Publication Abstract

Streilein, W. W., Cunningham, R. K., Webster, S. E., "Improved Detection of Low-Profile Probe and Denial-of-Service Attacks," Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, June, 2001.

Abstract

We present enhancements to our network-based intrusion detection system, which makes use of multiple neural network classifiers to accurately detect several classes of attacks including stealthy probes and novel denial-of-service attacks. An intrinsic representation of the local network and detection features derived from network traffic enable the system to detect entire attack classes. Improvements to our system include enhanced robust TCP session reconstruction, handling simplex and duplex traffic modes, an expanded feature vector that includes measures of inter-packet delays and counts of anomalous TCP sessions, and binary tree-based internal data structures which are faster and less vulnerable to attack. Our system achieves a detection rate of 100% with a false alarm rate of .1% when tested against stealthy attacks in the DARPA 1999 IDS Evaluation. It also performs well on a moderately loaded research network.