Open Access   Article Go Back

Packet-based Anomaly Detection using n-gram Approach

Kajal Rai1 , M. Syamala Devi2 , Ajay Guleria3

  1. Department of Computer Science and Applications, Panjab University, Sec-14, Chandigarh, India.
  2. Department of Computer Science and Applications, Panjab University, Sec-14, Chandigarh, India.
  3. Computer Center, Panjab University, Sec-14, Chandigarh, India.

Section:Research Paper, Product Type: Journal Paper
Volume-6 , Issue-5 , Page no. 366-372, May-2018

CrossRef-DOI:   https://doi.org/10.26438/ijcse/v6i5.366372

Online published on May 31, 2018

Copyright © Kajal Rai, M. Syamala Devi , Ajay Guleria . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

View this paper at   Google Scholar | DPI Digital Library

XML View
PDF Download

How to Cite this Paper

  • IEEE Citation
  • MLA Citation
  • APA Citation
  • BibTex Citation
  • RIS Citation

IEEE Style Citation: Kajal Rai, M. Syamala Devi , Ajay Guleria, “Packet-based Anomaly Detection using n-gram Approach,” International Journal of Computer Sciences and Engineering, Vol.6, Issue.5, pp.366-372, 2018.

MLA Style Citation: Kajal Rai, M. Syamala Devi , Ajay Guleria "Packet-based Anomaly Detection using n-gram Approach." International Journal of Computer Sciences and Engineering 6.5 (2018): 366-372.

APA Style Citation: Kajal Rai, M. Syamala Devi , Ajay Guleria, (2018). Packet-based Anomaly Detection using n-gram Approach. International Journal of Computer Sciences and Engineering, 6(5), 366-372.

BibTex Style Citation:
@article{Rai_2018,
author = {Kajal Rai, M. Syamala Devi , Ajay Guleria},
title = {Packet-based Anomaly Detection using n-gram Approach},
journal = {International Journal of Computer Sciences and Engineering},
issue_date = {5 2018},
volume = {6},
Issue = {5},
month = {5},
year = {2018},
issn = {2347-2693},
pages = {366-372},
url = {https://www.ijcseonline.org/full_paper_view.php?paper_id=1987},
doi = {https://doi.org/10.26438/ijcse/v6i5.366372}
publisher = {IJCSE, Indore, INDIA},
}

RIS Style Citation:
TY - JOUR
DO = {https://doi.org/10.26438/ijcse/v6i5.366372}
UR - https://www.ijcseonline.org/full_paper_view.php?paper_id=1987
TI - Packet-based Anomaly Detection using n-gram Approach
T2 - International Journal of Computer Sciences and Engineering
AU - Kajal Rai, M. Syamala Devi , Ajay Guleria
PY - 2018
DA - 2018/05/31
PB - IJCSE, Indore, INDIA
SP - 366-372
IS - 5
VL - 6
SN - 2347-2693
ER -

VIEWS PDF XML
848 386 downloads 272 downloads
  
  
           

Abstract

Intrusion detection systems monitor computer system events to discover malicious activities in the network. There are two types of intrusion detection systems, namely, signature-based and anomaly-based. Anomaly detection can be either flow-based or packet-based. In the flow-based approach, the system looks at aggregated information of related packets in the form of flow. Packet-based detection system inspects the complete packet which consists of a header as well as payload data. In this paper, a packet-based improved anomaly detection technique is proposed. In the training module, the normal profiles of the network traffic are generated by modeling the payload of the network using n-gram approach by applying length-wise clustering of packets according to payload length. Length-wise clustering is done to reduce the number of models for normal profiles. Then the mean and standard deviation is calculated which are used in detection module. In detection module, the distance between normal profiles and newly arriving data in the network is computed using cosine similarity. The standard dataset DARPA’99 and the Panjab University collected data are used for testing the proposed technique. Anomaly detection of the proposed technique is done on port numbers 21, 23 and 80 and the results are compared with the various n-gram techniques and other techniques used in literature for payload anomaly detection. It is concluded that this improved technique can reduce space and provide better results on port 21 and port 23 than on port 80.

