Research Article
Hybrid Intrusion Detection with Rule Generation
@INPROCEEDINGS{10.1007/978-3-642-27308-7_38, author={V. Korde and N. Tarapore and S. Shinde and M. Dhore}, title={Hybrid Intrusion Detection with Rule Generation}, proceedings={Advances in Computer Science and Information Technology. Computer Science and Engineering. Second International Conference, CCSIT 2012, Bangalore, India, January 2-4, 2012. Proceedings, Part II}, proceedings_a={CCSIT PATR II}, year={2012}, month={11}, keywords={}, doi={10.1007/978-3-642-27308-7_38} }
- V. Korde
N. Tarapore
S. Shinde
M. Dhore
Year: 2012
Hybrid Intrusion Detection with Rule Generation
CCSIT PATR II
Springer
DOI: 10.1007/978-3-642-27308-7_38
Abstract
This paper reports a new experimental hybrid intrusion detection system (HIDS). This hybrid system combines the advantages of Misuse-based intrusion detection system (IDS) having low false-positive rate and the ability of anomaly detection system (ADS) to detect novel unknown attacks. This is done by mining Internet connections records for anomalies. We have built ADS that can detect attacks not detected by Misuse-based systems like Snort or Bro systems. Rules are extracted from detected anomalies and then are added to Misuse-based system’s rule database. Thus Misuse-based intrusion detection system can detect new attacks. The system is trained and tested using Massachusetts Institute of Technology/ Lincoln Laboratory (MIT/LL) DARPA 1999 dataset respectively. Our experimental results show a 69 percent detection rate of the HIDS, compared with 47 percent in using the Snort. This increase in detection rate is obtained with around 0.08 percent false alarms. This approach provides a better way to deal with novel attacks using ADS along with a trustworthy misuse-based Intrusion detection system.