Portal de Periódicos da CAPES

An efficient network intrusion detection

2009; Elsevier BV; Volume: 33; Issue: 4 Linguagem: Inglês

10.1016/j.comcom.2009.10.010

1873-703X

Chia-Mei Chen, Yalin Chen, Hsiao-Chung Lin,

Network Packet Processing and Optimization

Exploit code based on system vulnerability is often used by attacker. Such exploit program often sends attack packets in the first few packets. A Lightweight Network Intrusion Detection system (LNID) is proposed for detecting such attacks on Telnet traffic. It characterizes normal traffic behavior and computes the anomaly score of a packet based on the deviation from the normal behavior. Instead of processing all traffic packets, an efficient filtering scheme proposed in the study can reduce system workload and only 0.3% of the original traffic volume is examined for anomaly. According to the performance comparisons with other network-based IDS, LNID is the most efficient on detection rate and workload reduction.