Publication: Symptoms-Based Network Intrusion Detection System
No Thumbnail Available
Date
2021
Authors
Qassim Q.S.
Jamil N.
Mahdi M.N.
Journal Title
Journal ISSN
Volume Title
Publisher
Springer Science and Business Media Deutschland GmbH
Abstract
Protecting the network perimeters from malicious activities is a necessity and essential defence mechanism against cyberattacks. Network Intrusion Detection system (NIDS) is commonly used as a defense mechanism. This paper presents the Symptoms-based NIDS, a new intrusion detection system approach that learns the normal network behaviours through monitoring a range of network data attributes at the network and the transport layers. The proposed IDS consists of distributed anomaly detection agents and a centralised anomaly classification engine. The detection agents are located at the end nodes of the protected network, detecting anomalies by analysing network traffic and identifying abnormal activities. These agents will capture and analyse the network and the transport headers of individual packets for malicious activities. The agents will communicate with the centralised anomaly classification engine upon detecting a suspicious activity for attack prioritisation and classification. The paper presented a list of network attributes to be considered as classification features to identify anomalies. � 2021, Springer Nature Switzerland AG.
Description
Anomaly detection; Classification (of information); Computer crime; Engines; Intrusion detection; Network security; Anomaly; Centralised; Cyber-attacks; Defence mechanisms; Detection agents; Feature; Intrusion Detection Systems; Malicious activities; Network intrusion detection systems; Signature; Machine learning