SlideShare a Scribd company logo

Procuring the Anomaly Packets and Accountability Detection in the Network

•
•
IOSR Journals
IOSR Journals

http://www.iosrjournals.org/iosr-jce/pages/v13i1.html

EngineeringTechnology
1 of 4
Download to read offline
IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 13, Issue 1 (Jul. - Aug. 2013), PP 134-137 www.iosrjournals.org www.iosrjournals.org 134 | Page Procuring the Anomaly Packets and Accountability Detection in the Network V. Laxman1 , Ms. P. Subhadra2 1 (Master of Technology, Computer Science and Engineering, Vardhaman College of Engineering, Hyderabad, India, 2 (Associate Professor Computer Science and Engineering, Vardhaman College of Engineering, Hyderabad, India) Abstract: It is software that will be used to find the anomaly packets in Voice over Internet Protocol (VoIP) devices, such as soft phones and VoIP gateways to the Session Initiation Protocol specifications, and to test the compliance and interoperability of VoIP equipment produced by different manufacturers. Network traffic is often "different" from benign traffic in ways that can be distinguished without knowing the nature of the attack. We describe a two stage anomaly detection system for identifying suspicious traffic. First, we filter traffic to pass only the packets of most interest, e.g. the first few packets of incoming server requests. Second, we model the most common protocols (IP, TCP, telnet, FTP, SMTP, HTTP) at the packet byte level to flag events (byte values) that have not been observed for a long time. Different software’s are available on the market to conduct a compliance and interoperability validation phase. However, they often have features limited to packet capturing and decoding, or they are simulation tools that often require a complex developing phase to define the behavior of each test. The proposed tool, instead, can be inserted into an Session Initiation Protocol (SIP) network and is capable of observing and finding, in an automatic way. It executes in three phases. 1. SIP messages flowing in the network are captured. 2. In charge of grouping SIP messages into transactions and dialog. 3. Operates by comparing the message flow with a set of predefined rules. These Rules are classified into two groups. 1. Static Rules have been obtained by the direct analysis of SIP specifications. 2. Dynamic Rules have been obtained by experience with SIP compliance and interoperability testing. If some rules failed during verification, an output is reported by indicating the rule that failed and a list of possible fault causes. Index Terms- Protocol, IDS, Anomaly.. I. Introduction At present, attacks on Internet infrastructure, in the form of denial of service (DoS) attacks and worms, have become one of the most serious threats to the network security. it could become possible to detect the attacks, anomalies and to appropriately take action to mitigate them before they have had much time to propagate across the network. Most network intrusion detection systems (IDS) that use anomaly detection look for anomalous or unusual port number and IP addresses, where "unusual" means any value not observed in training on normal (presumably non hostile) traffic. They use the firewall paradigm; a packet addressed to a nonexistent host or service must be hostile, so we reject it. The problem with the firewall model is that attacks addressed to legitimate services will still get through, even though the packets may differ from normal traffic in ways that could detect. In general, methodology to detecting anomalies envisions two kinds of detection mechanisms: postmortem and real-time modes. Given the variety of anomalies, it makes sense to examine as many attributes as possible, not just the packet ports and addresses, as many systems now do. Also, because the rates of many types of network events vary unpredictably over a wide range of time scales, we use a time-dependent model, in which the probability of an event depends on the time since it last occurred, instead of on its average rate. The idea is that if an attribute takes on a novel value, or at least one not seen recently, then the data is suspicious. In this paper, we briefly review previous work on packet buffer architectures and present scalable and efficient hierarchical packet buffer architecture. This is our first attempt to combine the merits of two previously published packet buffer architectures. Consequently, the SRAM occupancy has been significantly reduced. By fully exploring the advantage of parallel DRAMs, we first propose a memory management algorithm (MMA) called Random Round Robin (RRR). Thereafter, we devise a “traffic-aware” approach which aims to provide different services for different types of data streams. This approach further reduces the system overhead. Both mathematical analysis and simulation demonstrate that the proposed architecture together with
Procuring The Anomaly Packets And AccountabilityDetection In theNetwork www.iosrjournals.org 135 | Page its algorithm reduce the overall SRAM requirement significantly while providing guaranteed performance in terms of low time complexity, upper bounded drop rate, and uniform allocation of resources. II. Background And Literature Survey Network intrusion detection systems like snort (2001) or Bro (Paxson, 1998) typically use signature detection, matching patterns in network traffic to the patterns of known attacks. This works well, but has the obvious disadvantage of being vulnerable to novel attacks. An alternative approach is anomaly detection, which models normal traffic and signals any deviation from this model as suspicious. The idea is based on work by Forrest et al. (1996), who found that most UNIX processes make (mostly) highly predictable sequences of system calls in normal use. When a server or suid root program is compromised (by a buffer overflow, for example), it executes code supplied by the attacker, and deviates from its normal calling sequence. It is not possible to observe every possible legitimate pattern in training, so an anomaly detector requires some type of machine learning algorithm in order to generalize from the training set. Models are usually based on the distribution of source and destination addresses and ports per transaction (TCP connections, and sometimes UDP and ICMP packets). For example, SPADE offers four probability models (estimated by average frequency) of incoming TCP connections: · P(destination-address, destination-port) · P(source-address, destination-address, destination-port) · P(source-address, source-port, destination-address, destination-port) · Bayes network approximation of the above. Lower probabilities result in higher anomaly scores, since these are presumably more likely to be hostile. In general, five types of anomalies in hostile traffic are identified. 2.1 User Behavior: Hostile traffic may have a novel source address because it comes from an unauthorized user of a restricted (password protected) service. Also, probes such as ipsweep and portsweep may attempt to access nonexistent hosts and services, generating anomalies in the destination addresses and port numbers. 2.2 Bug Exploits: Attacks often exploit errors in the target software, for example, a buffer overflow vulnerability. Such errors are most likely to be found in the least-used features of the program, because otherwise the error is likely to have been discovered during normal use and fixed in a later version. Thus, any remaining errors are invoked only with unusual inputs (e.g. a very long argument to a seldom used command), which are not likely to occur during normal use. 2.3 Response Anomalies: Sometimes a target will generate anomalous outgoing traffic in response to a successful attack, for example, a victimized mail server passing root shell command responses back to an attacker. This is analogous to Forrest's host based detection method , where a server compromise can be detected because it makes unusual sequences of system calls. 