Uso de Funciones Compendio en la Detección de Anomalías mediante N3
- Rolando Salazar-Hernández; Jesús Esteban Díaz Verdejo; Pedro García-Teodoro; Gabriel Maciá-Fernández; Francisco de Toro Negro
- Abstract:
- The Nearest Normal Neighbor (N3) is an anomaly-based intrusion detection system which has demonstrated a good performance in terms of detection capabilities when applied to the HTTP protocol. Nevertheless, N3 presents a high computational cost, as it is based in the comparison of the target HTTP payload against every payload in the normality model. The cost is proportional to the length of the payloads and to the number of elements in the model. The present paper explores the use of the hash functions as a method to reduce the computational cost of the system by decreasing the average length of the payloads. The model is, therefore, composed by fixed length hashes of each payload in the original model, and the hash of the target payload is compared against this model. The results obtained for SHA256 and SHA512 show a big decrease in computational cost with a reduced impact in system’s performance.
- Research areas:
- Year:
- 2007
- Type of Publication:
- In Proceedings
- Editor:
- VI Jornadas Ingeniería Telemática, JITEL 2007
Hits: 1934
Copyright © 2017 NESG - Network Engineering & Security Group
