Multimedia Tools and Applications

, Volume 74, Issue 16, pp 6391–6411 | Cite as

Web-based monitoring approach for network-based intrusion detection and prevention

  • Naruemon WattanapongsakornEmail author
  • Chalermpol Charnsripinyo


There were many reports about incidents of network attacks and security treats. Damages caused by network attacks and malwares can be extremely expensive or unaffordable. In this paper, we present a web-based management system for network-based intrusion detection and prevention. Users can get access from any mobile devices to see current network status, if there is an incident of network attack in the network environment. Our intrusion detection and prevention systems (IDPS) can be applied with different well-known detection algorithms which are C4.5 Decision Tree, Random Forest, Ripple Rule, Bayesian Network, Back-Propagation Neural Network. These algorithms can give very high detection accuracy for known attacks, where the attack type was previously trained/ learnt by the system. However, when new or unfamiliar/unknown attacks are encountered, the algorithms do not perform well. So, we develop a new detection technique based on Fuzzy Genetic Algorithm (Fuzzy GA) to handle the problem. Our IDPS can work in real-time, where detection results will be reported within 2–3 s. The IDPS will automatically protect the network by dropping the malicious network packets or block the network ports that are abused by the attackers. In addition, the proposed IDPS can detect network attacks at different locations inside the network by using several client machines to capture data packets and then send information to the server in order to classify types of network attacks. The proposed IDPS also allows system administrator to update existing detection rule sets or learn new training datasets with a friendly graphic user interface. In our experiments, we can correctly detect and prevent network attacks with high accuracy, more than 97 %.


Web-based IDPS Real-time detection Intrusion detection system Network security system Machine learning technique 



This work was supported by King Mongkut’s University ofTechnology Thonburi, National Research University Project of Thailand and Office ofthe Higher Education Commission. The authors would like to thank the following members of the network security and optimization group at CPE, KMUTT; P. Jongsuebsuk, E. Wonghirunsombat, T. Assawaniwed and V. Hanchana for their assistance in software programming and running some experiments.


  1. 1.
    Amini M, Jalili A, Shahriari HR (2005) RT-UNNID: a practical solution to real-time network-based intrusion detection using unsupervised neural networks. Comput Secur 25:459–468CrossRefGoogle Scholar
  2. 2.
    Bard H (2005) Code Red II analysis. Global Information Assurance Certificated (GIAC) paper, SANS InstituteGoogle Scholar
  3. 3.
    Ferrie P, Perriot F (2004) Virus analysis 2 mostly harmless. Virus Bulletin, August, 5–8Google Scholar
  4. 4.
    Fries TP (2008) A fuzzy-genetic approach to network intrusion detection. The 10th Annual Conference on Genetic and Evolutionary Computation (GECCO), 2141–2146Google Scholar
  5. 5.
    Gómez J, León E (2006) A fuzzy set/rule distance for evolving fuzzy anomaly detectors. IEEE International Conference on Fuzzy Systems, 2286–2292Google Scholar
  6. 6.
    Hoogstraten JV (2003) Blasting windows: an analysis of the W32/Blaster worm. CGIH Practical Assignment Version 2.1a, SANS InstituteGoogle Scholar
  7. 7.
    Iptables, The netfilter “iptable” project [online]. Available:
  8. 8.
    Jongsuebsook P, Wattanapongsakorn N, Charnsripinyo C (2013) Real-time intrusion detection with fuzzy genetic algorithm. ECTI-CON IEEE ConferenceGoogle Scholar
  9. 9.
    Jpcap, a network packet capture library. [Online]. Available:
  10. 10.
    Levy E, Arce I (2004) The spread of the Witty worm. IEEE Secur Priv 2:46–50Google Scholar
  11. 11.
    Li P, Salour M, Su X (2008) A survey of internet worm detection and containment. IEEE Communication Survey & Tutorials, 1st Quarter, 20–35Google Scholar
  12. 12.
    McDowell M, US-CERT, Denial of Service Attacks or DoS. [Online]. Available:
  13. 13.
    Port scan techniques. [Online]. Available:
  14. 14.
    Puttini RS, Marrakchi Z, Me L (2003) A Bayesian classification model for real-time intrusion detection. API Conference, 150–162Google Scholar
  15. 15.
    Sangkatsanee P, Charnsripinyo C, Wattanapongsakorn N (2011) Practical real-time intrusion detection using machine learning approaches. Elsevier Comput Commun 34(18):2227–2235CrossRefGoogle Scholar
  16. 16.
    Sarnsuwan N, Charnsripinyo C, Wattanapongsakorn N (2010) A new approach for internet worm detection and classification, networked computing (INC). 2010 6th International Conference, 1–4Google Scholar
  17. 17.
    Snort [Online]. Available: Intrusion Prevention System [Online]. Available:
  18. 18.
    Unix/Linux: Netstat Command example. [Online]. Available:
  19. 19.
    Wattanapongsakorn N et al (2012) A practical network-based intrusion detection and prevention system. The 11th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications (TrustCom), 209–214Google Scholar
  20. 20.
    Weka library, Data Mining Software in Java. [Online]. Available:

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Naruemon Wattanapongsakorn
    • 1
    Email author
  • Chalermpol Charnsripinyo
    • 2
  1. 1.Department of Computer EngineeringKing Mongkut’s University of Technology ThonburiBangkokThailand
  2. 2.National Electronics and Computer Technology CenterPathumthaniThailand

Personalised recommendations