An Experimental Exploration of the Impact of Sensor-Level Packet Loss on Network Intrusion Detection
Abstract
In this report we consider the problem of sensor-level packet loss (SLPL) as it applies to network intrusion detection. We explore 2 research questions: 1) Is there sufficient regularity in SLPL to allow an algorithm to be developed to model it? and 2) Is the impact of SLPL on network intrusion detection performance sufficiently regular to allow a formula to be developed that will accurately predict the effect? We developed and validated the Pcapreplay program, which allowed us to characterize the manifestation of SLPL. We conducted experiments using Pcapreplay and Snort to explore the impact of SLPL. We graphed and analyzed this impact against our previous theoretical work. We conducted experiments using Pcapreplay and Snort to measure the impact on network intrusion detection. We graphed the alert loss rate against the packet loss rate. We compared these graphs to our previous theoretical work. We used nonlinear regression analysis to produce a formula with r-squared and reduced chi-squared values close enough to 1 for us to answer both of our research questions in the affirmative.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jul 01, 2015
- Accession Number
- ADA621880
Entities
People
- Robert J. Hammell Ii
- Sidney C. Smith
Organizations
- United States Army Research Laboratory