ABSTRACT
Anomaly detection has been considered as a critical problem in any application area. In computer networks, anomaly detection is important as any kind of abnormal behavior in the network data is considered harmful to the end user. Snort is an open source NIDS tool that uses misuse detection method for intrusion detection. There are many pre-processor and detection plug-ins for Snort. Pre-processor plug-ins is meant to process the packet captured but some are meant for detection of anomalies also. Hence we are implementing a pre-processor plug-in for Snort meant for anomaly detection approach using the machine learning algorithm support vector machine and integrating into Snort. The anomalies detected by the plug-in are new compared with the anomalies detected by the available pre-processor plug-ins. Also we created an intrusion detection dataset which is important for any process using the machine learning algorithms. The detection rate of the plug-in is high and the false alarm rate is low which is very important for any anomaly detection system. Hence integrating this plug-in into Snort helps to improve the detection rate of the plug-ins that can be run in packet sniffer mode.
- Martin Roesch, "Snort -- Light weight Intrusion Detection for Networks", Proceedings of lisa '99: 13th systems administration conference, Seattle, Washington, USA, November 7--12, 1999 Google ScholarDigital Library
- Pavel Laskov, Konrad RIECK and Klaus-Robert MÜLLER, "Machine Learning for Intrusion Detection", a Fraunhofer Institute FIRST.IDA, University of Tübingen, Wilhelm-Schickard-Institute for Computer Science Technical University of BerlinGoogle Scholar
- zhangxue-qin, gu chun-hua and linjia-jun," Intrusion detection system based on feature selection and support vector machine", east china university of science and technologyGoogle Scholar
- Brian Eugene, Lavender B. S." Implementation Of Genetic Algorithms Into A Network Intrusion Detection System (Netga), And Integration Into Nprobe", California Polytechnic State University, San Luis Obispo, 1993Google Scholar
- Kamran Shafi, Hussein A. Abbass, "A Methodology to Evaluate Supervised Learning Algorithms for Intrusion Detection", Weiping Zhu School of Engineering and Information Technology (SEIT) Univiersity of New South Wales, Australian Defence Force Academy, Canberra ACT 2600Google Scholar
- Chin-Jen Lin, Formulations of Support Vector Machines: A Note from an Optimization Point of View, Department of Computer Science and Information Engineering, National Taiwan UniversityGoogle Scholar
- Philippe Bogaerts, Alias Xxradar, "HPING Tutorial "By. Version 1.5 24-08-2003.Google Scholar
- Detecting The Unknown With Snort And The Statistical Packet Anomaly Detection Engine (Spade)Simon Biles Computer Security Online Ltd.Google Scholar
- Chih-Wei Hsu, Chih-Chung Chang, and Chih-Jen Lin, "A Practical Guide to Support Vector Classification", Department of Computer Science, National Taiwan University, Taipei 106, TaiwanGoogle Scholar
Index Terms
- adsvm: pre-processor plug-in using support vector machine algorithm for Snort
Recommendations
Misuse-based intrusion detection using Bayesian networks
This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Bayesian system for intrusion detection (Basset) extends functionality of Snort, an open-source network ...
Design of a Snort-Based Hybrid Intrusion Detection System
IWANN '09: Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part II: Distributed Computing, Artificial Intelligence, Bioinformatics, Soft Computing, and Ambient Assisted LivingComputer security has become a major problem in our society. In particular, computer network security is concerned with preventing the intrusion of an unauthorized person into a network of computers. An intrusion detection system (IDS) is a tool to ...
Anomaly Detection Using LibSVM Training Tools
ISA '08: Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)Intrusion detection is the means to identify the intrusive behaviors and provides useful information to intruded systems to respond fast and to avoid or reduce damages. In recent years, learning machine technology is often used as a detection method in ...
Comments