• DocumentCode
    3093047
  • Title

    Research and implementation on snort-based hybrid intrusion detection system

  • Author

    Ding, Yu-xin ; Xiao, Min ; Liu, Ai-wu

  • Author_Institution
    Dept. of Comput. Sci. & Technol., Harbin Inst. of Technol., Harbin, China
  • Volume
    3
  • fYear
    2009
  • fDate
    12-15 July 2009
  • Firstpage
    1414
  • Lastpage
    1418
  • Abstract
    Since most of current intrusion detection systems (IDS) only use one of the two detection methods, misused detection or anomaly detection, both of them have their own limitations. In this paper, the technique that combines misuse detection system with anomaly detection system (ADS) is used. The hybrid intrusion detection system (HIDS) contains three sub-modules, misused detection module, anomaly detection module and signature generation module. The basis of misused detection module is snort. Anomaly detection module is constructed by using frequent episode rule. And signature generation module is based on a variant of a priori algorithm. Misused detection module uses the signature of attacks to detection the known attacks. Anomaly detection module can detect the unknown attacks and signature generation module extracts the signature of attacks that are detected by ADS module, and maps the signatures into snort rules.
  • Keywords
    digital signatures; security of data; a priori algorithm; anomaly detection system; misused detection module; signature generation module; snort-based hybrid intrusion detection system; Computer networks; Cybernetics; Databases; Electronic mail; Hybrid power systems; Intelligent networks; Intrusion detection; Laboratories; Learning systems; Machine learning; Frequent episode rule; IDS; Snort; hybrid intrusion detection system;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Machine Learning and Cybernetics, 2009 International Conference on
  • Conference_Location
    Baoding
  • Print_ISBN
    978-1-4244-3702-3
  • Electronic_ISBN
    978-1-4244-3703-0
  • Type

    conf

  • DOI
    10.1109/ICMLC.2009.5212282
  • Filename
    5212282