Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

Khamphakdee, Nattawat; Benjamas, Nunnapus; Saiyod, Saiyan

doi:10.5614/itbj.ict.res.appl.2015.8.3.4

Cited by 31 publications

(21 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Several methods for improving these systems have been introduced using various approaches [6], [7], [8].…”

Section: Related Workmentioning

confidence: 99%

Estimating the Sample Size for Training Intrusion Detection Systems

Wahba¹,

ElSalamouny²,

ElTaweel³

2017

IJCNIS

View full text Add to dashboard Cite

Abstract-Intrusion detection systems (IDS) are gaining attention as network technologies are vastly growing. Most of the research in this field focuses on improving the performance of these systems through various feature selection techniques along with using ensembles of classifiers. An orthogonal problem is to estimate the proper sample sizes to train those classifiers. While this problem has been considered in other disciplines, mainly medical and biological, to study the relation between the sample size and the classifiers accuracy, it has not received a similar attention in the context of intrusion detection as far as we know.In this paper we focus on systems based on Naï ve Bayes classifiers and investigate the effect of the training sample size on the classification performance for the imbalanced NSL-KDD intrusion dataset. In order to estimate the appropriate sample size required to achieve a required classification performance, we constructed the learning curve of the classifier for individual classes in the dataset. For this construction we performed nonlinear least squares curve fitting using two different power law models. Results showed that while the shifted power law outperforms the power law model in terms of fitting performance, it exhibited a poor prediction performance. The power law, on the other hand, showed a significantly better prediction performance for larger sample sizes.

show abstract

“…Several methods for improving these systems have been introduced using various approaches [6], [7], [8].…”

Section: Related Workmentioning

confidence: 99%

Estimating the Sample Size for Training Intrusion Detection Systems

Wahba¹,

ElSalamouny²,

ElTaweel³

2017

IJCNIS

View full text Add to dashboard Cite

show abstract

“…In turn, the alerts are activated and sent to a receiver such as system log, database, management team or even a trap. Many studies have used Snort NIDPS to detect attacks such as DoS and DDoS by developing and designing new rules [13,14,15,16].…”

Section: Snort Network Intrusion Detection and Prevention System (Snomentioning

confidence: 99%

Using Cisco Network Components to Improve NIDPS Performance

Bul´ajoul¹,

James²,

Shaikh³

et al. 2016

Computer Science &Amp; Information Technology ( CS &Amp; IT )

View full text Add to dashboard Cite

show abstract

“…Snort utilize with rule to alert the network traffic data. The Snort-IDS rules have two logical parts such as the rule header and the rule option [12] as shown in Figure 1. The rule header.…”

Section: The Background Of Snort-idsmentioning

confidence: 99%

“…The fallibility is abnormal traffic which it is incorrectly Botnets detection as normal traffic. The values is lower that indicates better performance, shown in equations [12]. Note: In Table 9, efficiency of detection and fallibility performance of each datasets which we utilize Botnets attack 1.rules file.…”

Section: Detection Accuracy Comparison Of the Snort-ids Rulesmentioning

confidence: 99%

See 1 more Smart Citation

Improving Intrusion Detection on Snort Rules for Botnet Detection

Saiyod

Chanthakoummane

Benjamas

et al. 2016

JSN

Self Cite

View full text Add to dashboard Cite

The Botnets has become a serious problem in network security. An organization should find the solutions to protect the data and network system to reduce the risk of the Botnets. The Snort Intrusion Detection System (Snort-IDS) is the popular usage software protection of the network security in the world. The Snort-IDS utilizes the rules to match the data packets traffic. There are some existing rules which can detect Botnets. This paper, improve the Snort-IDS rules for Botnets detection and we analyze Botnets behaviors in three rules packet such as Botnets attack 1.rules, Botnets attack 2.rules, and Botnets attack 3.rules. Moreover, we utilize the MCFP dataset, which includes five files such as CTU-Malware-Capture-Botnet-42, CTU-Malware-Capture-Botnet-43, CTUMalware-Capture-Botnet-47, CTU-Malware-Capture-Botnet-49, and CTUMalware-Capture-Botnet-50 with three rule files of the Snort-IDS rules. The paper has particularly focused on three rule files for performance evaluation of efficiency of detection and the performance evaluation of fallibility for Botnets Detection. The performance of each rule is evaluated by detecting each packet. The experimental results shown that, the case of Botnets attack 1.rules file can maximally detect Botnets detection for 809075 alerts, the efficiency of detection and fallibility for Botnets detection are 94.81% and 5.17%, respectively. Moreover, in the case of Botnets attack 2.rules file, it can detect Botnets up to 836191 alerts, having efficiency of detection and fallibility for Botnets detection are 97.81% and 2.90%, respectively. The last case Botnets attack 3.rules file can detect Botnets 822711 alerts, it can 93.72% of efficiency of detection and the value of fallibility is 6.27%. The Botnets attack 2.rules file is most proficient rule for Botnets detection, because it has a high efficiency of detection for detection and a less of fallibility.

show abstract

Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

Cited by 31 publications

References 16 publications

Estimating the Sample Size for Training Intrusion Detection Systems

Estimating the Sample Size for Training Intrusion Detection Systems

Using Cisco Network Components to Improve NIDPS Performance

Improving Intrusion Detection on Snort Rules for Botnet Detection

Contact Info

Product

Resources

About