2.4 Bugs in the attack: Attackers typically must implement client protocols themselves, and will fail to duplicate the target environment either out of carelessness or because it is not necessary. For example, many text based protocols such as FTP, SMTP and HTTP allow either uppercase or lowercase commands. An attacker may use lowercase for convenience, even though normal clients might always use uppercase. 2.5 Evasion: Attackers may deliberately manipulate network protocols to hide an attack from an improperly coded intrusion detection system (IDS) monitoring the application layer. Such methods include IP fragmentation, overlapping TCP segments that do not match, deliberate use Of bad checksums, short TTL values, and so on. Such events must be rare in normal traffic, or else the IDS would have been written to handle them properly. III. Model Description Anomaly model detectors like PHAD, detects anomalies in network packets. However, it differs as follows: 1. The traffic is filtered, so only the start of incoming server requests are examined. 2. Starting with the IP header, we treat each of the first 48 bytes as an attribute for our models--we do not parse the packet into fields. 3. There are 9 separate models corresponding to the most common protocols (IP, TCP, HTTP, etc.). 4. The anomaly score tn/r is modified to (among other things) score rare, but not necessarily novel, events. 3.1. Traffic Filtering The first stage of NETAD is to filter out uninteresting traffic. Most attacks are initiated against a target server or operating system, so it is usually sufficient to examine only the first few packets of incoming server requests. This not only filters out traffic likely to generate false alarms NETAD separately models 9 subsets of the filtered traffic corresponding to 9 common packet types, as follows. · All IP packets (including TCP, UDP, and ICMP).
Procuring The Anomaly Packets And AccountabilityDetection In theNetwork www.iosrjournals.org 136 | Page · All TCP packets. · All TCP SYN packets (with no other flags set, normally the first packet, usually containing TCP options and no payload). · All TCP ACK packets (normally the second and subsequent packets, which contain a payload). · TCP ACK packets to ports 0-255. · TCP ACK to port 21 (FTP). · TCP ACK to port 23 (telnet). · TCP ACK to port 25 (SMTP mail). · TCP ACK to port 80 (HTTP). A packet may belong to more than one subset. For instance, an HTTP data packet is also TCP ports 0- 255, TCP ACK, TCP, and IP. For each model, an anomaly score is computed, and the sum is assigned to the packet. The reason for modeling ports 0-255 is for ease of implementation. Each packet type can be distinguished from some other by examining only one attribute (byte). For instance, ports 0-255 can be distinguished from other TCP ACK packets by examining only the upper byte of the destination port number. IV. Experimental Analysis We employed a 2-hour DWT window in 1-minute sampling interval. It can be decomposed up to level 7. The results of our real-time analysis are shown in Fig. 1. The DWT signal at each timescales is shown along with the horizontal detector (an anomaly detected over successive samples at the same level). The bottom-most picture shows the composite detector that employs two -dimensional mechanism using horizontal and vertical detection simultaneously . The results indicate that the real-time analysis detects all the attacks along with a few anomalies present in the base signal. It seems feasible to carry out a similar correlation and wavelet-based analysis of network packets based on their port numbers. Is it possible to combine several indicators to build a more robust anomaly detector that is less prone to false alarms? Fig. 2 shows the comprehensive anomaly detector based on a combination of addresses and port numbers. Figure 1. Address based detection results using simulated attack traces in real-time
Procuring The Anomaly Packets And AccountabilityDetection In theNetwork www.iosrjournals.org 137 | Page Figure 2. The multidimensinal detection results The two kinds of dots at the bottom of the picture show detection results. The dots located on top are marked when both the address and port methods detect anomalies simultaneously. V. Conclusions Intrusions generate anomalies because of bugs in the victim program, the attacking program, or the IDS, or because the victim generates anomalous output after an attack. We have seen examples of all four types of anomalies: 1. Strange input to poorly tested software, e.g. the corrupted packets used by teardrop, pod, dosnuke. 2. Strange data from poorly written attacks, e.g. bad checksums in smurf and udpstorm. 3. Strange data used to hide an attack from layers above, e.g. FIN scanning by portsweep. 4. Strange responses from the victim, e.g. unusual TCP options generated by apache2. The proposal like any network anomaly detector, does not describe the nature of an attack, or even indicate if an event is hostile or not. Instead, it just finds unusual or interesting events in a vast amount of data, and brings them to the attention of a network security expert for further analysis. It is meant to supplement, rather than replace, existing security tools and methods, such as code reviews, encryption, firewalls, virus detectors, and so on. Like all security tools, it requires some investment of time and effort to use it. The challenge is to use good filtering to minimize this effort. References [1] Bell, Timothy, Ian H. Witten, John G. Cleary, "Modeling for Text Compression", ACM Computing Surveys (21)4, Dec.1989 ,pp. 557-591. [2] Barbará, D., N. Wu, S. Jajodia, "Detecting Novel Network Intrusions using Bayes Estimators", First SIAM International Conference on Data Mining, 2001, [3] Floyd, S. and V. Paxson, "Difficulties in Simulating the Internet." To appear in IEEE/ACM Transactions on Networking, 2001. http://www.aciri.org/vern/papers.html [4] Forrest, S., S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A Sense of Self for Unix Processes", Proceedings of 1996 IEEE Symposium on Computer Security and Privacy. ftp://ftp.cs.unm.edu/pub/forrest/ieee-sp-96-unix.pdf [5] Lippmann, R., et al., "The 1999 DARPA Off-Line Intrusion Detection Evaluation", Computer Networks 34(4) , 2000,579-595. [6] Mahoney, M., P. K. Chan, "PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic", Florida Tech. technical report 2001-04, http://cs.fit.edu/~tr/ [7] Mahoney, M., P. K. Chan, "Learning Models of Network Traffic for Detecting Novel Attacks", Florida Tech. technical report 2002-08, http://cs.fit.edu/~tr/ [8] Mahoney, M., P. K. Chan, "Learning Non stationary Models of Normal Network Traffic for Detecting Novel Attacks ", Edmonton, Alberta: Proc. SIGKDD, 2002, 376-385. [9] Paxson, Vern, "Bro: A System for Detecting Network Intruders in Real-Time", Lawrence Berkeley National Laboratory Proceedings, 7'th USENIX Security Symposium, Jan. 26-29, 1998, San Antonio TX, [10] F. Wang, M. Hamdi, and J. Muppala, “Using Parallel DRAM to Scale Router Buffers,” IEEE Trans. Parall and Distributed Systems, vol. 20, May 2009, pp. 710-724. [11] G. Appenzeler, I. Keslassy, and N. McKeown, “Sizing Router Buffers,” ACM SIGCOMM Computer Comm. Rev., vol. 34, no. 4, Oct. 2004, pp. 281-292. [12] G. Shrimali and N. McKeown, “Building Packet Buffers with Interleaved Memories,” Proc.Workshop High Performance Switching and Routing (HPSR ’05), May 2005, pp. 1-5. [13] H. Wang and B. Lin, “Block-Based Buffer with Deterministic Packet Departure,” Proc. Int’l Conf. High Performance Switching and Routing (HPSR ’10), June 2010, pp. 38-43. [14] H. Wang, H. Zhao, B. Lin, and J. Xu, “Design and Analysis of a Robust Pipelined Memory System,” Proc. IEEE INFOCOM ’10, Mar. 2010 ,pp. 1-9,. [15] J. Corbal, R. Espasa, and M. Valero, “Command Vector Memory Systems: High performance at Low Cost,” Proc. Int’l Conf. Parallel Architectures and Compilation Techniques,Oct. 1998 ,pp. 68-77. [16] J. Garcia, J. Corbal, L. Cerda, and M. Valero, “Design and Implementation of High-Performance Memory Systems for Future Packet Buffers,” Proc. IEEE/ACM 36th Ann. Int’l Symp. Micro architecture (Micro ’03), Dec. 2003, pp. 372-384.

