The effect of packet loss on Network Intrusion Detection
MetadataShow full item record
Type of Workapplication/pdf
ix, 66 pages
DepartmentTowson University. Department of Computer and Information Sciences
RightsCopyright protected, all rights reserved.
There are no restrictions on access to this document. An internet release form signed by the author to display this document online is on file with Towson University Special Collections and Archives.
In this thesis we review the problem of packet loss as it pertains to Network Intrusion Detection with the intent to build a model that can be used to predict the impact of packet loss. We examine the potential places where packet loss may occur dividing the problem into network, host, and sensor based packets loss. We review the literature not only for other similar work, but for any work which might provide insight into this issue. We posit theories about how that packet loss may present itself. We construct a test environment and conduct experiments to induce packet loss in this environment. We develop the Packet Dropper application that induces packet loss into a dataset based upon eight different dropping algorithms selected to cover the theories previously posited. We apply each of these eight algorithms with drop rates ranging from 0% to 100% in 5% increments to the DARPA 98 Training, DARPA 98 Test, DARPA 99, CDX 2009, and CCDC 2010 datasets analyzing the resulting abridged datasets with Snort to collect alert information. The Alert Loss Rate (ALR) is plotted against the packet loss rate (PLR) allowing us to make general inferences about the relationship between PLR and ALR. In this paper we discovered that deterministic, bounded random, and random algorithms closely match the dropping patterns found in the literature and that a capped algorithm models the packet loss that we observed in our experiments. We present formulas that provide reasonable upper and lower bounds for the impact of PLR on ALR allowing us to predict this impact with some level of confidence.