Snort Based Network Traffic Anomaly Detector to Improve the Performance of Intrusion Detection System

Article Sidebar

PDF
Published: Jan 13, 2017
DOI: https://doi.org/10.26483/ijarcs.v3i7.1402

Main Article Content

G.V. Nadiammai
M. Hemalatha

Abstract

Data Mining is the way of identifying the hidden patterns from large amount of data. It is commonly used in a marketing, surveillance, fraud detection and scientific discovery. Intrusion occurs when anyone tries to gain the access of normal user and even exploits attack over the network. Instruction detection deals with the concept of analyzing all sorts of illegal action towards data. IDS and IPS has equal significance in research community. Snort is a software tool that is designed to capture the network packets. It performs pre- processing by its own without the indulgence of security experts. And also it generates alarm if any anomaly packet is found with the help of in-build rules. In this paper snort is used to detect the attack from (one week data) the network packets. The number of attacks detected by misuse based IDS is compared with the enhanced IDS approach obtained by combining anomaly and misuse based IDSs and shows that the improved IDS with NETAD performs well by detecting 133 attacks out of 180 (73%) attacks after training on one week attack free traffic. KDD Cup 99 dataset is taken for the study.

 


Keywords: Intrusion Detection, Snort, Network Traffic Anomaly Detector (NETAD), KDD Cup99 dataset and Real time traffic data.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 3 No. 7 (2012): NOVEMBER-DECEMBER 2012
Section
Articles

COPYRIGHT

Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
  • The journal allows the author(s) to retain publishing rights without restrictions.
  • The journal allows the author(s) to hold the copyright without restrictions.