LIGHT WEIGHT DISTRIBUTED INTRUSION DETECTION SYSTEM

摘要

Network Intrusion Detection System sniffs network traffic of entire network and converts it into network traffic (i.e. network connection) records. These records contains many features (i.e. attributes) like ˜Source to destination Bytes™, ˜Destination to source Bytes™, ˜Duration of connection™, ˜Percentage of connections having error™, ˜Status of connection™. Under the presence of attack some of the network connection features indicates the error. These features are ˜% of connection to same host machine having SYN error™, ˜% of connection to same host machine having REJ error™, ˜% of connection to same service having SYN error™, etc. Proposed methodology herewith is used to detect DoS/DDoS attacks. It first looks for existence of error in the network traffic record and if error is present in it then only that record will be further analyzed for possible DoS/DDoS attack. This reduces the amount of data need to be analyzed for detection of DOS/DDoS attack.