An experimental exploration of the impact of sensor-level packet loss on network intrusion detection

• Published in: MILCOM 2016 - 2016 IEEE Military Communications Conference pp. 752 - 757
• Main Authors: Smith, Sidney C., Hammell, Robert J.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.11.2016
• Subjects: Computer security; Intrusion detection; network intrusion detection; Packet loss; Pcapreplay; Prediction algorithms; Regression analysis; Snort; Software; Tcpdump
• ISSN: 2155-7586
• DOI: 10.1109/MILCOM.2016.7795419

In this paper we consider the problem of sensor-level packet loss (SLPL) as it applies to network intrusion detection. We explore 2 research questions: 1) Is there sufficient regularity in SLPL to allow an algorithm to be developed to model it? and 2) Is the impact of SLPL on network intrusion detection performance sufficiently regular to allow a formula to be developed that will accurately predict the effect? We developed and validated the Pcapreplay program, which allowed us to characterize the manifestation of SLPL. We conducted experiments using Pcapreplay and Snort to explore the impact of SLPL.We graphed and analyzed this impact against our previous theoretical work. We conducted experiments using Pcapreplay and Snort to measure the impact on network intrusion detection. We graphed the alert loss rate against the packet loss rate. We compared these graphs to our previous theoretical work. We used nonlinear regression analysis to produce a formula with r-squared and reduced adjusted r-squared values close enough to 1 for us to answer both of our research questions in the affirmative.