05263644

a

05263644 Shamsuddin, Solahuddin B. Woodward, Michael E. Modeling protocol based packet header anomaly detector for network and host intrusion detection systems. Bao, Feng (ed.) et al., Cryptology and network security. 6th international conference, CANS 2007, Singapore, December 8--10, 2007. Proceedings. Berlin: Springer (ISBN 978-3-540-76968-2/pbk). Lecture Notes in Computer Science 4856, 209-227 (2007). 2007 Berlin: Springer EN Anomaly Data base Network Intrusion Detection System

doi:10.1007/978-3-540-76969-9_14

Summary: This paper describes an experimental protocol based packet header anomaly detector for Network and Host Intrusion Detection System modelling which analyses the behaviour of packet header field values based on its layer 2, 3 and 4 protocol fields of the ISO OSI Seven Layer Model for Networking. Our model which we call as Protocol based Packet Header Anomaly Detector (PbPHAD) Intrusion Detection System is designed to detect the anomalous behaviour of network traffic packets based on three specific network and transport layer protocols namely UDP, TCP and ICMP to identify the degree of maliciousness from a set of detected anomalous packets identified from the sum of statistically modelled individually rated anomalous field values.