Uso de Funciones Compendio en la Detección de Anomalías mediante N3
-
Rolando Salazar-Hernández; Jesús Esteban Díaz Verdejo; Pedro García-Teodoro; Gabriel Maciá-Fernández; Francisco de Toro Negro
- Abstract:
- The Nearest Normal Neighbor (N3) is an anomaly-based intrusion detection system which
has demonstrated a good performance in terms of detection capabilities when applied to the HTTP
protocol. Nevertheless, N3 presents a high computational cost, as it is based in the comparison of the
target HTTP payload against every payload in the normality model. The cost is proportional to the
length of the payloads and to the number of elements in the model. The present paper explores the use
of the hash functions as a method to reduce the computational cost of the system by decreasing the
average length of the payloads. The model is, therefore, composed by fixed length hashes of each
payload in the original model, and the hash of the target payload is compared against this model. The
results obtained for SHA256 and SHA512 show a big decrease in computational cost with a reduced
impact in system’s performance.
- Research areas:
- Year:
- 2007
- Type of Publication:
- In Proceedings
- Editor:
- VI Jornadas Ingeniería Telemática, JITEL 2007
Hits: 2243