CONDOR: A Hybrid IDS to Offer Improved Intrusion Detection

Author

Day, David J. ; Flores, Denys A. ; Lallie, Harjinder Singh

Author_Institution

Sheffield Hallam Univ., Sheffield, UK

fYear

2012

fDate

25-27 June 2012

Firstpage

931

Lastpage

936

Abstract

Intrusion Detection Systems are an accepted and very useful option to monitor, and detect malicious activities. However, Intrusion Detection Systems have inherent limitations which lead to false positives and false negatives; we propose that combining signature and anomaly based IDSs should be examined. This paper contrasts signature and anomaly-based IDSs, and critiques some proposals about hybrid IDSs with signature and heuristic capabilities, before considering some of their contributions in order to include them as main features of a new hybrid IDS named CONDOR (COmbined Network intrusion Detection ORientate), which is designed to offer superior pattern analysis and anomaly detection by reducing false positive rates and administrator intervention.

Keywords

computer network security; digital signatures; CONDOR; anomaly based IDS; anomaly detection; combined network intrusion detection orientate; heuristic capability; hybrid IDS; intrusion detection systems; malicious activities detection; malicious activities monitoring; pattern analysis; signature based IDS; signature capability; Databases; Engines; Intrusion detection; Proposals; Servers; Training; Anomaly; IDS; NIDS; false negative; false positive; hybrid; intrusion detection; signature;

fLanguage

English

Publisher

ieee

Conference_Titel

Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on

Conference_Location

Liverpool

Print_ISBN

978-1-4673-2172-3

Type

conf

DOI

10.1109/TrustCom.2012.110

Filename

6296072