A flow based anomaly detection system using chi-square technique

Abstract

Various tools, which are capable to evade different security mechanisms like firewall, IDS and IPS, exist and that helps the intruders for sending malicious traffic to the network or system. So, inspection of malicious traffic and identification of anomalous activity is very much essential to stop future activity of intruders which can be a possible attack. In this paper we present a flow based system to detect anomalous activity by using IP flow characteristics with chi-square detection mechanism. This system provides solution to identify anomalous activities like scan and flood attack by means of automatic behavior analysis of the network traffic and also give detailed information of attacker, victim, type and time of the attack which can be used for corresponding defense. Anomaly Detection capability of the proposed system is compared with SNORT Intrusion detection system and results prove the very high detection rate of the system over SNORT for different scan and flood attack. The proposed system detects different stealth scan and malformed packets scan. Since the probability of using stealth scan in real attack is very high, this system can identify the real attacks in the initial stage itself and preventive action can be taken.