Abstract
In this paper we review the problem of packet loss as it pertains to Network Intrusion Detection, seeking to answer two fundamental research questions which are stepping stones towards building a model that can be used to predict the rate of alert loss based upon the rate of packet loss. The first question deals with how the packet loss rate affects the sensor alert rate, and the second considers how the network traffic composition affects the results of the first question. Potential places where packet loss may occur are examined by dividing the problem into network, host, and sensor based packet loss. We posit theories about how packet loss may present itself and develop the Packet Dropper that induces packet loss into a dataset. Drop rates ranging from 0% to 100% are applied to four different datasets and the resulting abridged datasets are analyzed with Snort to collect alert loss rate. Conclusions are drawn about the importance of the distribution of packet loss and the effect of the network traffic composition.
Article PDF
Avoid common mistakes on your manuscript.
References
A. T. Mzrak, S. Savage and K. Marzullo, “Detecting Malicious Packet Losses,” Parallel and Distributed Systems, IEEE Transactions on, pp. 191–206, 2009.
T. O’Neill, “SPAN Port or TAP? CSO Beware,” 23 August 2007. [Online]. Available: http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html. [Accessed 21 February 2012].
K. Salah and A. Kahtani, “Improving Snort performance under Linux,” IET Communications, pp. 1883–1895, 2009.
L. Schaelicke and J. C. Freeland, “Characterizing sources and remedies for packet loss in network intrusion detection systems,” in Workload Characterization Symposium, 2005. Proceedings of the IEEE International, Austin, Texas, 2005.
G. Vasiliadis, M. Polychronakis and S. Ioannidis, “MIDeA: a multi-parallel intrusion detection architecture,” in Proceedings of the 18th ACM conference on Computer and communications security, New York, 2011.
Z. Yueai and C. Junjie, “Application of Unbalanced Data Approach to Network Intrusion Detection,” in First International Workshop on Database Technology and Applications, 2009.
B.-H. Chung, J.-N. Kim, S.-W. Sohn and C.-h. Park, “Kernel-level intrusion detection system for minimum packet loss,” in Advanced Communication Technology, 2004. The 6th International Conference on, 2004.
N.-U. Kim, M.-W. Park, S.-H. Park, S.-M. Jung, J.-H. Eom and T.-M. Chung, “A study on effective hash-based load balancing scheme for parallel NIDS,” in Advanced Communication Technology (ICACT), 2011 13th International Conference on, 2011.
B. Song, W. Yang, M. Chen, X. Zhao and J. Fan, “Achieving Flow-Level Controllability in Network Intrusion Detection System,” in SNPD ‘10 Proceedings of the 2010 11th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, Washington, DC, 2010.
C. Wei, Z. Fang, W. Li, X. Liu and H. Yang, “The IDS Model Adapt to Load Characteristic under,” in CORD Conference Proceedings, 2008.
E. N. Gilbert, “Capacity of a Burst-Noise Channel,” The Bell System Technical Journal, pp. 1253–1265, 1960.
P. Asadoorian, “The Mid-Atlantic Regional CCDC 2010 Event - Part I,” 18 March 2010. [Online]. Available: http://www.tenable.com/blog/the-mid-atlantic-regional-ccdc-2010-event-part-i. [Accessed 22 March 2013].
R. Lippmann, D. Fried, I. Graf, J. Haines, K. Kendall, D. McClung, D. Weber, S. Webster, D. Wyschogrod, R. Cunningham and M. Zissman, “Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation,” in DARPA Information Survivability Conference and Exposition, 2000.
J. W. Haines, R. P. Lippman and R. K. Cunningham, “Extending the DARPA off-line intrusion detection evaluations,” in DARPA Information Survivability Conference & Exposition II, 2001. DISCEX ‘01. Proceedings, vol.1, 2001.
“West Point Takes the NSA Cyber Defense Trophy for the Third Straight Year,” 28 April 2009. [Online]. Available: http://www.nsa.gov/public_info/press_room/2009/cyber_defense_trophy.shtml. [Accessed 22 March 2013].
B. Sangster, T. J. O’Connor, T. Cook, R. Fanelli, E. Dean, J. Adams, C. Morrell and G. Conti, “Toward Instrumenting Network Warfare Comptetions to Generate Labeled Datasets,” in USENIX Security’s Workshop on Cyber Security Experimentation and Test (CST), 2009.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
This is an open access article distributed under the CC BY-NC license (https://doi.org/creativecommons.org/licenses/by-nc/4.0/).
About this article
Cite this article
Smith, S.C., Hammell, R.J., Parker, T.W. et al. A Theoretical Exploration of the Impact of Packet Loss on Network Intrusion Detection. Int J Netw Distrib Comput 4, 1–10 (2016). https://doi.org/10.2991/ijndc.2016.4.1.1
Published:
Issue Date:
DOI: https://doi.org/10.2991/ijndc.2016.4.1.1