An Experimental Exploration of the Impact of Network-Level Packet Loss on Network Intrusion Detection

Report No. ARL-TR-7371
Authors: Sidney C Smith; Kin W Wong; Robert J Hammell II; Carlos J Mateo
Date/Pages: August 2015; 18 pages
Abstract: In this report we consider the problem of network-level packet loss (NLPL) as it applies to network intrusion detection (NID). We explore 2 research questions: 1) Is there sufficient regularity in NLPL to allow an algorithm to be developed to model it? and 2) Is the impact of network-level packet loss on NID performance sufficiently regular to allow a formula to be developed which will accurately predict the effect? We constructed an experimental environment that mimics the typical placement of an NID sensor. We conducted experiments using MGEN, Pcapreplay, and Snort to explore the impact of NLPL. We discovered that we were unable to produce enough NLPL to characterize its manifestation or analyze its impact on NID.
Distribution: Approved for public release
  Download Report ( 0.433 MBytes )
If you are visually impaired or need a physical copy of this report, please visit and contact DTIC.
 

Last Update / Reviewed: August 1, 2015