Exploit code based on system vulnerability is often used by attacker. Such exploit program often sends attack packets in the first few packets. A Lightweight Network intrusion Detection system (LNID) is proposed for detecting such attacks on Telnet traffic. It characterizes normal traffic behavior and computes the anomaly score of a packet based on the deviation from the normal behavior. Instead of processing all traffic packets, an efficient filtering scheme proposed in the study can reduce system workload and only 0.3% of the original traffic volume is examined for anomaly.

• 出版日期2010-3-1
• 单位中山大学