期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2017
卷号:95
期号:24
页码:6707
出版社:Journal of Theoretical and Applied
摘要:Network Intrusion Detection System (NIDS) is to prevent entry of anomalous network flows into networks. Hundred percent inspections of all the fragments of network flows for detecting malicious fragments and thereof anomalous flows are highly prohibitive. The Selective Sampling Method (SSM) considers only network flows of small size not exceeding 80 fragments. Further, it is applicable for detecting port scan and host scan attacks only. This study proposes a novel NIDS adapting acceptance sampling method, referred to as ASNID. It is applicable to detect Land, Xmass, Nestea, Rose, Winnuke, NULL Scan, Teardrop, Fraggle, Port scan, Host scan. A randomly chosen sample of fragments from a network flow is inspected for detecting whether it is anomalous or not. It reduces the computational effort by a factor of 0<k<1 where k is the ratio of sample size to total fragments of a network flow. It is proved experimentally that the GMAI, performance metric of ASNID tends to one as the sample size increases to 60%. It is also proved that as the percentage of anomalous flows increases GMAI increases. Hence, ASNID would of immense use in network intrusion detection.