Recommended

Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpOlli-Pekka Niemi
 
Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)IOSR Journals
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
A1803050106
A1803050106A1803050106
A1803050106IOSR Journals
 
Optimal remote access trojans detection based on network behavior
Optimal remote access trojans detection based on network behaviorOptimal remote access trojans detection based on network behavior
Optimal remote access trojans detection based on network behaviorIJECEIAES
 
OS Fingerprinting
OS FingerprintingOS Fingerprinting
OS FingerprintingRashmika Nawaratne
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...Thang Nguyen
 
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...ijsrd.com
 

Recommended

Us 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpUs 13-opi-evading-deep-inspection-for-fun-and-shell-wp
Us 13-opi-evading-deep-inspection-for-fun-and-shell-wpOlli-Pekka Niemi
 
Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)Intrusion Detection System using Hidden Markov Model (HMM)
Intrusion Detection System using Hidden Markov Model (HMM)IOSR Journals
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
A1803050106
A1803050106A1803050106
A1803050106IOSR Journals
 
Optimal remote access trojans detection based on network behavior
Optimal remote access trojans detection based on network behaviorOptimal remote access trojans detection based on network behavior
Optimal remote access trojans detection based on network behaviorIJECEIAES
 
OS Fingerprinting
OS FingerprintingOS Fingerprinting
OS FingerprintingRashmika Nawaratne
 
A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...A network behavior analysis method to detect this writes about a method to ...
A network behavior analysis method to detect this writes about a method to ...Thang Nguyen
 
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...
A Survey on DPI Techniques for Regular Expression Detection in Network Intrus...ijsrd.com
 
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANIJNSA Journal
 
SIP Flooding Attack Detection Using Hybrid Detection Algorithm
SIP Flooding Attack Detection Using Hybrid Detection AlgorithmSIP Flooding Attack Detection Using Hybrid Detection Algorithm
SIP Flooding Attack Detection Using Hybrid Detection AlgorithmEditor IJMTER
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...skpatel91
 
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...Journal For Research
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection finalAkshay Bansal
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question CollectionManish Luintel
 
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMSTRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMSIJNSA Journal
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full reportdeepakmarndi
 
Network Monitoring with Wireshark
Network Monitoring with WiresharkNetwork Monitoring with Wireshark
Network Monitoring with WiresharkSiddharth Coontoor
 
An architecture for generating semantic aware signatures
An architecture for generating semantic aware signaturesAn architecture for generating semantic aware signatures
An architecture for generating semantic aware signaturesUltraUploader
 
CMIT 321 QUIZ 1
CMIT 321 QUIZ 1CMIT 321 QUIZ 1
CMIT 321 QUIZ 1HamesKellor
 
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...ijsptm
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)Bhargu Bhargavi
 
An improved ip traceback mechanism for network
An improved ip traceback mechanism for networkAn improved ip traceback mechanism for network
An improved ip traceback mechanism for networkeSAT Publishing House
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211IJNSA Journal
 
L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)Rushdi Shams
 
A fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsA fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsUltraUploader
 
Pre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkPre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
 
Internet security
Internet securityInternet security
Internet securitygohel
 
Speedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhanSpeedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhanSadan Kumar
 
N0171595105
N0171595105N0171595105
N0171595105IOSR Journals
 
Aircraft Takeoff Simulation with MATLAB
Aircraft Takeoff Simulation with MATLABAircraft Takeoff Simulation with MATLAB
Aircraft Takeoff Simulation with MATLABIOSR Journals
 

More Related Content

What's hot

ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANIJNSA Journal
 
SIP Flooding Attack Detection Using Hybrid Detection Algorithm
SIP Flooding Attack Detection Using Hybrid Detection AlgorithmSIP Flooding Attack Detection Using Hybrid Detection Algorithm
SIP Flooding Attack Detection Using Hybrid Detection AlgorithmEditor IJMTER
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...skpatel91
 
