Advances in Computer Science and Information Technology. Computer Science and Engineering. Second International Conference, CCSIT 2012, Bangalore, India, January 2-4, 2012. Proceedings, Part II

Research Article

Hybrid Intrusion Detection with Rule Generation

Download
187 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-27308-7_38,
        author={V. Korde and N. Tarapore and S. Shinde and M. Dhore},
        title={Hybrid Intrusion Detection with Rule Generation},
        proceedings={Advances in Computer Science and Information Technology. Computer Science and Engineering. Second International Conference, CCSIT 2012, Bangalore, India, January 2-4, 2012. Proceedings, Part II},
        proceedings_a={CCSIT PATR II},
        year={2012},
        month={11},
        keywords={},
        doi={10.1007/978-3-642-27308-7_38}
    }
    
  • V. Korde
    N. Tarapore
    S. Shinde
    M. Dhore
    Year: 2012
    Hybrid Intrusion Detection with Rule Generation
    CCSIT PATR II
    Springer
    DOI: 10.1007/978-3-642-27308-7_38
V. Korde1,*, N. Tarapore1, S. Shinde1, M. Dhore1
  • 1: Vishwakarma Institute of Technology
*Contact email: korde.vaibhav@yahoo.com

Abstract

This paper reports a new experimental hybrid intrusion detection system (HIDS). This hybrid system combines the advantages of Misuse-based intrusion detection system (IDS) having low false-positive rate and the ability of anomaly detection system (ADS) to detect novel unknown attacks. This is done by mining Internet connections records for anomalies. We have built ADS that can detect attacks not detected by Misuse-based systems like Snort or Bro systems. Rules are extracted from detected anomalies and then are added to Misuse-based system’s rule database. Thus Misuse-based intrusion detection system can detect new attacks. The system is trained and tested using Massachusetts Institute of Technology/ Lincoln Laboratory (MIT/LL) DARPA 1999 dataset respectively. Our experimental results show a 69 percent detection rate of the HIDS, compared with 47 percent in using the Snort. This increase in detection rate is obtained with around 0.08 percent false alarms. This approach provides a better way to deal with novel attacks using ADS along with a trustworthy misuse-based Intrusion detection system.