10-04-2017, 09:13 PM
Intruder Detection System over Abnormal Internet Sequence
Abstract
This paper reports the design principles and evaluation results of a new experimental hybrid invasion detection system (HIDS). This hybrid system combines the advantages of low false-positive rate of signature-based invasion detection system (IDS) and the ability of anomaly detection system (ADS) to detect novel unknown attacks. By mining anomalous traffic sequences from Internet connections, we build an ADS that detects anomalies beyond the capabilities of signature-based SNORT or Bro systems. A weighted signature generation scheme is developed to integrate ADS with SNORT by extracting signatures from anomalies detected. HIDS extracts signatures from the output of ADS and adds them into the SNORT signature database for fast and accurate invasion detection. By testing our HIDS scheme over real-life Internet trace data mixed with 10 days of Massachusetts Institute of Technology/ Lincoln Laboratory (MIT/LL) attack data set, our experimental results show a 60 percent detection rate of the HIDS, compared with 30 percent and 22 percent in using the SNORT and Bro systems, respectively. This sharp increase in detection rate is obtained with less than 3 percent false alarms. The signatures generated by ADS upgrade the SNORT performance by 33 percent. The HIDS approach proves the vitality of detecting invasions and anomalies, simultaneously, by automated data mining and signature generation over Internet connection sequences.
SYSTEM REQUIREMENTS
HARDWARE REQUIREMENTS
Processor : Intel Pentium IV
Clock Speed : 700 MHZ
RAM : 128 MB
Monitor : 14 SVGA Digital Color Monitor
Keyboard : 107 Keys Keyboard
Floppy Drive : 1.44MB
Compact Disk Drive : 700MB
Hard Disk : 20GB
Printer : Canon BJC 2100 SP
Mouse : Logitech Mouse
SOFTWARE REQUIREMENTS
Operating System : Windows 98,2000,xp
Tools : jdk1.5.0