An integrated anomaly intrusion detection scheme using statistical, hybridized classifiers and signature approach (original) (raw)
Related papers
A Survey of Signature Based & Statistical Based Intrusion Detection Techniques
— This paper presents a comprehensive survey of some modern and most popular intrusion detection techniques. It is unrealistic to prevent security breaches completely using the existing security technologies. Detecting the presence of intruder is very crucial for maintaining the network security. It is found that most of the current intrusion detection systems (IDSs) are signature based systems. The signature based intrusion detection system are based on matching a signature with the network details. Provided with the signatures or patterns they can detect many or all known attack patterns but they are of little use for as yet unknown attacks. Rate of false positives is close to nil but these types of systems are poor at detecting new attacks or variation of known attacks or attacks that can be masked as normal behavior. The other type of IDS i.e. Statistical Based Intrusion detection System (SBIDS) can overcome many of the aforementioned limitations of signature based intrusion detection systems. The statistical based intrusion detection systems performs better than signature based intrusion detection system for novelty detection i.e. detection of new attack is very important for intrusion detection system. Researchers have implemented various classification algorithms for intrusion detection.
An enhanced Hybrid Anomaly-based Detection Approach
2014
During the last decade, Intrusion Detection Systems (IDSs) have played an important role in defending critical computer systems and networks from cyber-attacks. Anomaly detection techniques have received a particularly great amount of attention because they offer intrinsic ability to detect unknown attacks. In this paper, we propose an enhanced hybrid anomaly detection approach based on negative selection algorithm and metaheuristics. The enhancements include tuning some of its parameters value automatically without predefining them. NSL-KDD dataset; which is a modified version of the widely used KDDCUP99 dataset; is used for performance evaluation. KDDCUP99 dataset is criticized by its inability to reflected recent network traffic behaviour. So, a real time experiment was performed to capture and construct a recent dataset to ensure the performance of the proposed enhancements. Performance evaluation shows that the proposed approach outperforms other competitors of machine learning algorithms on both datasets.
A Survey on Intrusion Detection Systems
With the advent of anomaly based intrusion detection systems, many approaches and techniques have been developed to track novel attacks on the systems. Though anomaly based approaches are efficient, signature based detection is preferred for mainstream implementation of intrusion detection systems. As a variety of anomaly detection techniques were suggested, it is difficult to compare the strengths, weaknesses of these methods. The reason why industries don?t favor the anomaly based intrusion detection methods can be well understood by validating the efficiencies of the all the methods. To investigate this issue, the current state of the experiment practice in the field of anomaly based intrusion detection is reviewed and survey recent studies in this. This paper contains summarization study and identification of the drawbacks of formerly surveyed works.
International Journal of Modern Trends in Engineering and Research, 2014
To provide security to network we use existing Intrusion Detection System(IDS) for identification of known attack with low false alarm,but it is not working when unknown attacks occurs so to identify unknown attacks we use Anomaly based IDS(ADS) with high false alarm. HIDS is the combination of IDS and ADS with their advantages for identification of known as well as unknown attack.IDS used signature based model to identify known attack and ADS used anomaly based model for identification of unknown attack.HIDS used internet episode rules for identify known as well as unknown attacks.
Comparative Evaluation of Algorithm based Approach for Intrusion Detection using a Hybrid Model
International Journal of Computer Applications, 2015
Adequate system security is the first step towards data integrity and protection, however even with the most advanced protection, modern computer and communication infrastructures are susceptible to various types of attacks. With traditional signature based systems losing proficiency, the Hybrid Intrusion Detection System (HIDS) approach proves the vitality of detecting intrusions and anomalies, simultaneously, by automated data mining over network traffic and signature generation. This paper will focus on analyzing different anomaly detection techniques used to detect zero day attacks and an automatic attack signature generation mechanism that can be complemented with the former. This will serve to be an elemental analysis of a few techniques, their working, and their pros and cons put together in a concise form.
Anomaly Based Intrusion Detection System Which Analyze the Dataset and Detect Intrusion
VAWKUM Transactions on Computer Sciences
As the research increased in computer science highlight the scientists mind for the growing research world towards security. Researchers have done a lot of research work in network Security. Cybersecurity has progressively become a zone of alarm for officials, Government agencies and industries, including big commercialized infrastructure, are under attack daily. First signature-based intrusion detection systems were developed, and it detects only novel attacks. To detect strange attacks statistical IDS came into being recognized as anomaly-based IDS. It is not as much efficient as it detects all. In this, study the author focus on the efficiency of IDS using NSL-KDD99 dataset and support vector machine (SVM) technique to identify attacks. NSL-KDD dataset is used for the evaluation of these type of systems.