Key-Words / Index Term

Payload, anomaly detection, cosine similarity, n-gram, length-wise clustering

References

[1] N. M. Jacob, and M. Y. Wanjala, “A Review of Intrusion Detection Systems”, International Journal of Computer Science and Information Technology Research, Vol. 5, Issue 4, pp. 1-5, 2017.
[2] H. Alaidaros, M. Mahmuddin, and A. Mazari, “An Overview of Flow-based and Packet-based Intrusion Detection Performance in High Speed Networks”, Naif Arab University for Security Sciences, pp. 1–9, 2011.
[3] K. Wang, J.S. Stolfo, “Anomalous Payload-based Network Intrusion Detection”, International Workshop on Recent Advances in Intrusion Detection, Springer, Berlin, Heidelberg, Vol. 3224, pp. 203-222, 2004.
[4] S.A. Thorat, A. K. Khandelwal, B. Bruhadeshwar, and K. Kishore, “Payload Content based Network Anomaly Detection”, In the Proceedings of the 2008 International conference on the Applications of Digital Information and Web Technologies, IEEE, pp. 127-132, 2008.
[5] S. Staniford, J.A. Hoagland, J.M. McAlerney, “PracticalAutomated Detection of Stealthy Portscans”, Journal of Computer Security, Vol.10, pp. 105-136, 2002.
[6] C. Krugel, T. Toth, and E. Kirda, “Service Specific Anomaly Detection for Network Intrusion Detection”, In the Proceedings of the 2002 ACM symposium on Applied computing, pp. 201-208, 2002.
[7] L. Zhang, and G.B. White, “Anomaly Detection forApplication Level Network Attacks Using Payload Keywords”, In the Proceedings of IEEE Symposium on Computational Intelligence in Security and Defense Applications, CISDA, pp.178-185, 2007.
[8] R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee, “McPAD : A Multiple Classifier System for Accurate Payload-based Anomaly Detection,” Elsevier Science Journal of Computer. Networks, Vol. 5, Issue. 6, pp. 864–881, 2009.
[9] Z. Tan, A. Jamdagni, X. He, and P. Nanda, “Network Intrusion Detection based on LDA for Payload Feature Selection”, in Proc. of IEEE Globecom Workshops, pp. 1545–1549, 2010.
[10] M. Kakavand, N. Mustapha, A. Mustapha, and M.T.Abdulla, “Effective Dimensionality Reduction ofPayload- Based Anomaly Detection in TMAD Model for HTTP Payload”, Transactions on Internet and Information Systems, Vol. 10, Issue. 8, pp. 3884-3910,2016.
[11] G. Kim, S. Lee, and S. Kim, “A Novel Hybrid Intrusion Detection Method Integrating Anomaly Detection with Misuse Detection”, Expert Systems with Applications,Elsevier, Vol. 41, Issue 2, pp. 1690-1700, 2014.
[12] E. Eskin, “Anomaly Detection over Noisy Data UsingLearned Probability Distributions”, in Proceedings ofThe International Conference on Machine Learning, pp.255-262, Czech Republic, Aug 2000.
[13] K. Scarfone, and P. Mell, “Guide to Intrusion Detectionand Prevention Systems (IDPS)”, Technical report NISTSpecial Publication Vol. 800, Issue 94, Feb. 2007.
[14] P. Rutravigneshwaran, “A Study of Intrusion Detection System using Efficient Data Mining Techniques”, International Journal Science Research in Network Security and Communication, Vol. 5, Issue 6, pp.5-8, December 2017.
[15] M. Shivakumar, R. Subalakshmi , S. Shanthakumari and S.John Joseph, “Architecture for Network-Intrusion Detection and Response in open Networks using Analyzer Mobile Agents”, International Journal Science Research in Network Security and Communication, Vol. 1, Issue 4, pp. 1-7, Oct 2013.