UTILIZING INTRUSION PREVENTION SYSTEM TO FETCH OBSCURE SESSIONS OVER NETWORK TRAFFIC
Keywords:
IPS, Obscure, Obvious Sessions, Entireness, Perfectness, P-FN, P-FP, N-FN, N-FPAbstract
To a great extent traffic travels on the network every minute a day. As the traffic increases much of signatures get defined. Some traffic falls into category of ‘obvious’ and another into ‘obscure’. Obvious is what network expects and healthily transmits but obscure will be causing harm to network. When it comes to distinguishing between obvious and obscure traffic, a lot of packets has to pass through an Intrusion Prevention System and on the basis of that whatever packets moves towards right destination carrying destined information and the packets causing harm to the network can be distinguished. So wise False Positives and False Negatives happens to every IPSs. None of the system could judge better all the time. The key purpose here is to design Obscure Session Fetching (OSF) System to fetch obscure sessions as entire and perfect as possible which gives IPS developers resources for further analysis. First, the OSF captures real traffic and replays captured traffic traces to multiple IPSes then starts to fetch obscure traffic from replayed traffic traces and then verifies and validates it. IPS developers can further analyse the fetched traffic traces and confirm that some are FNs or FPs. To entirely and perfectly fetch an obscure session, the OSF uses an association mechanism based on anchor packets, five tuples and time, and similarity for the first packet, first connection, and whole session, respectively. It calculates the degree of similarity among packets to fetch an obscure session containing multiple connections. I defined variation and entireness/perfectness as the indexes to evaluate the OSF. The experiments demonstrate that 97% of fetched sessions have low variation, and the average entireness/perfectness is around 85%. Also presented four case studies, First is a P-FN andthe other is a P-FP, and second is a N-FN and the other is a N-FP found by the OSF and confirmed by the IPS developers.
References
False Positives and Negatives from Real Traffic with Intrusion Detection/Prevention Systems.
Cheng-Yuan Ho, Ying-Dar Lin , Yuan-Cheng Lai, I-Wei Chen, Fu-Yu Wang and Wei-Hsuan Tai, National Chiao Tung University, Taiwan, National Taiwan University of Science and Technology, Taiwan.
T. Bhaskar, N. Kamath B and S. D. Moitra, “A hybrid model for network security systems: Integrating intrusion detection system with survivability,” International Journal of Network Security, vol.7, no.2, pp. 249–260, Sept. 2008.
J. Zeng and D. Guo, “Agent-based intrusion detection for network-based application,” International Journal of Network Security, vol.8, no.3, pp. 201–210, May 2009.
P. Kabiri and A. A. Ghorbani, “A rule-based temporal alert correlation system,” International Journal of Network Security, vol.5, no.1, pp. 66–72, July 2007.
Virustotal, http://www.virustotal.com.
G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, “Bothunter: Detecting malware infection through IDS-driven dialog correlation,” Proc. of the 16th USENIX Security Symposium, Aug. 2006.
Anti Phishing Working Group. Phishing Activity Trends Report {3rd Quarter 2009,". www.antiphishing.org/reports/ apwg_report_Q3_2009.pdf.
S.Vikram Phaneendra, “Minimizing Client-Server Traffic Based on AJAX”, International Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 1, 2012, pp. 10 - 16, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.
Archana Chougule and Dr.Vijay Wadhai, “Performance Analysis of Manet Routing Protocol in Presence of Hybrid Traffic”, International Journal of Computer Engineering & Technology (IJCET), Volume 1, Issue 2, 2010, pp. 160 - 165, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.
N. Thangadurai and Dr. R. Dhanasekaran, “Effective Power Consumption Model for a Network with Uniform Traffic Pattern”, International Journal of Computer Engineering & Technology (IJCET), Volume 3, Issue 2, 2012, pp. 561 - 570, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.
Downloads
Published
Issue
Section
License
Copyright (c) -1 Pankaj Hari Durole, Vivek Kshirsagar (Author)
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
