A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks

Karim, Imdadul; Vien, Quoc-Tuan; Lê, Tuấn Anh; Mapp, Glenford

doi:10.3390/computers6010006

Cited by 20 publications

(19 citation statements)

References 25 publications

(42 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Snort captures and inspects packets to detect malicious activities through DPI on the packet payload against attacks signatures represented as a rule set. While many traffic features affect resource consumption such as, e.g., traffic load, traffic type, packet size, present or absence of attack, number of packet fragmentation [17]- [19] , yet traffic intensity is the main factor to consider for initial deployment. Thus, each security module in the pool will be associated with two resource vectors that represent a baseline requirement (resources required for initial deployment of the module) and a traffic requirement associated with each traffic type (e.g.…”

Section: ) Traffic Constraintsmentioning

confidence: 99%

On the Optimality of Virtualized Security Function Placement in Multi-Tenant Data Centers

Ali

Anagnostopoulos

Pezaros

2018

2018 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

Security and service protection against cyber attacks remain among the primary challenges for virtualized, multitenant Data Centres (DCs), for reasons that vary from lack of resource isolation to the monolithic nature of legacy middleboxes. Although security is currently considered a property of the underlying infrastructure, diverse services require protection against different threats and at timescales which are on par with those of service deployment and elastic resource provisioning. We address the resource allocation problem of deploying customised security services over a virtualized, multi-tenant DC. We formulate the problem in Integral Linear Programming (ILP) as an instance of the NP-hard variable size variable cost bin packing problem with the objective of maximising the residual resources after allocation. We propose a modified version of the Best Fit Decreasing algorithm (BFD) to solve the problem in polynomial time and we show that BFD optimises the objective function up to 80% more than other algorithms.

show abstract

Section: ) Traffic Constraintsmentioning

confidence: 99%

On the Optimality of Virtualized Security Function Placement in Multi-Tenant Data Centers

Ali

Anagnostopoulos

Pezaros

2018

2018 IEEE International Conference on Communications (ICC)

View full text Add to dashboard Cite

show abstract

“…Along with network the development and application, serious security threats have emerged. Intrusion detection based on networks is an important step of cyber security [1][2][3][4][5][6][7][8][9][10][11][12][13][14][15]. By analyzing large amounts of network data, network-based intrusion detection can effectively mitigate security threats [16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35].…”

Section: Introductionmentioning

confidence: 99%

“…Features selected by different feature selection algorithms using the denial of service (DOS) classifier. ,4,19,15,16,18,17,31,14,28,23,20,26,11,27,40,3,29,1,42,13,32,38,30,39,5,41 MIFS (β = 0.7 )[19] 317, 2, 19, 15, 16, 18, 17, 14, 23, 20, 31, 26, 28, 11, 27, 40, 29, 3, 1, 42, 39, 30, 4, 5, 32, 13, 41, 36, 38, 35, 34 , 13, 4, 19, 15, 16, 17, 18, 14, 28, 20, 23, 31, 29, 11, 26, 27, 40, 42, 3, 38, 1 …”

mentioning

confidence: 99%

A Filter Feature Selection Algorithm Based on Mutual Information for Intrusion Detection

Zhao

Niu

et al. 2018

Applied Sciences

View full text Add to dashboard Cite

For a large number of network attacks, feature selection is used to improve intrusion detection efficiency. A new mutual information algorithm of the redundant penalty between features (RPFMI) algorithm with the ability to select optimal features is proposed in this paper. Three factors are considered in this new algorithm: the redundancy between features, the impact between selected features and classes and the relationship between candidate features and classes. An experiment is conducted using the proposed algorithm for intrusion detection on the KDD Cup 99 intrusion dataset and the Kyoto 2006+ dataset. Compared with other algorithms, the proposed algorithm has a much higher accuracy rate (i.e., 99.772%) on the DOS data and can achieve better performance on remote-to-login (R2L) data and user-to-root (U2R) data. For the Kyoto 2006+ dataset, the proposed algorithm possesses the highest accuracy rate (i.e., 97.749%) among the other algorithms. The experiment results demonstrate that the proposed algorithm is a highly effective feature selection method in the intrusion detection.

show abstract

“…Similarly, the studies in [27][28][29][30][31] also addressed the notion of intrusion detection in large-scale networks and paved the path forward by devising various strategies and architectures. In [27], the authors proposed centralized parallel Snort-based NIDSs to deal with the issues of high speed networks using various multicore processors and operating systems.…”

Section: Background and Related Workmentioning

confidence: 99%

“…In [27], the authors proposed centralized parallel Snort-based NIDSs to deal with the issues of high speed networks using various multicore processors and operating systems. The system attempts to enhance the performance in terms of reducing packet drop ratio, and it also helps the network security management to keep track of all attack behaviors to develop and enhance security policies.…”

Section: Background and Related Workmentioning

confidence: 99%

Toward Bulk Synchronous Parallel-Based Machine Learning Techniques for Anomaly Detection in High-Speed Big Data Networks

et al. 2017

View full text Add to dashboard Cite

Anomaly detection systems, also known as intrusion detection systems (IDSs), continuously monitor network traffic aiming to identify malicious actions. Extensive research has been conducted to build efficient IDSs emphasizing two essential characteristics. The first is concerned with finding optimal feature selection, while another deals with employing robust classification schemes. However, the advent of big data concepts in anomaly detection domain and the appearance of sophisticated network attacks in the modern era require some fundamental methodological revisions to develop IDSs. Therefore, we first identify two more significant characteristics in addition to the ones mentioned above. These refer to the need for employing specialized big data processing frameworks and utilizing appropriate datasets for validating system's performance, which is largely overlooked in existing studies. Afterwards, we set out to develop an anomaly detection system that comprehensively follows these four identified characteristics, i.e., the proposed system (i) performs feature ranking and selection using information gain and automated branch-and-bound algorithms respectively; (ii) employs logistic regression and extreme gradient boosting techniques for classification; (iii) introduces bulk synchronous parallel processing to cater computational requirements of high-speed big data networks; and; (iv) uses the Infromation Security Centre of Excellence, of the University of Brunswick real-time contemporary dataset for performance evaluation. We present experimental results that verify the efficacy of the proposed system.

show abstract

A Comparative Experimental Design and Performance Analysis of Snort-Based Intrusion Detection System in Practical Computer Networks

Cited by 20 publications

References 25 publications

On the Optimality of Virtualized Security Function Placement in Multi-Tenant Data Centers

On the Optimality of Virtualized Security Function Placement in Multi-Tenant Data Centers

A Filter Feature Selection Algorithm Based on Mutual Information for Intrusion Detection

Toward Bulk Synchronous Parallel-Based Machine Learning Techniques for Anomaly Detection in High-Speed Big Data Networks

Contact Info

Product

Resources

About