Hybrid Intrusion Detection with Rule Generation
作者: V. V. Korde , N. Z. Tarapore , S. R. Shinde , M. L. Dhore
DOI: 10.1007/978-3-642-27308-7_38
关键词:
摘要: This paper reports a new experimental hybrid intrusion detection system (HIDS). combines the advantages of Misuse-based (IDS) having low false-positive rate and ability anomaly (ADS) to detect novel unknown attacks. is done by mining Internet connections records for anomalies. We have built ADS that can attacks not detected systems like Snort or Bro systems. Rules are extracted from anomalies then added system’s rule database. Thus The trained tested using Massachusetts Institute Technology/ Lincoln Laboratory (MIT/LL) DARPA 1999 dataset respectively. Our results show 69 percent HIDS, compared with 47 in Snort. increase obtained around 0.08 false alarms. approach provides better way deal along trustworthy misuse-based Intrusion system.
springer.com
sci-hub.st 参考文章(11)
Levent Ertöz, Aleksandar Lazarevic, Vipin Kumar, Jaideep Srivastava, Aysel Ozgur, A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. siam international conference on data mining. pp. 25- 36 ,(2003)
Heikki Mannila, Hannu Toivonen, Discovering generalized episodes using minimal occurrences knowledge discovery and data mining. pp. 146- 151 ,(1996)
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Matthew V. Mahoney, Philip K. Chan, An analysis of the 1999 DARPA/lincoln Laboratory evaluation data for network anomaly detection recent advances in intrusion detection. pp. 220- 237 ,(2003) , 10.1007/978-3-540-45248-5_13
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
John McHugh, Testing Intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 262- 294 ,(2000) , 10.1145/382912.382923
Jie Yang, Xin Chen, Xudong Xiang, Jianxiong Wan, HIDS-DT: An Effective Hybrid Intrusion Detection System Based on Decision Tree communications and mobile computing. ,vol. 1, pp. 70- 75 ,(2010) , 10.1109/CMC.2010.73
Wenke Lee, Salvatore J. Stolfo, A framework for constructing features and models for intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 227- 261 ,(2000) , 10.1145/382912.382914
Richard Lippmann, Joshua W. Haines, David J. Fried, Jonathan Korba, Kumar Das, Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation recent advances in intrusion detection. pp. 162- 182 ,(2000) , 10.1007/3-540-39945-3_11
Daniel Barbará, Julia Couto, Sushil Jajodia, Ningning Wu, ADAM: a testbed for exploring the use of data mining in intrusion detection international conference on management of data. ,vol. 30, pp. 15- 24 ,(2001) , 10.1145/604264.604268