Skip to main content
SpringerLink
Log in

N3: A Geometrical Approach for Network Intrusion Detection at the Application Layer

  • Conference paper
Computational Science and Its Applications – ICCSA 2004 (ICCSA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3043))

Included in the following conference series:

Abstract

In this work, a novel approach for the purpose of anomaly-based network intrusion detection at the application layer is presented. The problem of identifying anomalous payloads is addressed by using a technique based on the modelling of short sequences of adjoining bytes in the requests destined to a given service. Upon this theoretical framework, we propose an algorithm that assigns an anomaly score to each service request on the basis of its similarity with a previously established model of normality. The introduced approach has been evaluated by considering datasets composed of HTTP and DNS traffic. Thus, a large amount of attacks related with such services has been gathered, and detailed experimental results concerning the detection capability of the proposed system are shown. The experiments demonstrate that our approach yields a very high detection rate with a low level of false alarms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 74.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Landwehr, C.E.: Computer Security. International Journal on Information Security 1(1), 3–13 (2001)

    MATH  Google Scholar 

  2. Project OASIS: Organically Assured and Survivable Information System, Available online at: http://www.tolerantsystems.org/

  3. Project MAFTIA: Malicious and Accidental Fault Tolerance for Internet Applications, Available online at: http://www.newcastle.research.ec.org/maftia/index.html

  4. McHugh, J.: Intrusion and Intrusion Detection. International Journal on Information Security 1(1), 14–35 (2001)

    MATH  Google Scholar 

  5. Kemmerer, R.A., Vigna, G.: Intrusion Detection: A Brief History and Overview. IEEE Computer 35(4), 27–30 (2002)

    Google Scholar 

  6. Allen, J., Christie, A., Fithen, W., McHugh, J., Pickel, J., and Stoner, E.: State of the Practice of Intrusion Detection Technologies. Technical Report CMU/SEI- 99-TR-028, Software Engineering Institute, Carnegie Mellon (January 2000)

    Google Scholar 

  7. Axelsson, S.: Intrusion Detection Systems: A Survey and Taxonomy. Technical Report 99-15, Department of Computer Engineering, Chalmers University of Technology, Goteborg

    Google Scholar 

  8. Krügel, C., Toth, T., Kirda, E.: Service Specific Anomaly Detection for Network Intrusion Detection. In: Proceedings of the 17th ACM Symposium on Applied Computing (SAC), Madrid (Spain), pp. 201–208 (2002)

    Google Scholar 

  9. Mahoney, M.V., Chan, P.K.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks. In: Proceedings of the 8th International Conference on Knowledge Discovery and Data Mining, pp. 376–385 (2002)

    Google Scholar 

  10. Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. Florida Institute of Technology Technical Report CS-2003-02 (2003)

    Google Scholar 

  11. Mahoney, M.V.: Network Traffic Anomaly Detection Based on Packet Bytes. In: Proceedings of the 18th ACM Symposium on Applied Computing (SAC), Melbourne, FL (USA), pp. 346–350 (2003)

    Google Scholar 

  12. Estevez-Tapiador, J.M., Garcia-Teodoro, P., Diaz-Verdejo, J.E.: Stochastic Protocol Modeling for Anomaly-Based Network Intrusion Detection. In: Proceedings of the 1st IEEE International Workshop on Information Assurance (IWIA 2003), Darmstadt (Germany), March 2003, pp. 3–12 (2003)

    Google Scholar 

  13. Gusfield, D.: Algorithms on Strings, Trees, and Sequences: Computer Science and Computational Biology. Cambridge University Press, Cambridge (1997) ISBN: 0521585198

    Google Scholar 

  14. Lippmann, R., Haines, J.W., Fried, D.J., Corba, J., Das, K.: The 1999 DARPA Off-line Intrusion Detection Evaluation. Computer Networks 34(4), 579–595 (2000)

    Article  Google Scholar 

  15. McHugh, J.: Testing Intrusion Detection Systems: A Critique to the 1998 and 1999 DARPA Intrusion Detection Evaluations as Performed by Lincoln Laboratory. ACM Transactions on Information and Systems Security 3(4), 262–294 (2000)

    Article  Google Scholar 

  16. arachNIDS: Advanced Reference Archive of Current Heuristics for Network Intrusion Detection Systems, Available online at: http://www.whitehats.com/ids

Download references

Author information

Authors and Affiliations

  1. Research Group on Signals, Telematics and Communications, Department of Electronics and Computer Technology, University of Granada,  

    Juan M. Estévez-Tapiador, Pedro García-Teodoro & Jesús E. Díaz-Verdejo

Authors
  1. Juan M. Estévez-Tapiador
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pedro García-Teodoro
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jesús E. Díaz-Verdejo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  5. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  6. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Estévez-Tapiador, J.M., García-Teodoro, P., Díaz-Verdejo, J.E. (2004). N3: A Geometrical Approach for Network Intrusion Detection at the Application Layer. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds) Computational Science and Its Applications – ICCSA 2004. ICCSA 2004. Lecture Notes in Computer Science, vol 3043. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24707-4_97

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24707-4_97

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22054-1

  • Online ISBN: 978-3-540-24707-4

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation