DETECTION OF ILLICIT TRAFFIC USING NEURAL NETWORKS

Paulo Paulo, António Nogueira, Ulisses França, Rui Valadas

2008

Abstract

The detection of compromised hosts is currently performed at the network and host levels but any one of these options presents important security flaws: at the host level, antivirus, anti-spyware and personal firewalls are ineffective in the detection of hosts that are compromised via new or target-specific malicious software while at the network level network firewalls and Intrusion Detection Systems were developed to protect the network from external attacks but they were not designed to detect and protect against vulnerabilities that are already present inside the local area network. This paper presents a new approach for the identification of illicit traffic that tries to overcome some of the limitations of existing approaches, while being computationally efficient and easy to deploy. The approach is based on neural networks and is able to detect illicit traffic based on the historical traffic profiles presented by ”licit” and ”illicit” network applications. The evaluation of the proposed methodology relies on traffic traces obtained in a controlled environment and composed by licit traffic measured from normal activity of network applications and malicious traffic synthetically generated using the SubSeven backdoor. The results obtained show that the proposed methodology is able to achieve good identification results, being at the same time computationally efficient and easy to implement in real network scenarios.

References

  1. Chen, P.-T. and Laih, C.-S. (2008). IDSIC: an intrusion detection system with identification capability. International Journal of Information Security, 7(3):185-197.
  2. Debar, H., Becker, M., and Siboni, D. (4-6 May 1992). A neural network component for an intrusion detection system. Research in Security and Privacy, 1992. Proceedings., 1992 IEEE Computer Society Symposium on, pages 240-250.
  3. Demuth, H. and Beale, M. (1998). Neural Network Toolbox Users Guide. The MathWorks, Inc.
  4. Denning, D. (1987). An intrusion-detection model. IEEE Transactions on Software Engineering, 13(2):222- 232.
  5. Ilgun, K., Kemmerer, R., and Porras, P. (1995). State Transition Analysis - A Rule-Based Intrusion Detection Approach. IEEE Transactions on Software Engineering, 21(3):181-199.
  6. Jiang, W., Song, H., and Dai, Y. (2005). Real-time intrusion detection for high-speed networks. Computers & Security, 24(4):287-294.
  7. Madsen, K., Nielsen, H., and Tingleff, O. (2004). Methods for Non-Linear Least Squares Problems. Technical University of Denmark, 2nd edition.
Download


Paper Citation


in Harvard Style

Paulo P., Nogueira A., França U. and Valadas R. (2008). DETECTION OF ILLICIT TRAFFIC USING NEURAL NETWORKS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 5-12. DOI: 10.5220/0001920800050012


in Bibtex Style

@conference{secrypt08,
author={Paulo Paulo and António Nogueira and Ulisses França and Rui Valadas},
title={DETECTION OF ILLICIT TRAFFIC USING NEURAL NETWORKS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},
year={2008},
pages={5-12},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001920800050012},
isbn={978-989-8111-59-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
TI - DETECTION OF ILLICIT TRAFFIC USING NEURAL NETWORKS
SN - 978-989-8111-59-3
AU - Paulo P.
AU - Nogueira A.
AU - França U.
AU - Valadas R.
PY - 2008
SP - 5
EP - 12
DO - 10.5220/0001920800050012