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...Journal For Research
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection finalAkshay Bansal
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question CollectionManish Luintel
 
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMSTRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMSIJNSA Journal
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full reportdeepakmarndi
 
Network Monitoring with Wireshark
Network Monitoring with WiresharkNetwork Monitoring with Wireshark
Network Monitoring with WiresharkSiddharth Coontoor
 
An architecture for generating semantic aware signatures
An architecture for generating semantic aware signaturesAn architecture for generating semantic aware signatures
An architecture for generating semantic aware signaturesUltraUploader
 
CMIT 321 QUIZ 1
CMIT 321 QUIZ 1CMIT 321 QUIZ 1
CMIT 321 QUIZ 1HamesKellor
 
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...ijsptm
 
An improved ip traceback mechanism for network
An improved ip traceback mechanism for networkAn improved ip traceback mechanism for network
An improved ip traceback mechanism for networkeSAT Publishing House
 
L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)Rushdi Shams
 
A fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsA fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsUltraUploader
 
Pre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkPre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
 
Internet security
Internet securityInternet security
Internet securitygohel
 
Speedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhanSpeedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhanSadan Kumar
 

What's hot (20)

ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCAN
 
SIP Flooding Attack Detection Using Hybrid Detection Algorithm
SIP Flooding Attack Detection Using Hybrid Detection AlgorithmSIP Flooding Attack Detection Using Hybrid Detection Algorithm
SIP Flooding Attack Detection Using Hybrid Detection Algorithm
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
 
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
BYPASSING OF DEPLOYMENT DIFFICULTIES OF IP TRACEBACK TECHNIQUES USING NEW PAS...
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
 
CEHv7 Question Collection
CEHv7 Question CollectionCEHv7 Question Collection
CEHv7 Question Collection
 
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMSTRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full report
 
Network Monitoring with Wireshark
Network Monitoring with WiresharkNetwork Monitoring with Wireshark
Network Monitoring with Wireshark
 
An architecture for generating semantic aware signatures
An architecture for generating semantic aware signaturesAn architecture for generating semantic aware signatures
An architecture for generating semantic aware signatures
 
CMIT 321 QUIZ 1
CMIT 321 QUIZ 1CMIT 321 QUIZ 1
CMIT 321 QUIZ 1
 
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
THE FIGHT AGAINST IP SPOOFING ATTACKS: NETWORK INGRESS FILTERING VERSUS FIRST...
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)
 
An improved ip traceback mechanism for network
An improved ip traceback mechanism for networkAn improved ip traceback mechanism for network
An improved ip traceback mechanism for network
 
Ijnsa050211
Ijnsa050211Ijnsa050211
Ijnsa050211
 
L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)L2 Intrusion Detection System (IDS)
L2 Intrusion Detection System (IDS)
 
A fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsA fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flows
 
Pre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the networkPre-filters in-transit malware packets detection in the network
Pre-filters in-transit malware packets detection in the network
 
Internet security
Internet securityInternet security
Internet security
 
Speedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhanSpeedy ip trace back(sipt) for identifying sadhan
Speedy ip trace back(sipt) for identifying sadhan
 

Viewers also liked

Aircraft Takeoff Simulation with MATLAB
Aircraft Takeoff Simulation with MATLABAircraft Takeoff Simulation with MATLAB
Aircraft Takeoff Simulation with MATLABIOSR Journals
 
A Proportional-Integral-Derivative Control Scheme of Mobile Robotic platforms...
A Proportional-Integral-Derivative Control Scheme of Mobile Robotic platforms...A Proportional-Integral-Derivative Control Scheme of Mobile Robotic platforms...
A Proportional-Integral-Derivative Control Scheme of Mobile Robotic platforms...IOSR Journals
 
A new approach for user identification in web usage mining preprocessing
A new approach for user identification in web usage mining preprocessingA new approach for user identification in web usage mining preprocessing
A new approach for user identification in web usage mining preprocessingIOSR Journals
 
A Survey on the Social Impacts of On-line Social Networking Sites
A Survey on the Social Impacts of On-line Social Networking SitesA Survey on the Social Impacts of On-line Social Networking Sites
A Survey on the Social Impacts of On-line Social Networking SitesIOSR Journals
 
Torque Profiles of Asymmetrically Wound Six-Phase Induction Motor (AWSP-IM) u...
Torque Profiles of Asymmetrically Wound Six-Phase Induction Motor (AWSP-IM) u...Torque Profiles of Asymmetrically Wound Six-Phase Induction Motor (AWSP-IM) u...
Torque Profiles of Asymmetrically Wound Six-Phase Induction Motor (AWSP-IM) u...IOSR Journals
 
Study of SaaS and its Application in Cloud
Study of SaaS and its Application in CloudStudy of SaaS and its Application in Cloud
Study of SaaS and its Application in CloudIOSR Journals
 
Lossless LZW Data Compression Algorithm on CUDA
Lossless LZW Data Compression Algorithm on CUDALossless LZW Data Compression Algorithm on CUDA
Lossless LZW Data Compression Algorithm on CUDAIOSR Journals
 
Domestic Solar - Aero - Hydro Power Generation System
Domestic Solar - Aero - Hydro Power Generation SystemDomestic Solar - Aero - Hydro Power Generation System
Domestic Solar - Aero - Hydro Power Generation SystemIOSR Journals
 
Impact of Price Expectation on the Demand of Electric Energy
Impact of Price Expectation on the Demand of Electric EnergyImpact of Price Expectation on the Demand of Electric Energy
Impact of Price Expectation on the Demand of Electric EnergyIOSR Journals
 
Performance Evaluation of Filters for Enhancement of Images in Different Appl...
Performance Evaluation of Filters for Enhancement of Images in Different Appl...Performance Evaluation of Filters for Enhancement of Images in Different Appl...
Performance Evaluation of Filters for Enhancement of Images in Different Appl...IOSR Journals
 
Performance Analysis of ANN Training Algorithms to Detect the Magnetization L...
Performance Analysis of ANN Training Algorithms to Detect the Magnetization L...Performance Analysis of ANN Training Algorithms to Detect the Magnetization L...
Performance Analysis of ANN Training Algorithms to Detect the Magnetization L...IOSR Journals
 
