Survey on Selected Features Used for Network Level Attack Detection  
Author Chad Calvert

 

Co-Author(s) Taghi M. Khoshgoftaar; Maryam M. Najafabadi

 

Abstract Due to an increased number of cyber-attacks and their often sophisticated nature, network security has become increasingly more difficult to ensure. Numerous detection methodologies have been proposed to offer defense against varying forms of attack, but knowing which attacks are more prevalent and which features are most successful in terms of identification is a growing need. In this work, we aim to identify which attack types are of most concern in today’s industries and survey which identifying features are being utilized to detect said attacks. Specifically, in this paper we focus on six types of attacks: denial of service, botnets, port scanning, brute force, worms, and polymorphic attacks. These attacks were chosen due to their past and continued usage as popular attacking techniques. For each attack, we give a brief overview of its focus and behavior and then evaluate which, if any, key features are most important during the detection process. This evaluation is unique in that it focuses not only on common attack types but also takes special interest in the harder-to-detect stealthy and distributed variants of these attacks.

 

Keywords Network Intrusion Detection Systems, Selected Features, Denial of Service, Brute Force, Port Scanning, Worms, Polymorphic Attacks
   
    Article #:  21168
 
Proceedings of the 21st ISSAT International Conference on Reliability and Quality in Design
August 6-8, 2015 - Philadelphia, Pennsylvia, U.S.A.