Automated Signature Generation for Internet attacks using Hybrid Intrusion Detection System

Article Sidebar

PDF
Published: Jan 13, 2017
DOI: https://doi.org/10.26483/ijarcs.v2i2.377

Main Article Content

Prof. S.S. Manivannan

Abstract

As the usage of internet systems get expanded, the probability of undetected intrusions from internet are increasing in day by day.
This paper proposes a hybrid approach for detecting the internet intrusions that not only maximizes the detection rate of intrusions but also
reducing the false alarm rate. Whenever the connection episode from internet exceeds certain standard boundaries, rules are automatically
generated using SNORT and stored in the rules database. The generated signature is mapped with the rules database and the corresponding
intrusion (s) is detected if the match exists. The overall false alarm rate occurring in detecting the intrusion (s) is reduced by fixing the medium
level of threshold for boundary conditions. The entire system is implemented in real time using winPcap, javaPcap and SNORT tools.

 

Keywords: intrusion detection; signature generation; false alarm rate; hybrid system; boundaries; SNORT rules.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 2 No. 2 (2011): March-April 2011
Section
Articles

COPYRIGHT

Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
  • The journal allows the author(s) to retain publishing rights without restrictions.
  • The journal allows the author(s) to hold the copyright without restrictions.