-This work presents a network intrusion detection method, created to identify and classify illegitimate information in TCP/IP packet payload based on the Snort signature set that represents possible attacks to a network. For this development a type of neural network named Hamming Net was used. The choice of this network is based on the interest to investigate its adequacy to classify network events in real-time, due to is capability to learn faster than other neural network models, such as, multilayer perceptrons with backpropagation and Kohonen maps. A Hamming Net does not require exhaustive training to learn. TCP/IP packet payloads were used as input pattern to the Hamming Net and Snort signature as exemplar patterns. The challenges faced to model the input and exemplar data and the strategies adopted to capture and scan relevant data in TCP/IP packets and in Snort signatures are described in this paper. In addition, the application architecture, the processing stages and some test results are presented.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.