AnApproach toDetect Executable Content for Anomaly BasedNetwork Intrusion Detection

Since current internet threats contain notonlymalicious codes like Trojan orworms,butalso spyware andadwarewhichdo nothaveexplicit illegal content, itisnecessary tohaveamechanism toprevent hidden executable files downloading inthenetwork traffic. Inthis paper, wepresent anewsolution toidentify executable content foranomalybasednetwork intrusion detection system (NIDS) basedonfile bytefrequency distribution. First, abrief introduction toapplication level anomaly detection isgiven, aswellas sometypical examples ofcompromising usercomputers byrecent attacks. Inaddition toareview oftherelated research onmalicious codeidentification andfile typedetection insection 2,wewill alsodiscuss thedrawback whenapplying themforNIDS.After that, the background information ofourapproach ispresented withexamples, inwhichthedetails ofhowwe create theprofile andhowto perform thedetection arethoroughly discussed. Theexperiment results arecrucial inourresearch because theyprovide theessential support fortheimplementing. Inthefinal experiment simulating thesituation ofuploading executable files toaFTPserver, our approach demonstrates great performance ontheaccuracy andstability.