NATE

Carol Taylor, Jim Alves-Foss
2001 Proceedings of the 2001 workshop on New security paradigms - NSPW '01  
A new approach to network intrusion detection is needed to solve the monitoring problems of high volume network data and the time constraints for Intrusion Detection System 0DS) management. Most current network IDS's have not been specifically designed for high speed traffic or low maintenance. We propose a solution to these problems which we call NATE, Network Analysis of Anomalous Traffic Events. Our approach features minimal network traffic measurement, an anomaly-based detection method, and
more » ... a limited attack scope. NATE is similar to other lightweight approaches in its simplified design, but our approach, being anomaly based, should be more efficient in both operation and maintenance than other lightweight approaches. We present the method and perform an empirical test using M_IT Lincoln Lab's data. EXISTING SOLUTIONS IDS's can be categorized as either host or network based, with network based approaches being further divided into strictly network monitoring systems and composite systems that watch both hosts and the surrounding network. Since our focus here is network ID, we will limit our discussion to network and composite IDS's and their realizations found in the literature. Strict network based systems include NSM[3], Bro [13] , NFR[14] and NetStat [23] . NSM was an early system designed
doi:10.1145/508171.508186 fatcat:koavp6oggfherin26zsgqgdmua