Abstract
Intrusion Detection System (IDS) is an important component in a network security infrastructure. IDS need to be accurate and reliable in order to detect the intrusive behaviour of a packet that travelling through the network. With the current technological advancement attack on network infrastructure has evolve to a new level and to make IDS sensitive enough to detect the new attack, the detection framework need to be frequently updated. Both the fast attack and slow attack mechanism has become the subset of phases inside the anatomy of attack. Each of the attack mechanism has their own criteria and fast attack is the important type of attack that need to be considered as any late detection of the fast attack can cause a major bad impact to the organization. Therefore, there is a need to identify a suitable technique to detect the fast attack and based on this, this paper introduce a static threshold using statistical and observation technique for detecting the fast attack intrusion that is within one second time interval. The Threshold selected was based on the real network traffic dataset and verified using classification table on real network traffic.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
McHugh, J., Christie, A., Allen, J.: Defending Yourself: he Role of Intrusion Detection System. In: Proceeding of IEEE, Software (2000)
Niser (2008), http://www.niser.gov.my
Microsoft, Ruth, A., Hudson, K.: Security + Certification: CompTIA Exam SYO-101. Microsoft Press, USA (2003)
Module for CEH (2009)
Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: SIAM International Conference on Data Mining (2003)
Faizal, M.A., Asrul, H.Y., Shahrin, S.: An Earlier Detection Framework for Network Intrusion Detection System. In: Proceeding of the Second International Conference on Advances in Information Technology, Bangkok, November 1-2 (2007)
Abdollah, M.F., Yaacob, A.H., Sahib, S.: Improved Fast Attack Detection Model for Network Intrusion Detection. In: Proceeding of International Conference on Engineering and ICT, UTeM (2007)
Lee, W.: A Data Mining Framework for Constructing Feature and Model for Intrusion Detection System. PhD thesis University of Columbia (1999)
Zhang, D., Leckie, C.: An Evaluation Technique for Network Intrusion Detection Systems. In: Proceeding of the First International Conference on Scalable Information Systems, Hong-Kong (June 2006)
Bro (2009), http://www.bro-ids.org
Snort (2009), http://www.snort.org
Allen, J., Christie, A., Fithen, W., Mc Hugh, J., Pickel, J., Stoner, E.: State of the Practice on Intrusion Detection Technologies. Technical Report on Networked Systems Survivability Program. University of Carnegie Mellon, Pittsburgh, USA (2000)
Levitt, K.: Intrusion Detection: Current Capabilities and Future Directions. In: Proceeding of the 18th Annual Computer Security Applications Conference. IEEE (2002)
Wang, Y., Huang, G.X., Peng, D.G.: Model of Network Intrusion Detection System Based on BP Algorithm. In: Proceeding of IEEE Conference on Industrial Electronics and Applications. IEEE (2006)
Tandon, G., Chan, P.K.: Weighting versus Pruning in Rule Validation for Detecting Network and Host Anomalies. In: Proceeding of KDD 2007 Conference. ACM, USA (2007)
Idika, N., Mathur, P.A.: A Survey of Malware Detection Technique. In: Proceeding of Software Engineering Research Center Conference, SERC-TR286 (2007)
Hussain, A., Heidermann, J., Papadopoulos, C.: A Framework for Classifying Denial of Service Attacks. In: Proceeding of 2003 ACM SIGCOMM, Germany (2003)
Kanlayasiri, U., Sanguanpong, S., Jaratmanachot, W.: A Rule Based Approach for Port Scanning. In: Proceeding of Electrical Engineering Conference, Thailand (2000)
KDDCUP99 dataset (2009), http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
Gates, C., Damon, B. (Cpt.): Host Anomalies from Network Data. In: Proceeding from the Sixth Annual IEEE SMC (2005)
Darpa99 (2009), http://www.ll.mit.edu/
Field, A.: Discovering Statistic Using SPSS, 2nd edn. Sage Publication, London (2005), Schuyler W.Huck
Hosmer, D.W., Stanley, L.: Applied Logistic Regression, 2nd edn. John Wiley and Son Inc., USA (2000)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abdollah, F.M., Mas’ud, M.Z., Sahib, S., Yaacob, A.H., Yusof, R., Selamat, S.R. (2012). Host Based Detection Approach Using Time Based Module for Fast Attack Detection Behavior. In: Gaol, F. (eds) Recent Progress in Data Engineering and Internet Technology. Lecture Notes in Electrical Engineering, vol 157. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28798-5_23
Download citation
DOI: https://doi.org/10.1007/978-3-642-28798-5_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28797-8
Online ISBN: 978-3-642-28798-5
eBook Packages: EngineeringEngineering (R0)