Signal Processing Applications in Network Intrusion Detection Systems

  • PDF / 122,718 Bytes
  • 2 Pages / 600.05 x 792 pts Page_size
  • 24 Downloads / 226 Views

DOWNLOAD

REPORT


Editorial Signal Processing Applications in Network Intrusion Detection Systems Chin-Tser Huang,1 Rocky K. C. Chang,2 and Polly Huang3 1 Department

of Computer Science and Engineering, University of South Carolina, Columbia, SC 29208, USA of Computing, The Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong SAR, China 3 Department of Electrical Engineering, National Taiwan University, Taipei 10617, Taiwan 2 Department

Correspondence should be addressed to Chin-Tser Huang, [email protected] Received 25 February 2009; Accepted 25 February 2009 Copyright © 2009 Chin-Tser Huang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

In recent years, the problem of network intrusion detection has attracted a lot of attention in the field of network security. Network intrusions carried out in various forms, such as worms, virus, spamming, Trojan horse, and many others, pose two major threats and damage on the victims. First, the intruders probe, gather, and deduce sensitive information about target hosts in an effort to gain unauthorized access to them and their networks. Second, the intruders inject unwanted packets into the target networks, aiming to disrupt the normal communications and services provided by the target networks. It is therefore critically important to implement effective network intrusion detection systems (NIDSs) to monitor the network and detect the intrusions in a timely manner. Signal processing techniques have found applications in NIDS, because of their ability of detecting novel intrusions and attacks, which cannot be achieved by signature-based NIDS. Therefore, the primary objective of an NIDS based on signal processing techniques is to profile the normal network traffic pattern or application-level behavior and to classify intrusions or unwanted traffic as anomalies. Wavelets, entropy analysis, and data mining techniques are examples in this regard. However, the major challenges of the signal processing-based approaches lie in the adaptive modeling of normal network traffic and the high false alarm rate due to the inaccuracy of the modeled normal traffic pattern. The emergence of a variety of wireless networks and the mobility of nodes in such networks only add to the complexity of the problems. The goal of this special issue is to present some of the state-of-the-art techniques of applying signal processing

techniques to the intrusion detection problems. This issue features seven papers which cover generic issues in designing NIDS, such as improving the false-positive performance, speed performance, and quality of the training data (the first two papers), applying wavelet analysis to detect attacks on wired networks and wireless networks (the third and fourth papers), detecting flooding-based and low-rate denial-ofservice attacks (the fifth and sixth papers), and detecting game bots in massively multiplayer online role play