Cross layer anomaly based intrusion detection system

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations

Abstract

Since the start of the 21st century, computer networks have been through an exponential growth in terms of the network capacity, the number of the users and the type of tasks that are performed over the network. With the resent boom of mobile devices (e.g., Tablet computers, smart phones, smart devices, and wearable computing), the number of network users is bound to increase exponentially. But, most of the communications protocols, that span over the 7 layers of the OSI model, were designed in the late 1980's or 90's. Although most of these protocols have had subsequent updates over time, most of these protocols still remain largely unsecure and open to attacks. Hence it is critically important to secure these protocols across the 7 layers of the OSI model. As a part of my PhD research, I am working on a cross layer anomaly behavior detection system for various protocols. This system will be comprised of intrusion detection systems (IDS) for each of the protocols that are present in each layer. The behavior analysis of each protocol will be carried out in two phases. In the first phase (training), the features that accurately characterize the normal operations of the protocol are identified using data mining and statistical techniques and then use them to build a runtime model of protocol normal operations. In addition, some known attacks against the studied protocol are also studied to develop a partial attack model for the protocol. The anomaly behavior analysis modules of each layer are then fused to generate a highly accurate detection system with low false alarms. In the second phase, the cross-layer anomaly based IDS is used to detect attacks against any communication protocols. We have already developed anomaly behavior modules for TCP, UDP, IP, DNS and Wi-Fi protocols. Our experimental results show that our approach can detect attacks accurately and with very low false alarms.

Original languageEnglish (US)
Title of host publicationProceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages157-161
Number of pages5
ISBN (Electronic)9781467384391
DOIs
StatePublished - Oct 23 2015
Externally publishedYes
EventIEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015 - Cambridge, United States
Duration: Sep 21 2015Sep 25 2015

Publication series

NameProceedings - 2015 IEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015

Conference

ConferenceIEEE 9th International Conference on Self-Adaptive and Self-Organizing Systems Workshops, SASOW 2015
Country/TerritoryUnited States
CityCambridge
Period9/21/159/25/15

Keywords

  • Cross layer anomaly based intrusion detection system
  • data mining
  • DNS
  • machine learning
  • Wi-Fi

ASJC Scopus subject areas

  • Artificial Intelligence
  • Control and Systems Engineering

Fingerprint

Dive into the research topics of 'Cross layer anomaly based intrusion detection system'. Together they form a unique fingerprint.

Cite this