DocumentCode
3093047
Title
Research and implementation on snort-based hybrid intrusion detection system
Author
Ding, Yu-xin ; Xiao, Min ; Liu, Ai-wu
Author_Institution
Dept. of Comput. Sci. & Technol., Harbin Inst. of Technol., Harbin, China
Volume
3
fYear
2009
fDate
12-15 July 2009
Firstpage
1414
Lastpage
1418
Abstract
Since most of current intrusion detection systems (IDS) only use one of the two detection methods, misused detection or anomaly detection, both of them have their own limitations. In this paper, the technique that combines misuse detection system with anomaly detection system (ADS) is used. The hybrid intrusion detection system (HIDS) contains three sub-modules, misused detection module, anomaly detection module and signature generation module. The basis of misused detection module is snort. Anomaly detection module is constructed by using frequent episode rule. And signature generation module is based on a variant of a priori algorithm. Misused detection module uses the signature of attacks to detection the known attacks. Anomaly detection module can detect the unknown attacks and signature generation module extracts the signature of attacks that are detected by ADS module, and maps the signatures into snort rules.
Keywords
digital signatures; security of data; a priori algorithm; anomaly detection system; misused detection module; signature generation module; snort-based hybrid intrusion detection system; Computer networks; Cybernetics; Databases; Electronic mail; Hybrid power systems; Intelligent networks; Intrusion detection; Laboratories; Learning systems; Machine learning; Frequent episode rule; IDS; Snort; hybrid intrusion detection system;
fLanguage
English
Publisher
ieee
Conference_Titel
Machine Learning and Cybernetics, 2009 International Conference on
Conference_Location
Baoding
Print_ISBN
978-1-4244-3702-3
Electronic_ISBN
978-1-4244-3703-0
Type
conf
DOI
10.1109/ICMLC.2009.5212282
Filename
5212282
Link To Document