An Experimental Exploration of the Impact of Network-Level Packet Loss on Network Intrusion Detection
Final rept. Aug 2012-Apr 2013
ARMY RESEARCH LAB ABERDEEN PROVING GROUND MD COMPUTATIONAL AND INFORMATION SCIENCES DIRECTORATE
Pagination or Media Count:
In this report we consider the problem of network-level packet loss NLPL as it applies to network intrusion detection NID. We explore 2 research questions 1 Is there sufficient regularity in NLPL to allow an algorithm to be developed to model it and 2 Is the impact of network-level packet loss on NID performance sufficiently regular to allow a formula to be developed which will accurately predict the effect We constructed an experimental environment that mimics the typical placement of an NID sensor. We conducted experiments using MGEN, Pcapreplay, and Snort to explore the impact of NLPL. We discovered that we were unable to produce enough NLPL to characterize its manifestation or analyze its impact on NID.
- Computer Systems Management and Standards