Using Relational Schemata in a Computer Immune System to Detect Multiple-Packet Network Intrusions

<p>Given the increasingly prominent cyber-based threat there are substantial research and development efforts underway in network and host-based intrusion detection using single-packet traffic analysis. However there is a noticeable lack of research and development in the intrusion detection realm with regard to attacks that span multiple packets. This leaves a conspicuous gap in intrusion detection capability because not all attacks can be found by examining single packets alone. Some attacks may only be detected by examining multiple network packets collectively considering how they relate to the big picture not how they are represented as individual packets. This research demonstrates a multiple-packet relational sensor in the context of a Computer Immune System (CIS) model to search for attacks that might otherwise go unnoticed via single-packet detection methods. Using relational schemata multiple-packet CIS sensors define self based on equal less than and greater than relationships between fields of routine network packet headers. Attacks are then detected by examining how the relationships among attack packets may lay outside of the previously defined self. Furthermore this research presents a graphical user-interactive means of network packet inspection to assist in traffic analysis of suspected intrusions. The visualization techniques demonstrated here provide a valuable tool to assist the network analyst in discriminating between true network attacks and false positives often a time-intensive and laborious process.</p><p>This work has been selected by scholars as being culturally important and is part of the knowledge base of civilization as we know it. This work was reproduced from the original artifact and remains as true to the original work as possible. Therefore you will see the original copyright references library stamps (as most of these works have been housed in our most important libraries around the world) and other notations in the work.</p><p>This work is in the public domain in the United States of America and possibly other nations. Within the United States you may freely copy and distribute this work as no entity (individual or corporate) has a copyright on the body of the work.</p><p>As a reproduction of a historical artifact this work may contain missing or blurred pages poor pictures errant marks etc. Scholars believe and we concur that this work is important enough to be preserved reproduced and made generally available to the public. We appreciate your support of the preservation process and thank you for being an important part of keeping this knowledge alive and relevant.</p><br>