ISSN : 1796-217X
Volume : 3    Issue : 9    Date : December 2008

Applying Knowledge Discovery in Database Techniques in Modeling Packet Header Anomaly
Intrusion Detection Systems
Solahuddin B Shamsuddin and Mike E Woodward
Page(s): 68-76
Full Text:
PDF (432 KB)

This paper describes packet header anomaly intrusion detection system modeling. The essence of
the discussion in this paper is on applying knowledge discovery in database technique to produce
expert production rules which is one of the main components of our model which we call as
Protocol based Packet Header Anomaly Detector (PbPHAD) Intrusion Detection System. PbPHAD is
designed to detect the anomalous behavior of network traffic packets based on three specific
network and transport layer protocols namely UDP, TCP and ICMP to identify the degree of
maliciousness from a set of detected anomalous packets identified from the sum of statistically
modeled individually rated anomalous field values.

Index Terms
Anomaly, Intrusion Detection Systems, Knowledge Discovery in Database, Expert Production Rules.