Skip to main content
SpringerLink
Log in

Trie Data Structure to Compare Traffic Payload in a Supervised Anomaly Detection System (Poster Abstract)

  • Conference paper
Research in Attacks, Intrusions, and Defenses (RAID 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7462))

Included in the following conference series:

  • 2821 Accesses

Abstract

Through an Anomaly Detection System, unknown attacks could be detected using a model of normal network behavior to distinguish between usual and unusual activities. Collecting representative data of normal activity and properly train the system are the deciding factors in a Supervised Intrusion Detection System. This work aims to propose a supervised anomaly detection system to detect unknown intrusions using the packet payload in the network, implementing its detection algorithm as a “dynamic pre-processor” of Snort. Critical infrastructures are exposed to a several threats which demand computer network protection. An Intrusion Detection System (IDS) provides adequate protection of process control networks. IDSs are usually classified into misuse/signature detection and anomaly detection. Signature-based IDS typically exhibit high detection accuracy because it identifies attacks based on known attack characteristics. Anomaly detection is the alternative approach to detect novel attacks tagging suspicious events. Learning a model of normal traffic and report deviations from the normal behavior is the main strength of anomaly based detection system. The major weakness is that it is susceptible to false positive alarms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Rieck, K., Laskov, P.: Detecting Unknown Network Attacks Using Language Models. In: Büschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol. 4064, pp. 74–90. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  2. Fredkin, E.: Trie memory. Communications of ACM 3(9), 490–499 (1960)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), School of Computer Science, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases s/n, Ciudad Universitaria, 28040, Madrid, Spain

    Jenny Andrea Pinto Sánchez & Luis Javier García Villalba

Authors
  1. Jenny Andrea Pinto Sánchez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luis Javier García Villalba
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute Eurecom, 2229 Route des Cretes, 06560, Sophia Antipolis Cedex, France

    Davide Balzarotti

  2. Department of Computer Science, Columbia University, 1214 Amsterdam Avenue, M.C. 0401, 10027-7003, New York, NY, USA

    Salvatore J. Stolfo

  3. School of Computer Science, University of Birmingham, B15 2TT, Edgbaston, Birmingham, UK

    Marco Cova

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sánchez, J.A.P., Villalba, L.J.G. (2012). Trie Data Structure to Compare Traffic Payload in a Supervised Anomaly Detection System (Poster Abstract). In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2012. Lecture Notes in Computer Science, vol 7462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33338-5_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33338-5_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33337-8

  • Online ISBN: 978-3-642-33338-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation