A real-time intrusion detection system (IDS) for large scale networks and its evaluations

Nei Katqt, Hiroaki Nitotjt, Kohei Ohta, Glenn Mansfield, Yoshiaki Nemoto

Research output: Contribution to journalArticlepeer-review

15 Citations (Scopus)

Abstract

Internet communication is increasingly becoming an important element in daily life. Keeping this network safe from malicious elements is an urgent task for network management. To maintain the security level networks are generally, monitored for indications of usage with ill-intentions. Such indications are events which need to be collated, correlated and analyzed in real-time to be effective. However, on an average medium to large size network the number of such events are very large. This makes it practically impossible to analyze the information in real-time and provide the necessary security measures. In this paper, we propose a mechanism that keeps the number of events, to be analyzed, low thereby making it possible to provide ample security measures. We discuss a real-time Intrusion Detection System (IDS) for detecting network attacks. The system looks out for TCP ACK/RST packets, which are generally caused by network scans. The system can extract the tendency of network flows in real-time, based on the newly developed time-based clustering and Dynamic Access Tree creation techniques. The algorithm, implemented and deployed on a medium size backbone network using RMON (Remote MONitoring) technology, successfully detected 195 intrusion attempts during a one month period. The results of the pilot deployment are discussed. In this paper, the proposal, implementation and evaluation will be described.

Original languageEnglish
Pages (from-to)1817-1825
Number of pages9
JournalIEICE Transactions on Communications
VolumeE82-B
Issue number11
Publication statusPublished - 1999 Jan 1

Keywords

  • Dynamic access tress
  • Intrusion detection system
  • Real-time
  • Traffic monitoring
  • Traffic tendency

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'A real-time intrusion detection system (IDS) for large scale networks and its evaluations'. Together they form a unique fingerprint.

Cite this