A simple statistical analysis approach for Intrusion Detection System

TL;DR

This paper presents a straightforward statistical method for intrusion detection that analyzes network traffic data to distinguish between normal and malicious activity using baseline behavior and an exhaustive search decision system.

Contribution

It introduces a simple statistical analysis approach utilizing active ports as sensors and a baseline of normal traffic for threat detection, enhancing intrusion detection methods.

Findings

Effective detection of network threats using statistical analysis.

Baseline behavior modeling improves accuracy of intrusion detection.

System monitors and analyzes real-time network traffic for anomalies.

Abstract

A novel approach to analyze statistically the network traffic raw data is proposed. The huge amount of raw data of actual network traffic from the Intrusion Detection System is analyzed to determine if a traffic is a normal or harmful one. Using the active ports in each host in a network as sensors, the system continuously monitors the incoming packets, and generates its average behaviors at different time scales including its variances. The average region of behaviors at certain time scale is then being used as the baseline of normal traffic. Deploying the exhaustive search based decission system, the system detects the incoming threats to the whole network under supervision.