Distributed hierarchical pattern-matching for network intrusion detection

Zubair Baig, Khaled Salah

Research output: Contribution to journalArticlepeer-review

5 Scopus citations

Abstract

Network intrusion detection systems are widely used in present-day public and private networks to successfully detect cyber intrusions. In recent times, a plethora of readily available hacking tools have widened the adversarial attack surface to launch advanced malicious attacks. This entails the need to devise and deploy stronger security solutions including countermeasures that prevent, detect, and deter such attacks. The need for an efficient and effective mechanism for detecting network intrusions in real-time cannot be understated. Distributed pattern matching through information sharing between intrusion detection agents is one such approach towards identifying anomalous activity in a network. In this paper, a novel distributed pattern matching approach is proposed for detecting malicious network activities through first analyzing network traffic by detector agents, and subsequently exchanging information (subpattern) among detector agents in order to holistically identify anomalous network activities. The detection effectiveness of the proposed approach is studied using simulation conducted considering different pattern exchange hierarchies. Simulation results show that our approach yields high accuracies in intrusion detection with low false alarm rates.

Original languageBritish English
Pages (from-to)167-178
Number of pages12
JournalJournal of Internet Technology
Volume17
Issue number2
DOIs
StatePublished - 2016

Keywords

  • Distributed information processing
  • Intrusion detection
  • Network security
  • Pattern matching

Fingerprint

Dive into the research topics of 'Distributed hierarchical pattern-matching for network intrusion detection'. Together they form a unique fingerprint.

Cite this