Big Data in Bioinformatics & the Era of Cloud Computing
Big Data in Bioinformatics & the Era of Cloud ComputingBig Data in Bioinformatics & the Era of Cloud Computing
Big Data in Bioinformatics & the Era of Cloud ComputingIOSR Journals
 
Effect of sowing date and crop spacing on growth, yield attributes and qualit...
Effect of sowing date and crop spacing on growth, yield attributes and qualit...Effect of sowing date and crop spacing on growth, yield attributes and qualit...
Effect of sowing date and crop spacing on growth, yield attributes and qualit...IOSR Journals
 
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...IOSR Journals
 
Accuracy, Sensitivity and Specificity Measurement of Various Classification T...
Accuracy, Sensitivity and Specificity Measurement of Various Classification T...Accuracy, Sensitivity and Specificity Measurement of Various Classification T...
Accuracy, Sensitivity and Specificity Measurement of Various Classification T...IOSR Journals
 
Multiple Constraints Consideration in Power System State Estimation
Multiple Constraints Consideration in Power System State EstimationMultiple Constraints Consideration in Power System State Estimation
Multiple Constraints Consideration in Power System State EstimationIOSR Journals
 

Viewers also liked (20)

N0171595105
N0171595105N0171595105
N0171595105
 
Aircraft Takeoff Simulation with MATLAB
Aircraft Takeoff Simulation with MATLABAircraft Takeoff Simulation with MATLAB
Aircraft Takeoff Simulation with MATLAB
 
A Proportional-Integral-Derivative Control Scheme of Mobile Robotic platforms...
A Proportional-Integral-Derivative Control Scheme of Mobile Robotic platforms...A Proportional-Integral-Derivative Control Scheme of Mobile Robotic platforms...
A Proportional-Integral-Derivative Control Scheme of Mobile Robotic platforms...
 
A new approach for user identification in web usage mining preprocessing
A new approach for user identification in web usage mining preprocessingA new approach for user identification in web usage mining preprocessing
A new approach for user identification in web usage mining preprocessing
 
A Survey on the Social Impacts of On-line Social Networking Sites
A Survey on the Social Impacts of On-line Social Networking SitesA Survey on the Social Impacts of On-line Social Networking Sites
A Survey on the Social Impacts of On-line Social Networking Sites
 
Torque Profiles of Asymmetrically Wound Six-Phase Induction Motor (AWSP-IM) u...
Torque Profiles of Asymmetrically Wound Six-Phase Induction Motor (AWSP-IM) u...Torque Profiles of Asymmetrically Wound Six-Phase Induction Motor (AWSP-IM) u...
Torque Profiles of Asymmetrically Wound Six-Phase Induction Motor (AWSP-IM) u...
 
Study of SaaS and its Application in Cloud
Study of SaaS and its Application in CloudStudy of SaaS and its Application in Cloud
Study of SaaS and its Application in Cloud
 
K1803046067
K1803046067K1803046067
K1803046067
 
Lossless LZW Data Compression Algorithm on CUDA
Lossless LZW Data Compression Algorithm on CUDALossless LZW Data Compression Algorithm on CUDA
Lossless LZW Data Compression Algorithm on CUDA
 
Domestic Solar - Aero - Hydro Power Generation System
Domestic Solar - Aero - Hydro Power Generation SystemDomestic Solar - Aero - Hydro Power Generation System
Domestic Solar - Aero - Hydro Power Generation System
 
Impact of Price Expectation on the Demand of Electric Energy
Impact of Price Expectation on the Demand of Electric EnergyImpact of Price Expectation on the Demand of Electric Energy
Impact of Price Expectation on the Demand of Electric Energy
 
D0161926
D0161926D0161926
D0161926
 
Performance Evaluation of Filters for Enhancement of Images in Different Appl...
Performance Evaluation of Filters for Enhancement of Images in Different Appl...Performance Evaluation of Filters for Enhancement of Images in Different Appl...
Performance Evaluation of Filters for Enhancement of Images in Different Appl...
 
F013114350
F013114350F013114350
F013114350
 
Performance Analysis of ANN Training Algorithms to Detect the Magnetization L...
Performance Analysis of ANN Training Algorithms to Detect the Magnetization L...Performance Analysis of ANN Training Algorithms to Detect the Magnetization L...
Performance Analysis of ANN Training Algorithms to Detect the Magnetization L...
 
Big Data in Bioinformatics & the Era of Cloud Computing
Big Data in Bioinformatics & the Era of Cloud ComputingBig Data in Bioinformatics & the Era of Cloud Computing
Big Data in Bioinformatics & the Era of Cloud Computing
 
Effect of sowing date and crop spacing on growth, yield attributes and qualit...
Effect of sowing date and crop spacing on growth, yield attributes and qualit...Effect of sowing date and crop spacing on growth, yield attributes and qualit...
Effect of sowing date and crop spacing on growth, yield attributes and qualit...
 
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
Enhancing a Dynamic user Authentication scheme over Brute Force and Dictionar...
 
Accuracy, Sensitivity and Specificity Measurement of Various Classification T...
Accuracy, Sensitivity and Specificity Measurement of Various Classification T...Accuracy, Sensitivity and Specificity Measurement of Various Classification T...
Accuracy, Sensitivity and Specificity Measurement of Various Classification T...
 
