Maximum entropy estimated payload based intrusion detection system "the me-payl"

Abstract

Computer Networks can be considered as an important component of today’s human life. Since data and information of various organizations are transferred through private and public networks such as the global internet, special attention is being paid to the security parameters of these networks. In order to increase the security of these networks, tools such as firewalls and intrusion detection systems are used. The process of monitoring the events occurring in a computer system or network and analyzing them for sign of intrusions is known as Intrusion Detection System. In this thesis a payload based intrusion detection system using the maximum entropy principle, the Me-PAYL is proposed. The starting point is the PAYL method. A network anomaly detection technique that uses sniffed data of the network and based on maximum entropy and relative entropy methods is developed. Advantages of maximum entropy approach are combined with PAYL model to obtain more efficiency. The proposed method, Me-PAYL is tested with DARPA 1999 Intrusion Detection Evaluation (IDEVAL) Dataset, which is the largest dataset available with whole payloads. When comparing results of PAYL and Me-PAYL with tests on the IDEVAL dataset, it can be seen that the Me-PAYL method is much more efficient than the PAYL method.