Intrusion-Miner: A Hybrid Classifier for Intrusion Detection using Data Mining
International Journal of Advanced Computer Science and Applications
With the rapid growth and usage of internet, number of network attacks have increase dramatically within the past few years. The problem facing in nowadays is to observe these attacks efficiently for security concerns because of the value of data. Consequently, it is important to monitor and handle these attacks and intrusion detection system (IDS) has potentially diagnostic ability to handle these attacks to secure the network. Numerous intrusion detection approaches are presented but the main hindrance is their performance which can be improved by increasing detection rate as well as decreasing false positive rates. Optimizing the performance of IDS is very serious issue and challenging fact that gets more attention from the research community. In this paper, we proposed a hybrid classification approach 'Intrusion-Miner' with the help of two classifier algorithm for network anomaly detection to get optimum result and make it possible to detect network attacks. Thus, principal component analysis (PCA) and Fisher Discriminant Ratio (FDR) have been implemented for the feature selection and noise removal. This hybrid approach is compared with J48, Bayesnet, JRip, SMO, IBK and evaluate the performance using KDD99 dataset. Experimental result revealed that the precision of the proposed approach is measured as 96.1 % with low false positive and high false negative rate as compare to other state-of-the-art algorithm. The simulation result evaluation shows that perceptible progress and real-time intrusion detection can be attained as we apply the suggested models to identify diverse kinds of network attacks.
Intrusion detection in computer networks by a modular ensemble of one-class classifiers
Information Fusion, 2008
Since the early days of research on Intrusion Detection, anomaly-based approaches have been proposed to detect intrusion attempts. Attacks are detected as anomalies when compared to a model of normal (legitimate) events. Anomaly-based approaches typically produce a relatively large number of false alarms compared to signature-based IDS. However, anomaly-based IDS are able to detect never-before-seen attacks. As new types of attacks are generated at an increasing pace and the process of signature generation is slow, it turns out that signature-based IDS can be easily evaded by new attacks. The ability of anomaly-based IDS to detect attacks never observed in the wild has stirred up a renewed interest in anomaly detection. In particular, recent work focused on unsupervised or unlabeled anomaly detection, due to the fact that it is very hard and expensive to obtain a labeled dataset containing only pure normal events.
A Review of Anomaly based Intrusion Detection Systems
International Journal of Computer Applications, 2011
With the advent of anomaly-based intrusion detection systems, many approaches and techniques have been developed to track novel attacks on the systems. High detection rate of 98% at a low alarm rate of 1% can be achieved by using these techniques. Though anomaly-based approaches are efficient, signature-based detection is preferred for mainstream implementation of intrusion detection systems. As a variety of anomaly detection techniques were suggested, it is difficult to compare the strengths, weaknesses of these methods. The reason why industries don‟t favor the anomaly-based intrusion detection methods can be well understood by validating the efficiencies of the all the methods. To investigate this issue, the current state of the experiment practice in the field of anomaly based intrusion detection is reviewed and survey recent studies in this. This paper contains summarization study and identification of the drawbacks of formerly surveyed works.
Review of Anomaly-Based IDS Algorithms
Intrusion detection systems (IDSs) can provide an effective solution for the information security needs of a company. Well configured IDSs are able to automatically recognize attacks that target either networks or hosts. IDSs can be categorized based on different aspects or properties. The intrusion detection approach is one of the most important properties of the IDS algorithms. Based on it one can identify signature based and behaviour based solutions. While the signature based approach tries to recognize attacks by using a database of known attack signatures, the behaviour based one first learns the normal behaviour of the supervised system and after finishing the learning process tries to identify anomalies, i.e. significant deviations from the normal behaviour. In this paper, after presenting the main ideas of the functioning of behaviour based IDSs we do a survey on the currently most important anomaly detection types. Thus key features of statistical based, knowledge based, and computational intelligence based techniques are introduced. In the latter case methods applying fuzzy logic, neural networks, and clustering are described as well. Advantageous and disadvantageous features of the different approaches are also presented