An Adaptive Approach to Improve the Accuracy of Packet Pre-Filtering

摘要

The current day networks are under deliberate, continuous and premeditated attacks such as Hacker attacks, DoS attacks, IP Address Spoofing, Phishing, Sniffer attacks etc. The Network Intrusion Detection Systems (NIDS) proved to be reliable in parrying most of the issues and challenges faced by the corporate network security systems. But, the NID systems fall short in providing a completely fool -proof network security environment. False negatives and false positives proved to be considerable bottle necks in securing the networks from the attacks. This paper deals with the introduction of a software approach for the packet pre-filtering to ease security threats and the introduction of Network Behavior Analysis to enhance the security of the network. The Network Behavior Analysis helps the system to ease the burdens to the network and security of the network by the false positives. The NIDS compares all the incoming packets with the predefined rules or signatures to find suspicious patterns. The pre-filtering approach used in this paper is a result of the observation that very rarely an incoming packet matches the signatures or the IDS rules. During the pre-filtering step, a small portion of the packet is compared against the predefined signatures for any suspicious patterns and the initial pre-filtering match is considered for a full match. For time efficiency, this strategy is compared to more optimistic schemes that allow reassignment of flows between threads, and evaluated using several network packet traces.