An efficient network intrusion detection
- Resource Type
- Authors
- Chia-Mei Chen; Ya-Lin Chen; Hsiao-Chung Lin
- Source
- Computer Communications. 33:477-484
- Subject
- Telnet
Computer Networks and Communications
Computer science
Anomaly-based intrusion detection system
business.industry
Network security
Network packet
computer.internet_protocol
ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS
Real-time computing
Intrusion detection system
Network traffic control
Packet switching
Embedded system
business
computer
Vulnerability (computing)
- Language
- ISSN
- 0140-3664
Exploit code based on system vulnerability is often used by attacker. Such exploit program often sends attack packets in the first few packets. A Lightweight Network Intrusion Detection system (LNID) is proposed for detecting such attacks on Telnet traffic. It characterizes normal traffic behavior and computes the anomaly score of a packet based on the deviation from the normal behavior. Instead of processing all traffic packets, an efficient filtering scheme proposed in the study can reduce system workload and only 0.3% of the original traffic volume is examined for anomaly. According to the performance comparisons with other network-based IDS, LNID is the most efficient on detection rate and workload reduction.