Title: Transforming voluminous data flow into continuous connection vectors for IDS

Authors: Maher Salem; Ulrich Buehler

Addresses: Department of Applied Computer Science, University of Applied Sciences Fulda, Marquardstr 36, 36039 Fulda, Germany ' Department of Applied Computer Science, University of Applied Sciences Fulda, Marquardstr 36, 36039 Fulda, Germany

Abstract: Handling massive data flows in the online intrusion detection systems is considered one of the major challenges in computer network security. This paper presents a novel method that overcomes this challenge using data mining and statistical techniques. The main contributions of the proposed method are: 1) capturing network traffic and hosts' activities using an intelligent aggregator; 2) introducing a queuing concept of dynamic window size; 3) an improved correlation method between network packets and hosts' events; 4) exporting continuous connection vectors based on certain features set. The proposed method has been evaluated using offline, synthetic, and realistic data flow. Moreover, it is compared to other competent methods. We have examined the plausibility and scalability of the constructed connection vectors by using them in evaluating intrusion detection models.

Keywords: data flow aggregation; network security; intrusion detection systems; real-time systems; data mining; performance monitoring; continuous connection vectors; IDS; massive data flows; intelligent aggregators; queuing; dynamic window size; network packets; host events.

DOI: 10.1504/IJITST.2014.068710

International Journal of Internet Technology and Secured Transactions, 2014 Vol.5 No.4, pp.307 - 326

Received: 01 Mar 2014
Accepted: 26 Jun 2014
Published online: 22 Apr 2015 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article