University of Hertfordshire

A Chi-square testing-based intrusion detection Model

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Standard

A Chi-square testing-based intrusion detection Model. / Abouzakhar, Nasser; Bakar, Abu.

Procs 4th International Conference on Cybercrime Forensics Education & Training: CFET 2010. 2010.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Abouzakhar, N & Bakar, A 2010, A Chi-square testing-based intrusion detection Model. in Procs 4th International Conference on Cybercrime Forensics Education & Training: CFET 2010. 4th Int Conf on Cybercrime Forensics Education and Training (CFET 2010), Canterbury, United Kingdom, 2/09/10.

APA

Abouzakhar, N., & Bakar, A. (2010). A Chi-square testing-based intrusion detection Model. In Procs 4th International Conference on Cybercrime Forensics Education & Training: CFET 2010

Vancouver

Abouzakhar N, Bakar A. A Chi-square testing-based intrusion detection Model. In Procs 4th International Conference on Cybercrime Forensics Education & Training: CFET 2010. 2010

Author

Abouzakhar, Nasser ; Bakar, Abu. / A Chi-square testing-based intrusion detection Model. Procs 4th International Conference on Cybercrime Forensics Education & Training: CFET 2010. 2010.

Bibtex

@inproceedings{43ddb5dd5f824122b529d91cfdcc549a,
title = "A Chi-square testing-based intrusion detection Model",
abstract = "The rapid growth of Internet malicious activities has become a major concern to network forensics and security community. With the increasing use of IT technologies for managing information there is a need for stronger intrusion detection mechanisms. Critical - mission systems and applications require mechanisms able to detect any unauthorised activities. An Intrusion Detection System (IDS) acts as a necessary element for monitoring traffic packets on computer networks, performs analysis to suspicious traffic and makes vital decisions. IDSs allow cybercrime forensic specialists to gather useful evidence whenever needed. This paper presents the design and development process of a Network Intrusion Detection System (NIDS) solution, which aims at providing an effective anomaly based detection model using Chi-Square statistics. One of the design objectives in this paper is to minimise the limitations of current statistical network forensics and intrusion detection. Throughout the development process of this statistical detection model several aspects of the process of building an effective detection model are emphasized. These aspects include dataset pre - processing and feature selection, network traffic analysis, statistical testing and detection model development. The calculated / output statistical figures of this model are based on certain threshold values which could be used and / or adjusted by a forensic specialist for deciding whether or not a suspicious event took place. The modelling and development process of this proposed anomaly detection has been achieved using various software and development tools. In this paper we focus on modelling dynamic anomaly detection using the Chi-square technique. It investigates a network traffic dataset collected by CAIDA in 2008 that contains signs for denial of service (DoS) attacks called backscatter. The normal dataset patterns are analysed to build a profile for the legitimate network traffic. Any deviations from these normal profiles will be considered anomalous. The dataset was pre - processed using Wireshark and T-Shark, the detection model was developed using MATLAB for different variants of denial of services attacks and promising results were achieved. ",
keywords = "Intrusion detection, Computer forensics",
author = "Nasser Abouzakhar and Abu Bakar",
year = "2010",
month = sep,
day = "3",
language = "English",
booktitle = "Procs 4th International Conference on Cybercrime Forensics Education & Training",
note = "4th Int Conf on Cybercrime Forensics Education and Training (CFET 2010) ; Conference date: 02-09-2010 Through 03-09-2010",

}

RIS

TY - GEN

T1 - A Chi-square testing-based intrusion detection Model

AU - Abouzakhar, Nasser

AU - Bakar, Abu

PY - 2010/9/3

Y1 - 2010/9/3

N2 - The rapid growth of Internet malicious activities has become a major concern to network forensics and security community. With the increasing use of IT technologies for managing information there is a need for stronger intrusion detection mechanisms. Critical - mission systems and applications require mechanisms able to detect any unauthorised activities. An Intrusion Detection System (IDS) acts as a necessary element for monitoring traffic packets on computer networks, performs analysis to suspicious traffic and makes vital decisions. IDSs allow cybercrime forensic specialists to gather useful evidence whenever needed. This paper presents the design and development process of a Network Intrusion Detection System (NIDS) solution, which aims at providing an effective anomaly based detection model using Chi-Square statistics. One of the design objectives in this paper is to minimise the limitations of current statistical network forensics and intrusion detection. Throughout the development process of this statistical detection model several aspects of the process of building an effective detection model are emphasized. These aspects include dataset pre - processing and feature selection, network traffic analysis, statistical testing and detection model development. The calculated / output statistical figures of this model are based on certain threshold values which could be used and / or adjusted by a forensic specialist for deciding whether or not a suspicious event took place. The modelling and development process of this proposed anomaly detection has been achieved using various software and development tools. In this paper we focus on modelling dynamic anomaly detection using the Chi-square technique. It investigates a network traffic dataset collected by CAIDA in 2008 that contains signs for denial of service (DoS) attacks called backscatter. The normal dataset patterns are analysed to build a profile for the legitimate network traffic. Any deviations from these normal profiles will be considered anomalous. The dataset was pre - processed using Wireshark and T-Shark, the detection model was developed using MATLAB for different variants of denial of services attacks and promising results were achieved.

AB - The rapid growth of Internet malicious activities has become a major concern to network forensics and security community. With the increasing use of IT technologies for managing information there is a need for stronger intrusion detection mechanisms. Critical - mission systems and applications require mechanisms able to detect any unauthorised activities. An Intrusion Detection System (IDS) acts as a necessary element for monitoring traffic packets on computer networks, performs analysis to suspicious traffic and makes vital decisions. IDSs allow cybercrime forensic specialists to gather useful evidence whenever needed. This paper presents the design and development process of a Network Intrusion Detection System (NIDS) solution, which aims at providing an effective anomaly based detection model using Chi-Square statistics. One of the design objectives in this paper is to minimise the limitations of current statistical network forensics and intrusion detection. Throughout the development process of this statistical detection model several aspects of the process of building an effective detection model are emphasized. These aspects include dataset pre - processing and feature selection, network traffic analysis, statistical testing and detection model development. The calculated / output statistical figures of this model are based on certain threshold values which could be used and / or adjusted by a forensic specialist for deciding whether or not a suspicious event took place. The modelling and development process of this proposed anomaly detection has been achieved using various software and development tools. In this paper we focus on modelling dynamic anomaly detection using the Chi-square technique. It investigates a network traffic dataset collected by CAIDA in 2008 that contains signs for denial of service (DoS) attacks called backscatter. The normal dataset patterns are analysed to build a profile for the legitimate network traffic. Any deviations from these normal profiles will be considered anomalous. The dataset was pre - processed using Wireshark and T-Shark, the detection model was developed using MATLAB for different variants of denial of services attacks and promising results were achieved.

KW - Intrusion detection

KW - Computer forensics

M3 - Conference contribution

BT - Procs 4th International Conference on Cybercrime Forensics Education & Training

T2 - 4th Int Conf on Cybercrime Forensics Education and Training (CFET 2010)

Y2 - 2 September 2010 through 3 September 2010

ER -