Anomaly detection in tcp/ip networks
- Joanna Kolodziej
- Mateusz Krzyszton
- Pawel Szynkiewicz
(2023). ECMS 2023, 37th Proceedings
Edited by: Enrico Vicario, Romeo Bandinelli, Virginia Fani, Michele Mastroianni, European Council for Modelling and Simulation.
ISSN: 2522-2422 (ONLINE)
ISSN: 2522-2414 (PRINT)
ISSN: 2522-2430 (CD-ROM)
ISBN: 978-3-937436-79-1 (CD) Communications of the ECMS Volume 37, Issue 1, June 2023, Florence, Italy June 20th – June 23rd, 2023
Joanna kolodziej, Mateusz krzyszton, Pawel szynkiewicz (2023). Anomaly Detection in TCP/IP Networks, ECMS 2023, Proceedings Edited by: Enrico Vicario, Romeo Bandinelli, Virginia Fani, Michele Mastroianni, European Council for Modelling and Simulation. doi:10.7148/2023-0542
Intrusion Detection Systems (IDS) should be capable of quickly detecting attacks and network traffic anomalies to reduce the damage to the network components. They may efficiently detect threats based on prior knowledge of attack characteristics and the potential threat impact ('known attacks'). However, IDS cannot recognize threats, and attacks ('unknown attacks') usually occur when using brand-new technologies for system damage.
This paper presents two security services -- Net Anomaly Detector (NAD) and a signature-based PGA Filter for detecting attacks and anomalies in TCP/IP networks. Both services are modules of the cloud-based GUARD platform developed in the H2020 GUARD project. Such a platform was the main component of the simulation environment in the work presented in this paper. The provided experiments show that both modules achieved satisfactory results in detecting an unknown type of DoS attacks and signatures of DDoS attacks.