首页>
外军国防科技报告
>ARL-TR-8578 - The Use of Packet Header Anomaly Detection in Lossy Network Traffic Compression for Network Intrusion Detection Applications | U.S. Army Research Laboratory
【2h】
ARL-TR-8578 - The Use of Packet Header Anomaly Detection in Lossy Network Traffic Compression for Network Intrusion Detection Applications | U.S. Army Research Laboratory
This report describes efforts to employ a packet header anomaly detection algorithm to measure how unusual each packet is. A compression tool is written that compares this measure against a threshold, keeping only that traffic that is more unusual than the threshold. The Snort network intrusion detection tool is run against the data set to establish a baseline of alerts. It is then runagainst the compressed data set to discover how many alerts were lost or the alert loss rate. The threshold is lowered and the experiment repeated several times. The size of the data expressed as a percentage of the original size and the alert lost rate are plotted against these thresholds to show the threshold that provides the best compression with the acceptable alert loss.
展开▼
