Nnamdi Nwanze

Work place: Department of Computer Science, University of Alabama in Huntsville, USA * iDEA Hub, Nigeria

E-mail: nnamdi.nwanze@idea-nigeria.org

Website:

Research Interests: Computer Architecture and Organization, Information Security, Network Security, Data Structures and Algorithms

Biography

Nnamdi Nwanze received his Ph.D. (2009), M.S. (2004), and B.S. (2001) all in Electrical and Computer Engineering from Binghamton University, State University of New York. He is currently the Technology & Ecosystems advisor at iDEA Hub, Nigeria. He was a postdoctoral fellow in the Empower the Teachers program in 2013 at the Massachusetts Institute of Technology (MIT). During the fellowship he liaised with MIT faculty to perform research into computer network security, and new teaching methods and techniques for better teaching practices across tertiary institutions in the US and Nigeria. Prior to joining iDEA, he was a faculty member at the Bells University of Technology. He also worked as a Project Manager for Vigilos, Inc. in Seattle, USA, developing security solutions for the enterprise physical security market. His research interests center on computer and network security, and pervasive computing.

Author Articles
Artificially Augmented Training for Anomaly-based Network Intrusion Detection Systems

By Chockalingam Karuppanchetty William Edmonds Sun-il Kim Nnamdi Nwanze

DOI: https://doi.org/10.5815/ijcnis.2015.10.01, Pub. Date: 8 Sep. 2015

Attacks on web servers are becoming increasingly prevalent; the resulting social and economic impact of successful attacks is also exacerbated by our dependency on web-based applications. There are many existing attack detection and prevention schemes, which must be carefully configured to ensure their efficacy. In this paper, we present a study challenges that arise in training network payload anomaly detection schemes that utilize collected network traffic for tuning and configuration. The advantage of anomaly-based intrusion detection is in its potential for detecting zero day attacks. These types of schemes, however, require extensive training to properly model the normal characteristics of the system being protected. Usually, training is done through the use of real data collected by monitoring the activity of the system. In practice, network operators or administrators may run into cases where they have limited availability of such data. This issue can arise due to the system being newly deployed (or heavily modified) or due to the content or behavior that leads to normal characterization having been changed. We show that artificially generated packet payloads can be used to effectively augment the training and tuning. We evaluate the method using real network traffic collected at a server site; We illustrate the problem at first (use of highly variable and unsuitable training data resulting in high false positives of 3.6∼10%), then show improvements using the augmented training method (false positives as low as 0.2%). We also measure the impact on network performance, and present a lookup based optimization that can be used to improve latency and throughput.

[...] Read more.
Other Articles