An Experimental Exploration of the Impact of Network-Level Packet Loss on Network Intrusion Detection

Abstract

In this report we consider the problem of network-level packet loss (NLPL) as it applies to network intrusion detection (NID). We explore 2 research questions: 1) Is there sufficient regularity in NLPL to allow an algorithm to be developed to model it? and 2) Is the impact of network-level packet loss on NID performance sufficiently regular to allow a formula to be developed which will accurately predict the effect? We constructed an experimental environment that mimics the typical placement of an NID sensor. We conducted experiments using MGEN, Pcapreplay, and Snort to explore the impact of NLPL. We discovered that we were unable to produce enough NLPL to characterize its manifestation or analyze its impact on NID.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 01, 2015
Accession Number
ADA623474

Entities

People

  • Carlos J. Mateo
  • Kin W. Wong
  • Robert J. Hammell Ii
  • Sidney C. Smith

Organizations

  • United States Army Research Laboratory

Tags

Communities of Interest

  • Cyber
  • Materials and Manufacturing Processes

DTIC Thesaurus Topics

  • Computer Communications
  • Computer Network Security
  • Computer Networks
  • Detection
  • Detectors
  • Environment
  • Intrusion
  • Intrusion Detection
  • Intrusion Detectors
  • Local Area Networks
  • Military Research
  • Networks
  • Packet Loss
  • Security
  • United States

Fields of Study

  • Computer science

Readers

  • Canadian European Scientific Immigration and Epilepsy Clearance Studies
  • Computer Networking
  • Sensor Fusion and Tracking Systems.