Yusuke
Tsuge and HidemaTanaka
National
Defense Academy of Japan
Hashirimizu
1-10-20 Yokosuka, Kanagawa Japan 239-8686,
ABSTRACT
An
Intrusion Detection System (IDS) is counter measure against network attack.
There are mainly two Types
of detections; signature-based and anomaly-based. And there are two kinds of
error; false negative and
false positive. In development of IDS, establishment of a method to reduce such
false is a major issue. In this paper; we propose a new anomaly-based detection
method using Discrete Fourier Transform (DFT)
with window function. In our method, we assume fluctuation of payload in
ordinary sessions as random.
On the other hand, we can see fluctuation in attack sessions have bias. From
the view point of spectrum
analysis based on such assumption, we can find out different characteristic in
spectrum of attack sessions.
Using the characteristic, we can detect attack sessions. Example detection against
Kyoto2006+ dataset
shows 12.0% of false positive at most, and 0.0% of false negative.
KEYWORDS
Intrusion Detection
System, Discrete Fourier Transform, window function, Kyoto2006+ dataset
No comments:
Post a Comment