Multiple Constraints Consideration in Power System State Estimation
Multiple Constraints Consideration in Power System State EstimationMultiple Constraints Consideration in Power System State Estimation
Multiple Constraints Consideration in Power System State Estimation
 

Similar to Procuring the Anomaly Packets and Accountability Detection in the Network

Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfJessica Thompson
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)Mumbai Academisc
 
Bro Policy Assignment
Bro Policy AssignmentBro Policy Assignment
Bro Policy AssignmentTara Hardin
 
Anomalous payload based network intrusion detection
Anomalous payload based network intrusion detectionAnomalous payload based network intrusion detection
Anomalous payload based network intrusion detectionUltraUploader
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...skpatel91
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxRineri1
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
Intrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIntrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIOSR Journals
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494IJERA Editor
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayKaren Oliver
 
Experiment 7 traffic analysis
Experiment 7 traffic analysisExperiment 7 traffic analysis
Experiment 7 traffic analysisnikitaa25
 
IRJET- Gray-Hole Attack Minimization based on contradiction for ad-hoc networks
IRJET- Gray-Hole Attack Minimization based on contradiction for ad-hoc networksIRJET- Gray-Hole Attack Minimization based on contradiction for ad-hoc networks
IRJET- Gray-Hole Attack Minimization based on contradiction for ad-hoc networksIRJET Journal
 

Similar to Procuring the Anomaly Packets and Accountability Detection in the Network (20)

Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1
 
6
66
6
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdfA Deeper Look into Network Traffic Analysis using Wireshark.pdf
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)A wireless intrusion detection system and a new attack model (synopsis)
A wireless intrusion detection system and a new attack model (synopsis)
 
Bro Policy Assignment
Bro Policy AssignmentBro Policy Assignment
Bro Policy Assignment
 
Anomalous payload based network intrusion detection
Anomalous payload based network intrusion detectionAnomalous payload based network intrusion detection
Anomalous payload based network intrusion detection
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
 
Understanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptxUnderstanding Intrusion Detection & Prevention Systems (1).pptx
Understanding Intrusion Detection & Prevention Systems (1).pptx
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
Advance Technology
Advance TechnologyAdvance Technology
Advance Technology
 
Intrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural NetworkIntrusion Detection Systems By Anamoly-Based Using Neural Network
Intrusion Detection Systems By Anamoly-Based Using Neural Network
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
 
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsLayered Approach for Preprocessing of Data in Intrusion Prevention Systems
Layered Approach for Preprocessing of Data in Intrusion Prevention Systems
 
Ii2514901494
Ii2514901494Ii2514901494
Ii2514901494
 
Dn36682688
Dn36682688Dn36682688
Dn36682688
 
Network Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain EssayNetwork Vulnerabilities And Cyber Kill Chain Essay
Network Vulnerabilities And Cyber Kill Chain Essay
 
Experiment 7 traffic analysis
Experiment 7 traffic analysisExperiment 7 traffic analysis
Experiment 7 traffic analysis
 
IRJET- Gray-Hole Attack Minimization based on contradiction for ad-hoc networks
IRJET- Gray-Hole Attack Minimization based on contradiction for ad-hoc networksIRJET- Gray-Hole Attack Minimization based on contradiction for ad-hoc networks
IRJET- Gray-Hole Attack Minimization based on contradiction for ad-hoc networks
 

More from IOSR Journals

More from IOSR Journals (20)

A011140104
A011140104A011140104
A011140104
 
M0111397100
M0111397100M0111397100
M0111397100
 
L011138596
L011138596L011138596
L011138596
 
K011138084
K011138084K011138084
K011138084
 
J011137479
J011137479J011137479
J011137479
 
I011136673
I011136673I011136673
I011136673
 
G011134454
G011134454G011134454
G011134454
 
H011135565
H011135565H011135565
H011135565
 
F011134043
F011134043F011134043
F011134043
 
E011133639
E011133639E011133639
E011133639
 
D011132635
D011132635D011132635
D011132635
 
C011131925
C011131925C011131925
C011131925
 
B011130918
B011130918B011130918
B011130918
 
A011130108
A011130108A011130108
A011130108
 
I011125160
I011125160I011125160
I011125160
 
H011124050
H011124050H011124050
H011124050
 
G011123539
G011123539G011123539
G011123539
 
F011123134
F011123134F011123134
F011123134
 
E011122530
E011122530E011122530
E011122530
 
D011121524
D011121524D011121524
D011121524
 

Recently uploaded

HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoĂŁo Esperancinha
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...ranjana rawat
 
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...Call girls in Ahmedabad High profile
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 

Recently uploaded (20)

HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
 
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...
High Profile Call Girls Dahisar Arpita 9907093804 Independent Escort Service ...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 

