Work place: Department of Computer Science, University of Alabama in Huntsville, USA * iDEA Hub, Nigeria
E-mail: sunil.kim@uah.edu
Website:
Research Interests: Computer systems and computational processes, Systems Architecture, Information Security, Information Systems
Biography
Sun-il Kim is an Assistant Professor of Computer Science at the University of Alabama in Huntsville. He received his Ph.D (2008) and M.S. (2001) in Computer Science from the University of Illinois at UrbanaChampaign, and his B.S. (2000) from Binghamton University, State University of New York. Prior to joining the University of Alabama in Huntsville, he was with the University of Alaska Anchorage and the University of St. Thomas. His research interests center on reliability and security in networked systems.
By Chockalingam Karuppanchetty William Edmonds Sun-il Kim Nnamdi Nwanze
DOI: https://doi.org/10.5815/ijcnis.2015.10.01, Pub. Date: 8 Sep. 2015
Attacks on web servers are becoming increasingly prevalent; the resulting social and economic impact of successful attacks is also exacerbated by our dependency on web-based applications. There are many existing attack detection and prevention schemes, which must be carefully configured to ensure their efficacy. In this paper, we present a study challenges that arise in training network payload anomaly detection schemes that utilize collected network traffic for tuning and configuration. The advantage of anomaly-based intrusion detection is in its potential for detecting zero day attacks. These types of schemes, however, require extensive training to properly model the normal characteristics of the system being protected. Usually, training is done through the use of real data collected by monitoring the activity of the system. In practice, network operators or administrators may run into cases where they have limited availability of such data. This issue can arise due to the system being newly deployed (or heavily modified) or due to the content or behavior that leads to normal characterization having been changed. We show that artificially generated packet payloads can be used to effectively augment the training and tuning. We evaluate the method using real network traffic collected at a server site; We illustrate the problem at first (use of highly variable and unsuitable training data resulting in high false positives of 3.6∼10%), then show improvements using the augmented training method (false positives as low as 0.2%). We also measure the impact on network performance, and present a lookup based optimization that can be used to improve latency and throughput.
[...] Read more.Subscribe to receive issue release notifications and newsletters from MECS Press journals