Skip to main content
SpringerLink
Log in

Hybrid Intrusion Detection with Rule Generation

  • Conference paper
Advances in Computer Science and Information Technology. Computer Science and Engineering (CCSIT 2012)

  • 1380 Accesses

Abstract

This paper reports a new experimental hybrid intrusion detection system (HIDS). This hybrid system combines the advantages of Misuse-based intrusion detection system (IDS) having low false-positive rate and the ability of anomaly detection system (ADS) to detect novel unknown attacks. This is done by mining Internet connections records for anomalies. We have built ADS that can detect attacks not detected by Misuse-based systems like Snort or Bro systems. Rules are extracted from detected anomalies and then are added to Misuse-based system’s rule database. Thus Misuse-based intrusion detection system can detect new attacks. The system is trained and tested using Massachusetts Institute of Technology/ Lincoln Laboratory (MIT/LL) DARPA 1999 dataset respectively. Our experimental results show a 69 percent detection rate of the HIDS, compared with 47 percent in using the Snort. This increase in detection rate is obtained with around 0.08 percent false alarms. This approach provides a better way to deal with novel attacks using ADS along with a trustworthy misuse-based Intrusion detection system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Qin, M., Hwang, K.: Anomaly Intrusion Detection by Internet Data mining of Traffic Episodes. ACM Transactions on Information and System Security (2004)

    Google Scholar 

  2. Yang, J., Chen, X., Xiang, X., Wan, J.: HIDS-DT: An Effective Hybrid Intrusion Detection System Based on Decision Tree. In: International Conference on Communications and Mobile Computing (2010)

    Google Scholar 

  3. Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: Detecting Intrusions by Data Mining. Proceedings of the IEEE (2001)

    Google Scholar 

  4. Ertoz, L., et al.: The MINDS-Minnesota Intrusion Detection System. In: Next Generation Data Mining. MIT Press (2004)

    Google Scholar 

  5. Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: Proc. Third SIAM Conference Data Mining (2003)

    Google Scholar 

  6. Lee, W., et al.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security (2000)

    Google Scholar 

  7. Lee, T.-Y., et al.: Mining Serial Episode Rules with Time Lags over Multiple Data Streams. Springer, Heidelberg (2008)

    Book  Google Scholar 

  8. Snort 2.1 Intrusion Detection, 2nd edn. Syngress Publication

    Google Scholar 

  9. Roesch, M.: SNORT-Lightweight Intrusion Detection for Networks. In: Proc. USENIX 13th Systems Administration Conf., LISA 1999 (1999)

    Google Scholar 

  10. Paxson, V.: Bro: A System for Detecting Network Intrusions in Real Time. In: Proc. Seventh USENIX Security Symposium (January 1998)

    Google Scholar 

  11. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 162–182. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  12. Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220–237. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. McHugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Off-line Intrusion Detection System Evaluation as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security (November 2000)

    Google Scholar 

  14. Mannila, H., Toivonen, H.: Discovering Generalized Episodes Using Minimal Occurrences. In: Proc. Second International Conference on Knowledge Discovery and Data Mining (August 1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Vishwakarma Institute of Technology, Pune, India

    V. V. Korde, N. Z. Tarapore, S. R. Shinde & M. L. Dhore

Authors
  1. V. V. Korde
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. N. Z. Tarapore
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. R. Shinde
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. M. L. Dhore
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Jackson State University, Jackson, MS, USA

    Natarajan Meghanathan

  2. University of Calcutta, Calcutta, India

    Nabendu Chaki

  3. Wireilla Net Solutions PTY Ltd., Melbourne, VIC, Australia

    Dhinaharan Nagamalai

Rights and permissions

Reprints and permissions

Copyright information

© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Korde, V.V., Tarapore, N.Z., Shinde, S.R., Dhore, M.L. (2012). Hybrid Intrusion Detection with Rule Generation. In: Meghanathan, N., Chaki, N., Nagamalai, D. (eds) Advances in Computer Science and Information Technology. Computer Science and Engineering. CCSIT 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 85. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27308-7_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27308-7_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27307-0

  • Online ISBN: 978-3-642-27308-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation