Title :
Design and implementation of IDS using Snort, Entropy and alert ranking system
Author :
Kumar, Sudhakar ; Joshi, R.C.
Author_Institution :
Dept. of Electron. & Comput. Eng., Indian Inst. of Technol., Roorkee, India
Abstract :
Intrusion detection is the process of identifying suspicious activities on a target system or network A lot of approaches have been proposed for building better Intrusion Detection Systems. Some of the approaches use signature based, some use anomaly based and some use both. Most of the real time systems use signature based techniques. Main problem with signature based technique is its vulnerability to unknown attacks. But the problem with anomaly based technique is that they give a lot of false alarms and very difficult to realize. Entropy is one of the anomaly detection technique used in intrusion detection. In this paper we are designing a system with the help of Entropy based technique and integrating with real time system Snort so that it can have advantages of both techniques. Also another issue of IDS, hectic amount of alert data, has also been addressed by developing alert reduction and ranking system. Experimental results show that our system which is working in real time is efficient in terms of attack detection and alert visualization.
Keywords :
security of data; IDS; alert ranking system; alert visualization; anomaly detection technique; attack detection; entropy based technique; intrusion detection systems; signature based techniques; Data mining; Entropy; Feature extraction; Indexes; Intrusion detection; Real time systems; Alert Rank; Entropy; Intrusion detection system (IDS); Snort; Suspect Index (SI);
Conference_Titel :
Signal Processing, Communication, Computing and Networking Technologies (ICSCCN), 2011 International Conference on
Conference_Location :
Thuckafay
Print_ISBN :
978-1-61284-654-5
DOI :
10.1109/ICSCCN.2011.6024556