SLA-Based Complementary Approach for Network Intrusion Detection
Enhancing the intrusion detection system is essential to maintain user confidence in network services security. However, the threat of intruders on Internet services is prevalent. This paper proposes a distributed edge-to-edge complementary approach for intrusion detection in a DiffServ/MPLS domain. The QoS metrics are inspected at the edges routers to determine anomalous behavior in the network traffic. Consumed ratios of One-Way Delay Variation (OWDV) and packet loss are computed to monitor Service Level Agreement (SLA) violations. The bandwidth ratio is measured to differentiate abnormal from normal traffic as well as to detect multiple intrusions launched simultaneously. The authors employed SLA as a comparison scale to infer the deviation between the users consumed ratios and the predefined ratios in the SLA.