Network Intrusion Detection: Using MDLcompress for deep packet inspection

Edward E. Eiland,Scott Charles Evans,Thomas Stephen Markham,Bruce Gordon Barnett,Jeremy Impson,Eric Steinbrecher

Network Intrusion Detection: Using MDLcompress for deep packet inspection

2008

Edward E. Eiland
Scott Charles Evans
Thomas Stephen Markham
Bruce Gordon Barnett
Jeremy Impson
Eric Steinbrecher

We apply MDL compress, a grammar inference engine, to network intrusion detection (NID). We specifically target HTTP payload analysis of deep packet inspection (DPI) utilizing the DARPA 1999 data sets for our normal network traffic base and create modern attack traffic using Nessus. Our approach accurately detected over 98% of the attacks compared with literature reports of approximately 95% accuracy rate on HTTP attacks.

Keywords:

Deep content inspection
Computer network
Host-based intrusion detection system
Deep packet inspection
Intrusion detection system
Data set
Computer science
Inference engine
Payload
Rule-based machine translation
grammar inference
network intrusion detection

Correction
Source
Cite
Save
Machine Reading By IdeaReader

References

Citations