TY - GEN
T1 - Multi-level intrusion detection system (ML-IDS)
AU - Al-Nashif, Youssif
AU - Kumar, Aarthi Arun
AU - Hariri, Salim
AU - Qu, Guangzhi
AU - Luo, Yi
AU - Szidarovsky, Ferenc
PY - 2008
Y1 - 2008
N2 - As the deployment of network-centric systems increases, network attacks are proportionally increasing in intensity as well as complexity. Attack detection techniques can be broadly classified as being signature-based, classification-based, or anomaly-based. In this paper we present a multi level intrusion detection system (ML-IDS) that uses autonomic computing to automate the control and management of ML-IDS. This automation allows ML-IDS to detect network attacks and proactively protect against them. ML-IDS inspects and analyzes network traffic using three levels of granularities (traffic flow, packet header, and payload), and employs an efficient fusion decision algorithm to improve the overall detection rate and minimize the occurrence of false alarms. We have individually evaluated each of our approaches against a wide range of network attacks, and then compared the results of these approaches with the results of the combined decision fusion algorithm.
AB - As the deployment of network-centric systems increases, network attacks are proportionally increasing in intensity as well as complexity. Attack detection techniques can be broadly classified as being signature-based, classification-based, or anomaly-based. In this paper we present a multi level intrusion detection system (ML-IDS) that uses autonomic computing to automate the control and management of ML-IDS. This automation allows ML-IDS to detect network attacks and proactively protect against them. ML-IDS inspects and analyzes network traffic using three levels of granularities (traffic flow, packet header, and payload), and employs an efficient fusion decision algorithm to improve the overall detection rate and minimize the occurrence of false alarms. We have individually evaluated each of our approaches against a wide range of network attacks, and then compared the results of these approaches with the results of the combined decision fusion algorithm.
UR - http://www.scopus.com/inward/record.url?scp=51649087689&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=51649087689&partnerID=8YFLogxK
U2 - 10.1109/ICAC.2008.25
DO - 10.1109/ICAC.2008.25
M3 - Conference contribution
AN - SCOPUS:51649087689
SN - 9780769531755
T3 - 5th International Conference on Autonomic Computing, ICAC 2008
SP - 131
EP - 140
BT - 5th International Conference on Autonomic Computing, ICAC 2008
T2 - 5th International Conference on Autonomic Computing, ICAC 2008
Y2 - 2 June 2008 through 6 June 2008
ER -