Authors:
Paulo Paulo
;
António Nogueira
;
Ulisses França
and
Rui Valadas
Affiliation:
University of Aveiro, Instituto de Telecomunicações, Portugal
Keyword(s):
Intrusion Detection System, Firewalls, Port Matching, Protocol Analysis, Syntatic and Semantic Analysis, Traffic Signature, Traffic Pattern, Neural Networks.
Related
Ontology
Subjects/Areas/Topics:
Information and Systems Security
;
Information Assurance
;
Intrusion Detection & Prevention
;
Management of Computing Security
;
Security Engineering
;
Security in Information Systems
;
Security Metrics and Measurement
Abstract:
The detection of compromised hosts is currently performed at the network and host levels but any one of these options presents important security flaws: at the host level, antivirus, anti-spyware and personal firewalls are ineffective in the detection of hosts that are compromised via new or target-specific malicious software while at the network level network firewalls and Intrusion Detection Systems were developed to protect the network from external attacks but they were not designed to detect and protect against vulnerabilities that are already present inside the local area network. This paper presents a new approach for the identification of illicit traffic that tries to overcome some of the limitations of existing approaches, while being computationally efficient and easy to deploy. The approach is based on neural networks and is able to detect illicit traffic based on the historical traffic profiles presented by ”licit” and ”illicit” network applications. The evaluation of the
proposed methodology relies on traffic traces obtained in a controlled environment and composed by licit traffic measured from normal activity of network applications and malicious traffic synthetically generated using the SubSeven backdoor. The results obtained show that the proposed methodology is able to achieve good identification results, being at the same time computationally efficient and easy to implement in real network scenarios.
(More)