Intrusion Detection Using Flow-Based Analysis of Network Traffic

Security threats for computer systems have increased immensely with viruses, denial of service, vulnerability break-in, etc in the recent past. While many security mechanisms have been introduced to undermine these threats, none of the reported techniques could completely prevent these attacks. This work presents an appreciable improvement in intrusion detection using flowbased analysis of network traffic to detect DoS and DDoS attacks. The aggregation of packets that belong to identical flow reduces processing overhead in systems. This method is based on anomaly detection and uses adaptive threshold values in the detection unit. For illustrative purpose, DARPA 1999 data set is made use of.