Title :
An Improved Snort Intrusion Detection System Based on Self-Similar Traffic Mode
Author :
Kang Hong ; Zhang Jiangang
Author_Institution :
Coll. of Econ. & Manage., Shandong Univ. of Sci. & Technol., Qingdao, China
Abstract :
This paper introduces the existing distributed intrusion detection technology and points out the disadvantages of the traditional intrusion detection system. A distributed intrusion detection system based on self-similar traffic is designed and the specific implementation of all parts is presented. In the analysis system, an anomaly detection engine is added before the misuse detection engine. The authors design an anomaly detection engine based on self-similar traffic model. Then we optimize the evaluation of hurst parameter and its value scope based-on time-domain analysis. These improvements can effectively detect unknown intrusion after filtering the normal network traffic.
Keywords :
security of data; anomaly detection engine; distributed intrusion detection technology; hurst parameter evaluation; improved snort intrusion detection system; network traffic filtering; self-similar traffic mode; Educational institutions; Engines; Filtering; Information security; Intrusion detection; Random processes; Technology management; Telecommunication traffic; Time domain analysis; Traffic control;
Conference_Titel :
Computer Network and Multimedia Technology, 2009. CNMT 2009. International Symposium on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-5272-9
DOI :
10.1109/CNMT.2009.5374568
