Reinforcing network security by converting massive data flow to continuous connections for IDS

Maher Salem, Ulrich Bühler
{"title":"Reinforcing network security by converting massive data flow to continuous connections for IDS","authors":"Maher Salem, Ulrich Bühler","doi":"10.1109/ICITST.2013.6750267","DOIUrl":null,"url":null,"abstract":"Processing massive data flow in intrusion detection systems (IDS) become a serious challenge. It is considered as a major deficiency while handling heterogeneous and non-stationary data stream to uncover anomaly in the online operational mode. This paper proposes a novel online method that constructs connections from the massive data flow for evaluating IDS models. The proposed method overcomes this challenge by using a queuing concept of dynamic window size. It captures network traffic and hosts events constantly and handles them synchronously within time slot windows inside the queue in order to construct connection vectors based on certain features. We have evaluated the method in offline mode using DARPA dump data flow and in online mode using a simulated network at the university campus. In addition, we have evaluated our IDS model using the constructed connections to proof the feasibility and plausibility of the proposed method in IDS area. The performance evaluation confirms that, the proposed method is able to operate in offline as well online modes efficiently. Moreover, constructed connections are very adequate for training and evaluating IDS models.","PeriodicalId":246884,"journal":{"name":"8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITST.2013.6750267","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1

Abstract

Processing massive data flow in intrusion detection systems (IDS) become a serious challenge. It is considered as a major deficiency while handling heterogeneous and non-stationary data stream to uncover anomaly in the online operational mode. This paper proposes a novel online method that constructs connections from the massive data flow for evaluating IDS models. The proposed method overcomes this challenge by using a queuing concept of dynamic window size. It captures network traffic and hosts events constantly and handles them synchronously within time slot windows inside the queue in order to construct connection vectors based on certain features. We have evaluated the method in offline mode using DARPA dump data flow and in online mode using a simulated network at the university campus. In addition, we have evaluated our IDS model using the constructed connections to proof the feasibility and plausibility of the proposed method in IDS area. The performance evaluation confirms that, the proposed method is able to operate in offline as well online modes efficiently. Moreover, constructed connections are very adequate for training and evaluating IDS models.
通过将大量数据流转换为IDS的连续连接来增强网络安全性
处理海量数据流已成为入侵检测系统面临的一个严峻挑战。在处理异构和非平稳数据流时,发现在线操作模式下的异常被认为是一个主要缺陷。本文提出了一种新的在线方法,从海量数据流中构建连接来评估IDS模型。该方法通过使用动态窗口大小的排队概念克服了这一挑战。它不断捕获网络流量和承载事件,并在队列内的时隙窗口内同步处理它们,以便根据某些特征构造连接向量。我们在离线模式下使用DARPA转储数据流和在线模式下使用大学校园模拟网络对该方法进行了评估。此外,我们还利用构建的连接对IDS模型进行了评估,以证明所提出方法在IDS区域的可行性和合理性。性能评估结果表明,该方法能够有效地在离线和在线模式下运行。此外,构建的连接非常适合训练和评估IDS模型。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信