An Experimental Exploration of the Impact of Sensor-Level Packet Loss on Network Intrusion Detection

Report No. ARL-TR-7353
Authors: Sidney C Smith; Robert J Hammell II
Date/Pages: July 2015; 36 pages
Abstract: In this report we consider the problem of sensor-level packet loss (SLPL) as it applies to network intrusion detection. We explore 2 research questions: 1) Is there sufficient regularity in SLPL to allow an algorithm to be developed to model it? and 2)Is the impact of SLPL on network intrusion detection performance sufficiently regular to allow a formula to be developed that will accurately predict the effect? We developed and validated the Pcapreplay program, which allowed us to characterize the manifestation of SLPL. We conducted experiments using Pcapreplay and Snort to explore the impact of SLPL. We graphed and analyzed this impact against our previous theoretical work. We conducted experiments using Pcapreplay and Snort to measure the impact on network intrusion detection. We graphed the alert loss rate against the packet loss rate. We compared these graphs to our previous theoretical work. We used nonlinear regression analysis to produce a formula with r-squared and reduced chi-squared values close enough to 1 for us to answer both of our research questions in the affirmative.
Distribution: Approved for public release
  Download Report ( 0.777 MBytes )
If you are visually impaired or need a physical copy of this report, please visit and contact DTIC.

Last Update / Reviewed: July 1, 2015