Analysis And Evaluation Of Network Intrusion Detection Methods; A Case Of Anomaly Detection And Signature Detection Approaches

ABSTRACT

Many Network administrators and network analysts in organizations do not know which

intrusion detection system to use. This is partly due to the fact that there is no clear

comparison between the different intrusion detection systems. Therefore. organizations

need concrete comparisons between different tools in order to choose which best suitc for

their needs is. This research aims at comparing anomaly with signature detection methods

in order to establish which is best suited to guard organization. such as data theft. The

difference between anomaly and signature-based detection is that an anomaly Intrusion

Detection System needs to be trained and generate many alerts, the majority of which

being false alarms: hence another aim is to establish the in influence of the training

period length of an anomaly Intrusion Detection system on its dctcction rate. I lence. this

research presents a Network-based Intrusion Detection System evaluation testbed setup.

and it shows the setup for two of these using the signature detector (Snort) and the

anomaly detector Statistical Packet Anomaly Detection Engine (SPADE). Thc evaluation

testbed is then used to create a data theft scenario that includes the follo’s ing stages:

reconnaissance: gaining unauthorized access: and finally data theft. Therefore. it offers

the opportunity to compare both detection methods with regards to that threat. this

research acts as documentation for setting up a network Intrusion Detection System

evaluation testbed. SPADE. lack a centralized documentation and no research paper

could be identified that clearly documents the configuration of an evaluation testbed for

Intrusion Detection System. Standards for evaluating Intrusion Detection System could

not identified, and thus this required the creation of a bespoke evaluation testbed which.

in tum~ limited the time dedicated to evaluating the threat scenario itself. Along with this.

results show that configuration. testing and verification of the anomaly detection s> stem

is highly error-prone.

 

Subscribe to access this work and thousands more
Overall Rating

0

5 Star
(0)
4 Star
(0)
3 Star
(0)
2 Star
(0)
1 Star
(0)
APA

JAMES, K (2021). Analysis And Evaluation Of Network Intrusion Detection Methods; A Case Of Anomaly Detection And Signature Detection Approaches. Afribary. Retrieved from https://afribary.com/works/analysis-and-evaluation-of-network-intrusion-detection-methods-a-case-of-anomaly-detection-and-signature-detection-approaches

MLA 8th

JAMES, KAWEESA "Analysis And Evaluation Of Network Intrusion Detection Methods; A Case Of Anomaly Detection And Signature Detection Approaches" Afribary. Afribary, 03 Jun. 2021, https://afribary.com/works/analysis-and-evaluation-of-network-intrusion-detection-methods-a-case-of-anomaly-detection-and-signature-detection-approaches. Accessed 07 Oct. 2024.

MLA7

JAMES, KAWEESA . "Analysis And Evaluation Of Network Intrusion Detection Methods; A Case Of Anomaly Detection And Signature Detection Approaches". Afribary, Afribary, 03 Jun. 2021. Web. 07 Oct. 2024. < https://afribary.com/works/analysis-and-evaluation-of-network-intrusion-detection-methods-a-case-of-anomaly-detection-and-signature-detection-approaches >.

Chicago

JAMES, KAWEESA . "Analysis And Evaluation Of Network Intrusion Detection Methods; A Case Of Anomaly Detection And Signature Detection Approaches" Afribary (2021). Accessed October 07, 2024. https://afribary.com/works/analysis-and-evaluation-of-network-intrusion-detection-methods-a-case-of-anomaly-detection-and-signature-detection-approaches