detection framework need to be frequently updated. Both the fast attack and slow attack mechanism has become the subset of phases inside the anatomy of attack. Each of the attack mechanism has their own criteria and fast attack is the important type of attack that need to be considered as any late detection of the fast attack can cause a major bad impact to the organization. Therefore, there is a need to identify a suitable technique to detect the fast attack and based on this, this paper introduce a static threshold using statistical and observation technique for detecting the fast attack intrusion that is within one second time interval. The Threshold selected was based on the real network traffic dataset and verified using classification table on real network traffic.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. McHugh, J., Christie, A., Allen, J.: Defending Yourself: he Role of Intrusion Detection System. In: Proceeding of IEEE, Software (2000)

    Google Scholar 

  2. Niser (2008), http://www.niser.gov.my

  3. Microsoft, Ruth, A., Hudson, K.: Security + Certification: CompTIA Exam SYO-101. Microsoft Press, USA (2003)

    Google Scholar 

  4. Module for CEH (2009)

    Google Scholar 

  5. Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: SIAM International Conference on Data Mining (2003)

    Google Scholar 

  6. Faizal, M.A., Asrul, H.Y., Shahrin, S.: An Earlier Detection Framework for Network Intrusion Detection System. In: Proceeding of the Second International Conference on Advances in Information Technology, Bangkok, November 1-2 (2007)

    Google Scholar 

  7. Abdollah, M.F., Yaacob, A.H., Sahib, S.: Improved Fast Attack Detection Model for Network Intrusion Detection. In: Proceeding of International Conference on Engineering and ICT, UTeM (2007)

    Google Scholar 

  8. Lee, W.: A Data Mining Framework for Constructing Feature and Model for Intrusion Detection System. PhD thesis University of Columbia (1999)

    Google Scholar 

  9. Zhang, D., Leckie, C.: An Evaluation Technique for Network Intrusion Detection Systems. In: Proceeding of the First International Conference on Scalable Information Systems, Hong-Kong (June 2006)

    Google Scholar 

  10. Bro (2009), http://www.bro-ids.org

  11. Snort (2009), http://www.snort.org

  12. Allen, J., Christie, A., Fithen, W., Mc Hugh, J., Pickel, J., Stoner, E.: State of the Practice on Intrusion Detection Technologies. Technical Report on Networked Systems Survivability Program. University of Carnegie Mellon, Pittsburgh, USA (2000)

    Google Scholar 

  13. Levitt, K.: Intrusion Detection: Current Capabilities and Future Directions. In: Proceeding of the 18th Annual Computer Security Applications Conference. IEEE (2002)

    Google Scholar 

  14. Wang, Y., Huang, G.X., Peng, D.G.: Model of Network Intrusion Detection System Based on BP Algorithm. In: Proceeding of IEEE Conference on Industrial Electronics and Applications. IEEE (2006)

    Google Scholar 

  15. Tandon, G., Chan, P.K.: Weighting versus Pruning in Rule Validation for Detecting Network and Host Anomalies. In: Proceeding of KDD 2007 Conference. ACM, USA (2007)

    Google Scholar 

  16. Idika, N., Mathur, P.A.: A Survey of Malware Detection Technique. In: Proceeding of Software Engineering Research Center Conference, SERC-TR286 (2007)

    Google Scholar 

  17. Hussain, A., Heidermann, J., Papadopoulos, C.: A Framework for Classifying Denial of Service Attacks. In: Proceeding of 2003 ACM SIGCOMM, Germany (2003)

    Google Scholar 

  18. Kanlayasiri, U., Sanguanpong, S., Jaratmanachot, W.: A Rule Based Approach for Port Scanning. In: Proceeding of Electrical Engineering Conference, Thailand (2000)

    Google Scholar 

  19. KDDCUP99 dataset (2009), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

  20. Gates, C., Damon, B. (Cpt.): Host Anomalies from Network Data. In: Proceeding from the Sixth Annual IEEE SMC (2005)

    Google Scholar 

  21. Darpa99 (2009), http://www.ll.mit.edu/

  22. Field, A.: Discovering Statistic Using SPSS, 2nd edn. Sage Publication, London (2005), Schuyler W.Huck

    Google Scholar 

  23. Hosmer, D.W., Stanley, L.: Applied Logistic Regression, 2nd edn. John Wiley and Son Inc., USA (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Information and Communication Technology, Univeristi Teknikal Malaysia, Hang Tuah Jaya, 76100, Durian Tunggal, Melaka, Malaysia

    Faizal Mohd Abdollah, Mohd Zaki Mas’ud, Shahrin Sahib, Asrul Hadi Yaacob, Robiah Yusof & Siti Rahayu Selamat

Authors
  1. Faizal Mohd Abdollah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohd Zaki Mas’ud
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shahrin Sahib
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Asrul Hadi Yaacob
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Robiah Yusof
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Siti Rahayu Selamat
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Faizal Mohd Abdollah .

Editor information

Editors and Affiliations

  1. Bina Nusantara University, Jakarta, 11480, Indonesia

    Ford Lumban Gaol

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abdollah, F.M., Mas’ud, M.Z., Sahib, S., Yaacob, A.H., Yusof, R., Selamat, S.R. (2012). Host Based Detection Approach Using Time Based Module for Fast Attack Detection Behavior. In: Gaol, F. (eds) Recent Progress in Data Engineering and Internet Technology. Lecture Notes in Electrical Engineering, vol 157. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28798-5_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28798-5_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28797-8

  • Online ISBN: 978-3-642-28798-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation