HPNAIDM: The High-Performance Network Anomaly/Intrusion Detection and Mitigation System
- Northwesten University
Identifying traffic anomalies and attacks rapidly and accurately is critical for large network operators. With the rapid growth of network bandwidth, such as the next generation DOE UltraScience Network, and fast emergence of new attacks/virus/worms, existing network intrusion detection systems (IDS) are insufficient because they: • Are mostly host-based and not scalable to high-performance networks; • Are mostly signature-based and unable to adaptively recognize flow-level unknown attacks; • Cannot differentiate malicious events from the unintentional anomalies. To address these challenges, we proposed and developed a new paradigm called high-performance network anomaly/intrustion detection and mitigation (HPNAIDM) system. The new paradigm is significantly different from existing IDSes with the following features (research thrusts). • Online traffic recording and analysis on high-speed networks; • Online adaptive flow-level anomaly/intrusion detection and mitigation; • Integrated approach for false positive reduction. Our research prototype and evaluation demonstrate that the HPNAIDM system is highly effective and economically feasible. Beyond satisfying the pre-set goals, we even exceed that significantly (see more details in the next section). Overall, our project harvested 23 publications (2 book chapters, 6 journal papers and 15 peer-reviewed conference/workshop papers). Besides, we built a website for technique dissemination, which hosts two system prototype release to the research community. We also filed a patent application and developed strong international and domestic collaborations which span both academia and industry.
- Research Organization:
- Northwestern Univ., Evanston, IL (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- FG02-05ER25692
- OSTI ID:
- 1108982
- Report Number(s):
- DOE-NORTHWESTERN-25692-3
- Country of Publication:
- United States
- Language:
- English
Similar Records
Large-scale Computing Distributed Intrusion Detection
Profile-based adaptive anomaly detection for network security.