Detecting anomalous traffic using statistical discriminator and neural decisional motor

Abstract

One of the main challenges in the information security concerns the introduction of systems able to identify intrusions. In this ambit this work takes place describing a new Intrusion Detection System based on anomaly approach. We realized a system with a hybrid solution between host-based and network-based approaches, and it consisted of two subsystems: a statistical system and a neural one. The features extracted from the network traffic belong only to the IP Header and their trend allows us detecting through a simple visual inspection if an attack occurred. Really the two-tier neural system has to indicate the status of the system. It classifies the traffic of the monitored host, distinguishing the background traffic from the anomalous one. Besides, a very important aspect is that the system is able to classify different instances of the same attack in the same class, establishing which attack occurs. © Springer-Verlag Berlin Heidelberg 2007.