A Network-Based Internet Worm Intrusion Detection and Prevention System

Many incidents of network attacks and security threats have been previously reported. Damages caused by network attacks and malware tend to be high. In this paper, we present a network-based Intrusion Detection and Prevention System (IDPS), which can detect network attacks and Internet Worms. The proposed system can immediately classify network attack types (i.e. DoS, Probe) and Internet worm from normal network traffic by using traffic classification technique and selected well-known machine learning algorithms (i.e. Decision TreeC4.5, Random Forest, Ripple Rule, Bayesian Network, Back Propagation Neural Network) in both standalone mode and distributed mode. The proposed IDPS also allows system administrator to update existing rule sets or learn new trained data sets with a user-friendly graphic user interface. In our experiments, we can correctly detect and prevent network attacks with high accuracy, more than 99%.