Towards intelligent cross protocol intrusion detection in the next generation networks based on protocol anomaly detection

Abstract

The open nature of the next generation networks (NGNs) and the involvement of multiple protocols in a single session, along with the attacks that spread multiple protocols, pose new challenges to intrusion detection systems (IDSs). Detecting attacks based on information taken from a single protocol or a group of protocols at a certain layer results in a high rate of false positives or false negatives. In this paper, we introduce a new cross protocol design for IDSs in the NGNs based on protocol anomaly detection. Our design aims at correlating various detection results from the protocols involved in a session, both, horizontally and vertically. By horizontal correlation we aim at monitoring sessions taking place within a single layer of the protocol stack, whereas, vertical correlation addresses sessions taking place across multiple protocol layers. In addition, our design is supported by intelligent mechanism based on fuzzy logic to help the system reduce the rate of false alarms which is relatively high in many anomaly based intrusion detection systems. This paper presents the basic features of our design, emphasizing the components and the interactions between them.