Procuring the Anomaly Packets and Accountability Detection in the Network

  • 1. IOSR Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p- ISSN: 2278-8727Volume 13, Issue 1 (Jul. - Aug. 2013), PP 134-137 www.iosrjournals.org www.iosrjournals.org 134 | Page Procuring the Anomaly Packets and Accountability Detection in the Network V. Laxman1 , Ms. P. Subhadra2 1 (Master of Technology, Computer Science and Engineering, Vardhaman College of Engineering, Hyderabad, India, 2 (Associate Professor Computer Science and Engineering, Vardhaman College of Engineering, Hyderabad, India) Abstract: It is software that will be used to find the anomaly packets in Voice over Internet Protocol (VoIP) devices, such as soft phones and VoIP gateways to the Session Initiation Protocol specifications, and to test the compliance and interoperability of VoIP equipment produced by different manufacturers. Network traffic is often "different" from benign traffic in ways that can be distinguished without knowing the nature of the attack. We describe a two stage anomaly detection system for identifying suspicious traffic. First, we filter traffic to pass only the packets of most interest, e.g. the first few packets of incoming server requests. Second, we model the most common protocols (IP, TCP, telnet, FTP, SMTP, HTTP) at the packet byte level to flag events (byte values) that have not been observed for a long time. Different software’s are available on the market to conduct a compliance and interoperability validation phase. However, they often have features limited to packet capturing and decoding, or they are simulation tools that often require a complex developing phase to define the behavior of each test. The proposed tool, instead, can be inserted into an Session Initiation Protocol (SIP) network and is capable of observing and finding, in an automatic way. It executes in three phases. 1. SIP messages flowing in the network are captured. 2. In charge of grouping SIP messages into transactions and dialog. 3. Operates by comparing the message flow with a set of predefined rules. These Rules are classified into two groups. 1. Static Rules have been obtained by the direct analysis of SIP specifications. 2. Dynamic Rules have been obtained by experience with SIP compliance and interoperability testing. If some rules failed during verification, an output is reported by indicating the rule that failed and a list of possible fault causes. Index Terms- Protocol, IDS, Anomaly.. I. Introduction At present, attacks on Internet infrastructure, in the form of denial of service (DoS) attacks and worms, have become one of the most serious threats to the network security. it could become possible to detect the attacks, anomalies and to appropriately take action to mitigate them before they have had much time to propagate across the network. Most network intrusion detection systems (IDS) that use anomaly detection look for anomalous or unusual port number and IP addresses, where "unusual" means any value not observed in training on normal (presumably non hostile) traffic. They use the firewall paradigm; a packet addressed to a nonexistent host or service must be hostile, so we reject it. The problem with the firewall model is that attacks addressed to legitimate services will still get through, even though the packets may differ from normal traffic in ways that could detect. In general, methodology to detecting anomalies envisions two kinds of detection mechanisms: postmortem and real-time modes. Given the variety of anomalies, it makes sense to examine as many attributes as possible, not just the packet ports and addresses, as many systems now do. Also, because the rates of many types of network events vary unpredictably over a wide range of time scales, we use a time-dependent model, in which the probability of an event depends on the time since it last occurred, instead of on its average rate. The idea is that if an attribute takes on a novel value, or at least one not seen recently, then the data is suspicious. In this paper, we briefly review previous work on packet buffer architectures and present scalable and efficient hierarchical packet buffer architecture. This is our first attempt to combine the merits of two previously published packet buffer architectures. Consequently, the SRAM occupancy has been significantly reduced. By fully exploring the advantage of parallel DRAMs, we first propose a memory management algorithm (MMA) called Random Round Robin (RRR). Thereafter, we devise a “traffic-aware” approach which aims to provide different services for different types of data streams. This approach further reduces the system overhead. Both mathematical analysis and simulation demonstrate that the proposed architecture together with
  • 2. Procuring The Anomaly Packets And AccountabilityDetection In theNetwork www.iosrjournals.org 135 | Page its algorithm reduce the overall SRAM requirement significantly while providing guaranteed performance in terms of low time complexity, upper bounded drop rate, and uniform allocation of resources. II. Background And Literature Survey Network intrusion detection systems like snort (2001) or Bro (Paxson, 1998) typically use signature detection, matching patterns in network traffic to the patterns of known attacks. This works well, but has the obvious disadvantage of being vulnerable to novel attacks. An alternative approach is anomaly detection, which models normal traffic and signals any deviation from this model as suspicious. The idea is based on work by Forrest et al. (1996), who found that most UNIX processes make (mostly) highly predictable sequences of system calls in normal use. When a server or suid root program is compromised (by a buffer overflow, for example), it executes code supplied by the attacker, and deviates from its normal calling sequence. It is not possible to observe every possible legitimate pattern in training, so an anomaly detector requires some type of machine learning algorithm in order to generalize from the training set. Models are usually based on the distribution of source and destination addresses and ports per transaction (TCP connections, and sometimes UDP and ICMP packets). For example, SPADE offers four probability models (estimated by average frequency) of incoming TCP connections: · P(destination-address, destination-port) · P(source-address, destination-address, destination-port) · P(source-address, source-port, destination-address, destination-port) · Bayes network approximation of the above. Lower probabilities result in higher anomaly scores, since these are presumably more likely to be hostile. In general, five types of anomalies in hostile traffic are identified. 2.1 User Behavior: Hostile traffic may have a novel source address because it comes from an unauthorized user of a restricted (password protected) service. Also, probes such as ipsweep and portsweep may attempt to access nonexistent hosts and services, generating anomalies in the destination addresses and port numbers. 2.2 Bug Exploits: Attacks often exploit errors in the target software, for example, a buffer overflow vulnerability. Such errors are most likely to be found in the least-used features of the program, because otherwise the error is likely to have been discovered during normal use and fixed in a later version. Thus, any remaining errors are invoked only with unusual inputs (e.g. a very long argument to a seldom used command), which are not likely to occur during normal use. 2.3 Response Anomalies: Sometimes a target will generate anomalous outgoing traffic in response to a successful attack, for example, a victimized mail server passing root shell command responses back to an attacker. This is analogous to Forrest's host based detection method , where a server compromise can be detected because it makes unusual sequences of system calls. 