Accession Number:

ADA623474

Title:

An Experimental Exploration of the Impact of Network-Level Packet Loss on Network Intrusion Detection

Descriptive Note:

Final rept. Aug 2012-Apr 2013

Corporate Author:

ARMY RESEARCH LAB ABERDEEN PROVING GROUND MD COMPUTATIONAL AND INFORMATION SCIENCES DIRECTORATE

Report Date:

2015-08-01

Pagination or Media Count:

18.0

Abstract:

In this report we consider the problem of network-level packet loss NLPL as it applies to network intrusion detection NID. We explore 2 research questions 1 Is there sufficient regularity in NLPL to allow an algorithm to be developed to model it and 2 Is the impact of network-level packet loss on NID performance sufficiently regular to allow a formula to be developed which will accurately predict the effect We constructed an experimental environment that mimics the typical placement of an NID sensor. We conducted experiments using MGEN, Pcapreplay, and Snort to explore the impact of NLPL. We discovered that we were unable to produce enough NLPL to characterize its manifestation or analyze its impact on NID.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE