Detecting attack signatures in the real network traffic with ANNIDA

In this paper, an improved version of ANNIDA for detecting attack signatures in the payload of network packets is presented. The Hamming Net artificial neural network methodology was used with good results. A review of the application’s development is followed by a summary of the modifications made in the application in order to classify real data. Application improvements are reported, solving the problems of time delays in writing/reading data in the files and data collision effects when generating numeric keys used to model data for the neural network. Test results highlight the increased accuracy and efficiency of the new application when submitted to real data from HTTP network traffic containing actual traces of attacks and legitimate data. Finally, an evaluation of the application to detect signatures in real network traffic data is presented.