2.4 Bugs in the attack: Attackers typically must implement client protocols themselves, and will fail to duplicate the target environment either out of carelessness or because it is not necessary. For example, many text based protocols such as FTP, SMTP and HTTP allow either uppercase or lowercase commands. An attacker may use lowercase for convenience, even though normal clients might always use uppercase. 2.5 Evasion: Attackers may deliberately manipulate network protocols to hide an attack from an improperly coded intrusion detection system (IDS) monitoring the application layer. Such methods include IP fragmentation, overlapping TCP segments that do not match, deliberate use Of bad checksums, short TTL values, and so on. Such events must be rare in normal traffic, or else the IDS would have been written to handle them properly. III. Model Description Anomaly model detectors like PHAD, detects anomalies in network packets. However, it differs as follows: 1. The traffic is filtered, so only the start of incoming server requests are examined. 2. Starting with the IP header, we treat each of the first 48 bytes as an attribute for our models--we do not parse the packet into fields. 3. There are 9 separate models corresponding to the most common protocols (IP, TCP, HTTP, etc.). 4. The anomaly score tn/r is modified to (among other things) score rare, but not necessarily novel, events. 3.1. Traffic Filtering The first stage of NETAD is to filter out uninteresting traffic. Most attacks are initiated against a target server or operating system, so it is usually sufficient to examine only the first few packets of incoming server requests. This not only filters out traffic likely to generate false alarms NETAD separately models 9 subsets of the filtered traffic corresponding to 9 common packet types, as follows. · All IP packets (including TCP, UDP, and ICMP).
  • 3. Procuring The Anomaly Packets And AccountabilityDetection In theNetwork www.iosrjournals.org 136 | Page · All TCP packets. · All TCP SYN packets (with no other flags set, normally the first packet, usually containing TCP options and no payload). · All TCP ACK packets (normally the second and subsequent packets, which contain a payload). · TCP ACK packets to ports 0-255. · TCP ACK to port 21 (FTP). · TCP ACK to port 23 (telnet). · TCP ACK to port 25 (SMTP mail). · TCP ACK to port 80 (HTTP). A packet may belong to more than one subset. For instance, an HTTP data packet is also TCP ports 0- 255, TCP ACK, TCP, and IP. For each model, an anomaly score is computed, and the sum is assigned to the packet. The reason for modeling ports 0-255 is for ease of implementation. Each packet type can be distinguished from some other by examining only one attribute (byte). For instance, ports 0-255 can be distinguished from other TCP ACK packets by examining only the upper byte of the destination port number. IV. Experimental Analysis We employed a 2-hour DWT window in 1-minute sampling interval. It can be decomposed up to level 7. The results of our real-time analysis are shown in Fig. 1. The DWT signal at each timescales is shown along with the horizontal detector (an anomaly detected over successive samples at the same level). The bottom-most picture shows the composite detector that employs two -dimensional mechanism using horizontal and vertical detection simultaneously . The results indicate that the real-time analysis detects all the attacks along with a few anomalies present in the base signal. It seems feasible to carry out a similar correlation and wavelet-based analysis of network packets based on their port numbers. Is it possible to combine several indicators to build a more robust anomaly detector that is less prone to false alarms? Fig. 2 shows the comprehensive anomaly detector based on a combination of addresses and port numbers. Figure 1. Address based detection results using simulated attack traces in real-time
  • 4. Procuring The Anomaly Packets And AccountabilityDetection In theNetwork www.iosrjournals.org 137 | Page Figure 2. The multidimensinal detection results The two kinds of dots at the bottom of the picture show detection results. The dots located on top are marked when both the address and port methods detect anomalies simultaneously. V. Conclusions Intrusions generate anomalies because of bugs in the victim program, the attacking program, or the IDS, or because the victim generates anomalous output after an attack. We have seen examples of all four types of anomalies: 1. Strange input to poorly tested software, e.g. the corrupted packets used by teardrop, pod, dosnuke. 2. Strange data from poorly written attacks, e.g. bad checksums in smurf and udpstorm. 3. Strange data used to hide an attack from layers above, e.g. FIN scanning by portsweep. 4. Strange responses from the victim, e.g. unusual TCP options generated by apache2. The proposal like any network anomaly detector, does not describe the nature of an attack, or even indicate if an event is hostile or not. Instead, it just finds unusual or interesting events in a vast amount of data, and brings them to the attention of a network security expert for further analysis. It is meant to supplement, rather than replace, existing security tools and methods, such as code reviews, encryption, firewalls, virus detectors, and so on. Like all security tools, it requires some investment of time and effort to use it. The challenge is to use good filtering to minimize this effort. References [1] Bell, Timothy, Ian H. Witten, John G. Cleary, "Modeling for Text Compression", ACM Computing Surveys (21)4, Dec.1989 ,pp. 557-591. [2] Barbará, D., N. Wu, S. Jajodia, "Detecting Novel Network Intrusions using Bayes Estimators", First SIAM International Conference on Data Mining, 2001, [3] Floyd, S. and V. Paxson, "Difficulties in Simulating the Internet." To appear in IEEE/ACM Transactions on Networking, 2001. http://www.aciri.org/vern/papers.html [4] Forrest, S., S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A Sense of Self for Unix Processes", Proceedings of 1996 IEEE Symposium on Computer Security and Privacy. ftp://ftp.cs.unm.edu/pub/forrest/ieee-sp-96-unix.pdf [5] Lippmann, R., et al., "The 1999 DARPA Off-Line Intrusion Detection Evaluation", Computer Networks 34(4) , 2000,579-595. [6] Mahoney, M., P. K. Chan, "PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic", Florida Tech. technical report 2001-04, http://cs.fit.edu/~tr/ [7] Mahoney, M., P. K. Chan, "Learning Models of Network Traffic for Detecting Novel Attacks", Florida Tech. technical report 2002-08, http://cs.fit.edu/~tr/ [8] Mahoney, M., P. K. Chan, "Learning Non stationary Models of Normal Network Traffic for Detecting Novel Attacks ", Edmonton, Alberta: Proc. SIGKDD, 2002, 376-385. [9] Paxson, Vern, "Bro: A System for Detecting Network Intruders in Real-Time", Lawrence Berkeley National Laboratory Proceedings, 7'th USENIX Security Symposium, Jan. 26-29, 1998, San Antonio TX, [10] F. Wang, M. Hamdi, and J. Muppala, “Using Parallel DRAM to Scale Router Buffers,” IEEE Trans. Parall and Distributed Systems, vol. 20, May 2009, pp. 710-724. [11] G. Appenzeler, I. Keslassy, and N. McKeown, “Sizing Router Buffers,” ACM SIGCOMM Computer Comm. Rev., vol. 34, no. 4, Oct. 2004, pp. 281-292. [12] G. Shrimali and N. McKeown, “Building Packet Buffers with Interleaved Memories,” Proc.Workshop High Performance Switching and Routing (HPSR ’05), May 2005, pp. 1-5. [13] H. Wang and B. Lin, “Block-Based Buffer with Deterministic Packet Departure,” Proc. Int’l Conf. High Performance Switching and Routing (HPSR ’10), June 2010, pp. 38-43. [14] H. Wang, H. Zhao, B. Lin, and J. Xu, “Design and Analysis of a Robust Pipelined Memory System,” Proc. IEEE INFOCOM ’10, Mar. 2010 ,pp. 1-9,. [15] J. Corbal, R. Espasa, and M. Valero, “Command Vector Memory Systems: High performance at Low Cost,” Proc. Int’l Conf. Parallel Architectures and Compilation Techniques,Oct. 1998 ,pp. 68-77. [16] J. Garcia, J. Corbal, L. Cerda, and M. Valero, “Design and Implementation of High-Performance Memory Systems for Future Packet Buffers,” Proc. IEEE/ACM 36th Ann. Int’l Symp. Micro architecture (Micro ’03), Dec. 2003, pp. 372-384.