Work place: Department of Computer Science, University of Alabama in Huntsville, USA * iDEA Hub, Nigeria
E-mail: william.edmonds@uah.edu
Website:
Research Interests: Computer systems and computational processes, Computer Architecture and Organization, Systems Architecture, Intrusion Detection System, Network Architecture, Data Structures and Algorithms
Biography
William C. Edmonds, Jr. received his B.S. (2013) degree in Computer Systems Engineering at the University of Alaska Anchorage in Anchorage, Alaska, USA. He is currently a graduate research assistant at the University of Alabama in Huntsville. Previously, he worked in the financial industry as an internal auditor for both bankrelated and I.T. departments. Past and current research interests include network intrusion detection systems, leveraging GPUs to expedite intrusion detection training algorithms, and embedded and mobile device security.
By Chockalingam Karuppanchetty William Edmonds Sun-il Kim Nnamdi Nwanze
DOI: https://doi.org/10.5815/ijcnis.2015.10.01, Pub. Date: 8 Sep. 2015
Attacks on web servers are becoming increasingly prevalent; the resulting social and economic impact of successful attacks is also exacerbated by our dependency on web-based applications. There are many existing attack detection and prevention schemes, which must be carefully configured to ensure their efficacy. In this paper, we present a study challenges that arise in training network payload anomaly detection schemes that utilize collected network traffic for tuning and configuration. The advantage of anomaly-based intrusion detection is in its potential for detecting zero day attacks. These types of schemes, however, require extensive training to properly model the normal characteristics of the system being protected. Usually, training is done through the use of real data collected by monitoring the activity of the system. In practice, network operators or administrators may run into cases where they have limited availability of such data. This issue can arise due to the system being newly deployed (or heavily modified) or due to the content or behavior that leads to normal characterization having been changed. We show that artificially generated packet payloads can be used to effectively augment the training and tuning. We evaluate the method using real network traffic collected at a server site; We illustrate the problem at first (use of highly variable and unsuitable training data resulting in high false positives of 3.6∼10%), then show improvements using the augmented training method (false positives as low as 0.2%). We also measure the impact on network performance, and present a lookup based optimization that can be used to improve latency and throughput.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals