Sciweavers

ICDIM
2008
IEEE

NIDS based on payload word frequencies and anomaly of transitions

14 years 5 months ago
NIDS based on payload word frequencies and anomaly of transitions
This paper presents a novel payload analysis method. Consecutive bytes are separated by boundary symbols and defined as words. The frequencies of word appearance and word to word transitions are used to build a model of normal behavior. A simple anomaly score calculation is designed for fast attack detection. The method was tested using real traffic and recent attacks to demonstrate that it can be used in IDS. Tolerance to small number of attack in training data is shown.
Sasa Mrdovic, Branislava Perunicic
Added 30 May 2010
Updated 30 May 2010
Type Conference
Year 2008
Where ICDIM
Authors Sasa Mrdovic, Branislava Perunicic
Comments (0)