Title :
Research and implementation on snort-based hybrid intrusion detection system
Author :
Ding, Yu-xin ; Xiao, Min ; Liu, Ai-wu
Author_Institution :
Dept. of Comput. Sci. & Technol., Harbin Inst. of Technol., Harbin, China
Abstract :
Since most of current intrusion detection systems (IDS) only use one of the two detection methods, misused detection or anomaly detection, both of them have their own limitations. In this paper, the technique that combines misuse detection system with anomaly detection system (ADS) is used. The hybrid intrusion detection system (HIDS) contains three sub-modules, misused detection module, anomaly detection module and signature generation module. The basis of misused detection module is snort. Anomaly detection module is constructed by using frequent episode rule. And signature generation module is based on a variant of a priori algorithm. Misused detection module uses the signature of attacks to detection the known attacks. Anomaly detection module can detect the unknown attacks and signature generation module extracts the signature of attacks that are detected by ADS module, and maps the signatures into snort rules.
Keywords :
digital signatures; security of data; a priori algorithm; anomaly detection system; misused detection module; signature generation module; snort-based hybrid intrusion detection system; Computer networks; Cybernetics; Databases; Electronic mail; Hybrid power systems; Intelligent networks; Intrusion detection; Laboratories; Learning systems; Machine learning; Frequent episode rule; IDS; Snort; hybrid intrusion detection system;
Conference_Titel :
Machine Learning and Cybernetics, 2009 International Conference on
Conference_Location :
Baoding
Print_ISBN :
978-1-4244-3702-3
Electronic_ISBN :
978-1-4244-3703-0
DOI :
10.1109/ICMLC.2009.5212282
