An Architecture of Hybrid Intrusion Detection System

Intrusion Detection System (IDS) is renowned and widely-deployed security tool to detect attacks and malicious activities in information system. It is an essential element of any contemporary information system. There are mainly two techniques for intrusion detection: i) signature-based (misuse) detection and ii) anomaly-based detection technique. Both the techniques have their advantages and disadvantages. This paper presents research from an ongoing study on the use of features of both the intrusion detection techniques to design a novel and efficient hybrid IDS. An architecture and implementation details of our hybrid IDS are presented. Furthermore, unique characteristics of our hybrid IDS are described. This paper concludes with future research directions and challenges in IDS.

[1]  Daniel Sunday,et al.  A very fast substring search algorithm , 1990, CACM.

[2]  Alfred V. Aho,et al.  Efficient string matching , 1975, Commun. ACM.

[3]  Sushil Jajodia,et al.  Applications of Data Mining in Computer Security , 2002, Advances in Information Security.

[4]  Richard Lippmann,et al.  Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation , 2000, Recent Advances in Intrusion Detection.

[5]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[6]  Udi Manber,et al.  Fast Text Searching With Errors , 2005 .

[7]  Deshdeepak Shrivastava,et al.  Data Mining Based Database Intrusion Detection System : A Survey * , 2012 .

[8]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[9]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[10]  Andrew R. Baker,et al.  Snort 2.1 intrusion detection , 2004 .

[11]  Michael K. Reiter,et al.  Seurat: A Pointillist Approach to Anomaly Detection , 2004, RAID.

[12]  R. Nigel Horspool,et al.  Practical fast searching in strings , 1980, Softw. Pract. Exp..

[13]  Heikki Mannila,et al.  Discovering Generalized Episodes Using Minimal Occurrences , 1996, KDD.

[14]  Donald E. Knuth,et al.  Fast Pattern Matching in Strings , 1977, SIAM J. Comput..

[15]  Carla Marceau,et al.  Intrusion detection for distributed applications , 1999, CACM.

[16]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[17]  D. Ramkumar,et al.  Weighted Association Rules: Model and Algorithm , 1998 .

[18]  Salvatore J. Stolfo,et al.  Using artificial anomalies to detect unknown and known network intrusions , 2003, Knowledge and Information Systems.

[19]  Rossouw von Solms,et al.  Utilising fuzzy logic and trend analysis for effective intrusion detection , 2003, Comput. Secur..

[20]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[21]  Eleazar Eskin,et al.  A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .

[22]  L. F. Wilson,et al.  Analysis of distributed intrusion detection systems using Bayesian methods , 2002, Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference (Cat. No.02CH37326).

[23]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[24]  Fionn Murtagh,et al.  Weighted Association Rule Mining using weighted support and significance framework , 2003, KDD '03.

[25]  Shahram Rahimi,et al.  Soft computing in intrusion detection: the state of the art , 2010, J. Ambient Intell. Humaniz. Comput..

[26]  Evangelos P. Markatos,et al.  Piranha: Fast and Memory-Efficient Pattern Matching for Intrusion Detection , 2005, SEC.

[27]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[28]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[29]  Sushil Jajodia,et al.  ADAM: Detecting Intrusions by Data Mining , 2001 .

[30]  Evangelos P. Markatos,et al.  : A DOMAIN-SPECIFIC STRING MATCHING ALGORITHM FOR INTRUSION DETECTION , 2003 .