| Summary: | Network has grows to a mammoth size and becoming more complex, thus exposing the services it offers towards multiple types of intrusion vulnerabilities.One method to overcome
intrusion is by introducing Intrusion Detection System (IDS) for detecting the threat before it can damage the network resources.IDS have the ability to analyze network traffic and recognize incoming and on-going network attack.In detecting
intrusion attack, Information gathering on such activity can be classified into fast attack and slow attack.Yet, majority of the current intrusion detection systems do not have the ability to
differentiate between these two types of attacks. Early detection of fast attack is very useful in a real time environment; in which it can help the targeted network from further intrusion that
could let the intruder to gain access to the vulnerable machine.To address this challenge, this paper introduces a fast attack detection framework that set a threshold value to differentiate
between the normal network traffic and abnormal network traffic on the victim perspective. The threshold value is abstract with the help of suitable set of feature used to detect the
anomaly in the network. By introducing the threshold value, anomaly based detection can build a complete profile to detect any intrusion threat as well as at the same time reducing it false
alarm alert.
|
|---|