Campus Hybrid Intrusion Detection System Using SNORT and C4.5 Algorithm

The rapid development of the internet greatly helps human work. However, the number of information system security incidents has risen sharply, so that in fact the sides of human life are threatened. Detection techniques against attacks on computer networks must be continuously developed so that integrity, availability, and confidentiality on a computer network become more secure. In general, intrusion detection systems currently use two detection methods, namely anomaly detection, and misuse detection, which both have their own deficiencies. In this paper, the authors built a Hybrid Intrusion Detecting System combines anomaly detection system with the misuse detection system. Snort is used as the basis of misused detection module and Algorithm C4.5 detector is used to construct an anomaly detection module. This system works by creating alerts built from an engine that reads the parameters in the attacker’s IP address. Webmin is used to simplify rule management. Whereas for analyzing logs (attack history), an ACID (Analysis Console for Intrusion Databases) is used. Attack and detection testing are carried out in the campus network of Institut Bisnis dan Informatika Stikom Surabaya. The system implementation uses a PC Router with the Ubuntu 18.04 Linux as the operating system. As a result of implementing this system: the signature of attacks as misuses detection module uses to detection the known attacks; unknown attacks can be detected by the anomaly detection module; signature of attacks that are detected by Anomaly Detection System module extracted by signature generation module, and maps the signatures into snort rules.

[1]  Ester Yen,et al.  Data mining-based intrusion detectors , 2009, Expert Syst. Appl..

[2]  Gisung Kim,et al.  A novel hybrid intrusion detection method integrating anomaly detection with misuse detection , 2014, Expert Syst. Appl..

[3]  Dalenca Pottas,et al.  An Information Security Policy Development Life Cycle , 2010, SAISMC.

[4]  Joohan Lee,et al.  A dynamic data mining technique for intrusion detection systems , 2005, ACM Southeast Regional Conference.

[5]  E. Vishnu Balan,et al.  Hybrid architecture with misuse and anomaly detection techniques for wireless networks , 2015, 2015 International Conference on Communications and Signal Processing (ICCSP).

[6]  Xinli Wang,et al.  Administrative evaluation of intrusion detection system , 2013, RIIT '13.

[7]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[8]  Zouheir Trabelsi,et al.  IDS performance enhancement technique based on dynamic traffic awareness histograms , 2014, 2014 IEEE International Conference on Communications (ICC).

[9]  Xinxin Wang,et al.  On the Construction of University Campus Culture under the Network Environment , 2016 .

[10]  Snehal A. Mulay,et al.  Intrusion Detection System using Support Vector Machine and Decision Tree , 2010 .

[11]  Anne E. James,et al.  Network Intrusion Detection Systems in High-Speed Traffic in Computer Networks , 2013, 2013 IEEE 10th International Conference on e-Business Engineering.

[12]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[13]  Özlem Müge Testik,et al.  Analysis of personal information security behavior and awareness , 2016, Comput. Secur..

[14]  Shoushan Luo,et al.  A two-level hybrid approach for intrusion detection , 2016, Neurocomputing.

[15]  Jerzy W. Rozenblit,et al.  A hybrid intrusion detection and visualization system , 2006, 13th Annual IEEE International Symposium and Workshop on Engineering of Computer-Based Systems (ECBS'06).