A Theoretical Exploration of the Impact of Packet Loss on Network Intrusion Detection
- DOI
- 10.2991/ijndc.2016.4.1.1How to use a DOI?
- Keywords
- Network Intrusion Detection Packet Loss
- Abstract
In this paper we review the problem of packet loss as it pertains to Network Intrusion Detection, seeking to answer two fundamental research questions which are stepping stones towards building a model that can be used to predict the rate of alert loss based upon the rate of packet loss. The first question deals with how the packet loss rate affects the sensor alert rate, and the second considers how the network traffic composition affects the results of the first question. Potential places where packet loss may occur are examined by dividing the problem into network, host, and sensor based packet loss. We posit theories about how packet loss may present itself and develop the Packet Dropper that induces packet loss into a dataset. Drop rates ranging from 0% to 100% are applied to four different datasets and the resulting abridged datasets are analyzed with Snort to collect alert loss rate. Conclusions are drawn about the importance of the distribution of packet loss and the effect of the network traffic composition.
- Copyright
- © 2017, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - JOUR AU - Sidney C. Smith AU - Robert J. Hammell II AU - Travis W. Parker AU - Lisa M. Marvel PY - 2016 DA - 2016/01/01 TI - A Theoretical Exploration of the Impact of Packet Loss on Network Intrusion Detection JO - International Journal of Networked and Distributed Computing SP - 1 EP - 10 VL - 4 IS - 1 SN - 2211-7946 UR - https://doi.org/10.2991/ijndc.2016.4.1.1 DO - 10.2991/ijndc.2016.4.1.1 ID - Smith2016 ER -