Enhanced fast attack detection technique for network intrusion detection system

Enhanced fast attack detection technique for network intrusion detection system

In the last decade, the network has grown both in size and importance. In particular TCP/IP network and most notably the world wide Internet have become the main infrastructure to exchange data and carry out transaction. They have also become the main mean to attack host. The popularity of intrusion...

Full description

Saved in:
Bibliographic Details
Main Author: Abdollah, Mohd Faizal
Format: Thesis
Language:English
English
Published: 2009
Subjects:
T Technology (General)
Online Access:http://eprints.utem.edu.my/id/eprint/14764/1/Enhanced%20fast%20attack%20detection%20technique%20for%20network%20intrusion%20detection%20system100_2.pdf
http://eprints.utem.edu.my/id/eprint/14764/2/Enhanced%20fast%20attack%20detection%20technique%20for%20network%20intrusion%20detection%20system.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-utem-ep.14764
record_format uketd_dc
spelling my-utem-ep.147642022-11-11T11:00:44Z Enhanced fast attack detection technique for network intrusion detection system 2009 Abdollah, Mohd Faizal T Technology (General) TK Electrical engineering. Electronics Nuclear engineering In the last decade, the network has grown both in size and importance. In particular TCP/IP network and most notably the world wide Internet have become the main infrastructure to exchange data and carry out transaction. They have also become the main mean to attack host. The popularity of intrusion tools and script are the main contribution of the attack inside the network. Gathering valuable information from vulnerable machine such as IP address and vulnerable application is the first step for the attackers to launch an attack to the vulnerable machine. There are numerous techniques to get this information such as sweeping, scanning, probing and so on. These information gathering techniques can be divided into two categories which are Fast Attack and Slow Attack. Fast attack can be defined as an attack that uses a large amount of packets or connections within a short period in few seconds. Meanwhile the Slow Attack can be defined as an attack which takes much longer time in the sense of few minutes to few hours to complete. In order to detect these attacks, introducing intrusion detection system (IDS) inside the network is necessary. An IDS has the capability to analyze the network traffic and recognize incoming and ongoing intrusion. IDS has several weaknesses which need to be tackled to improve the accuracy of detection. The current weakness is on selecting the suitable threshold for detecting the intrusion activity. Selecting too high of value may generate excessive false alarm while too low may miss the malicious activity. Hence, this research introduces a new technique in selecting a suitable threshold for detecting the intrusion activity especially for Fast Attack. The threshold selected in this research has been analyzed, examined, tested and proven that it is able to increase the accuracy of detection to 99.5% using statistical approach and decrease the speed of detection. Besides introducing a new technique to identify and select the threshold, this research also revealed the feature influence and reason behind the selection of the feature. Selecting unnecessary features may cause computational issues and decrease the accuracy of detection. Furthermore, current research more concentrates more on technique of detection rather than feature selection. Most research uses the features without highlighting the influence of the feature inside the system itself. Thus this research will reveal the influence of the features in predicting the result of the detection. The results show that the selection of features and the threshold selected using the new technique has a strong potential to detect the fast attack and significantly reduce the false alarm generated by the intrusion detection system. 2009 Thesis http://eprints.utem.edu.my/id/eprint/14764/ http://eprints.utem.edu.my/id/eprint/14764/1/Enhanced%20fast%20attack%20detection%20technique%20for%20network%20intrusion%20detection%20system100_2.pdf text en public http://eprints.utem.edu.my/id/eprint/14764/2/Enhanced%20fast%20attack%20detection%20technique%20for%20network%20intrusion%20detection%20system.pdf text en validuser https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=51546&query_desc=kw%2Cwrdl%3A%200000064192 phd doctoral Universiti Teknikal Malaysia Melaka Faculty of Information and Communication Technology Sahib, Shahrin Mohammad, Ismail Herman, Nanna Suryana
institution Universiti Teknikal Malaysia Melaka
collection UTeM Repository
language English
English
advisor Sahib, Shahrin
Mohammad, Ismail
Herman, Nanna Suryana
topic T Technology (General)
T Technology (General)
spellingShingle T Technology (General)
T Technology (General)
Abdollah, Mohd Faizal
Enhanced fast attack detection technique for network intrusion detection system
description In the last decade, the network has grown both in size and importance. In particular TCP/IP network and most notably the world wide Internet have become the main infrastructure to exchange data and carry out transaction. They have also become the main mean to attack host. The popularity of intrusion tools and script are the main contribution of the attack inside the network. Gathering valuable information from vulnerable machine such as IP address and vulnerable application is the first step for the attackers to launch an attack to the vulnerable machine. There are numerous techniques to get this information such as sweeping, scanning, probing and so on. These information gathering techniques can be divided into two categories which are Fast Attack and Slow Attack. Fast attack can be defined as an attack that uses a large amount of packets or connections within a short period in few seconds. Meanwhile the Slow Attack can be defined as an attack which takes much longer time in the sense of few minutes to few hours to complete. In order to detect these attacks, introducing intrusion detection system (IDS) inside the network is necessary. An IDS has the capability to analyze the network traffic and recognize incoming and ongoing intrusion. IDS has several weaknesses which need to be tackled to improve the accuracy of detection. The current weakness is on selecting the suitable threshold for detecting the intrusion activity. Selecting too high of value may generate excessive false alarm while too low may miss the malicious activity. Hence, this research introduces a new technique in selecting a suitable threshold for detecting the intrusion activity especially for Fast Attack. The threshold selected in this research has been analyzed, examined, tested and proven that it is able to increase the accuracy of detection to 99.5% using statistical approach and decrease the speed of detection. Besides introducing a new technique to identify and select the threshold, this research also revealed the feature influence and reason behind the selection of the feature. Selecting unnecessary features may cause computational issues and decrease the accuracy of detection. Furthermore, current research more concentrates more on technique of detection rather than feature selection. Most research uses the features without highlighting the influence of the feature inside the system itself. Thus this research will reveal the influence of the features in predicting the result of the detection. The results show that the selection of features and the threshold selected using the new technique has a strong potential to detect the fast attack and significantly reduce the false alarm generated by the intrusion detection system.
format Thesis
qualification_name Doctor of Philosophy (PhD.)
qualification_level Doctorate
author Abdollah, Mohd Faizal
author_facet Abdollah, Mohd Faizal
author_sort Abdollah, Mohd Faizal
title Enhanced fast attack detection technique for network intrusion detection system
title_short Enhanced fast attack detection technique for network intrusion detection system
title_full Enhanced fast attack detection technique for network intrusion detection system
title_fullStr Enhanced fast attack detection technique for network intrusion detection system
title_full_unstemmed Enhanced fast attack detection technique for network intrusion detection system
title_sort enhanced fast attack detection technique for network intrusion detection system
granting_institution Universiti Teknikal Malaysia Melaka
granting_department Faculty of Information and Communication Technology
publishDate 2009
url http://eprints.utem.edu.my/id/eprint/14764/1/Enhanced%20fast%20attack%20detection%20technique%20for%20network%20intrusion%20detection%20system100_2.pdf
http://eprints.utem.edu.my/id/eprint/14764/2/Enhanced%20fast%20attack%20detection%20technique%20for%20network%20intrusion%20detection%20system.pdf
_version_ 1776103083687804928

Similar Items