Abstract
Through an Anomaly Detection System, unknown attacks could be detected using a model of normal network behavior to distinguish between usual and unusual activities. Collecting representative data of normal activity and properly train the system are the deciding factors in a Supervised Intrusion Detection System. This work aims to propose a supervised anomaly detection system to detect unknown intrusions using the packet payload in the network, implementing its detection algorithm as a “dynamic pre-processor” of Snort. Critical infrastructures are exposed to a several threats which demand computer network protection. An Intrusion Detection System (IDS) provides adequate protection of process control networks. IDSs are usually classified into misuse/signature detection and anomaly detection. Signature-based IDS typically exhibit high detection accuracy because it identifies attacks based on known attack characteristics. Anomaly detection is the alternative approach to detect novel attacks tagging suspicious events. Learning a model of normal traffic and report deviations from the normal behavior is the main strength of anomaly based detection system. The major weakness is that it is susceptible to false positive alarms.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rieck, K., Laskov, P.: Detecting Unknown Network Attacks Using Language Models. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 74–90. Springer, Heidelberg (2006)
Fredkin, E.: Trie memory. Communications of ACM 3(9), 490–499 (1960)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sánchez, J.A.P., Villalba, L.J.G. (2012). Trie Data Structure to Compare Traffic Payload in a Supervised Anomaly Detection System (Poster Abstract). In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2012. Lecture Notes in Computer Science, vol 7462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33338-5_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-33338-5_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33337-8
Online ISBN: 978-3-642-33338-5
eBook Packages: Computer ScienceComputer Science (R0)