The Use of Packet Header Anomaly Detection in Lossy Network Traffic Compression for Network Intrusion Detection Applications

Abstract

This report describes efforts to employ a packet header anomaly detection algorithm to measure how unusual each packet is. A compression tool is written that compares this measure against a threshold, keeping only that traffic that is more unusual than the threshold. The Snort network intrusion detection tool is run against the data set to establish a baseline of alerts. It is then run against the compressed data set to discover how many alerts were lost or the alert loss rate. The threshold is lowered and the experiment repeated several times. The size of the data expressed as a percentage of the original size and the alert lost rate are plotted against these thresholds to show the threshold that provides the best compression with the acceptable alert loss.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2018
Accession Number
AD1063365

Entities

People

  • Robert Ii J. Hammell
  • Sidney C. Smith

Organizations

  • United States Army Research Laboratory

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Abstracts
  • Algorithms
  • Anomaly Detection
  • Change Detection
  • Compression
  • Computer Programs
  • Data Sets
  • Detection
  • Detectors
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Military Research
  • Packet Loss

Fields of Study

  • Computer science

Readers

  • Computational Modeling and Simulation
  • Computer Networking
  • Sensor Fusion and Tracking Systems.