Abstract
This paper reports a new experimental hybrid intrusion detection system (HIDS). This hybrid system combines the advantages of Misuse-based intrusion detection system (IDS) having low false-positive rate and the ability of anomaly detection system (ADS) to detect novel unknown attacks. This is done by mining Internet connections records for anomalies. We have built ADS that can detect attacks not detected by Misuse-based systems like Snort or Bro systems. Rules are extracted from detected anomalies and then are added to Misuse-based system’s rule database. Thus Misuse-based intrusion detection system can detect new attacks. The system is trained and tested using Massachusetts Institute of Technology/ Lincoln Laboratory (MIT/LL) DARPA 1999 dataset respectively. Our experimental results show a 69 percent detection rate of the HIDS, compared with 47 percent in using the Snort. This increase in detection rate is obtained with around 0.08 percent false alarms. This approach provides a better way to deal with novel attacks using ADS along with a trustworthy misuse-based Intrusion detection system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Qin, M., Hwang, K.: Anomaly Intrusion Detection by Internet Data mining of Traffic Episodes. ACM Transactions on Information and System Security (2004)
Yang, J., Chen, X., Xiang, X., Wan, J.: HIDS-DT: An Effective Hybrid Intrusion Detection System Based on Decision Tree. In: International Conference on Communications and Mobile Computing (2010)
Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: Detecting Intrusions by Data Mining. Proceedings of the IEEE (2001)
Ertoz, L., et al.: The MINDS-Minnesota Intrusion Detection System. In: Next Generation Data Mining. MIT Press (2004)
Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. In: Proc. Third SIAM Conference Data Mining (2003)
Lee, W., et al.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security (2000)
Lee, T.-Y., et al.: Mining Serial Episode Rules with Time Lags over Multiple Data Streams. Springer, Heidelberg (2008)
Snort 2.1 Intrusion Detection, 2nd edn. Syngress Publication
Roesch, M.: SNORT-Lightweight Intrusion Detection for Networks. In: Proc. USENIX 13th Systems Administration Conf., LISA 1999 (1999)
Paxson, V.: Bro: A System for Detecting Network Intrusions in Real Time. In: Proc. Seventh USENIX Security Symposium (January 1998)
Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 162–182. Springer, Heidelberg (2000)
Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220–237. Springer, Heidelberg (2003)
McHugh, J.: Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Off-line Intrusion Detection System Evaluation as Performed by Lincoln Laboratory. ACM Transactions on Information and System Security (November 2000)
Mannila, H., Toivonen, H.: Discovering Generalized Episodes Using Minimal Occurrences. In: Proc. Second International Conference on Knowledge Discovery and Data Mining (August 1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Korde, V.V., Tarapore, N.Z., Shinde, S.R., Dhore, M.L. (2012). Hybrid Intrusion Detection with Rule Generation. In: Meghanathan, N., Chaki, N., Nagamalai, D. (eds) Advances in Computer Science and Information Technology. Computer Science and Engineering. CCSIT 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 85. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27308-7_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-27308-7_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27307-0
Online ISBN: 978-3-642-27308-7
eBook Packages: Computer ScienceComputer Science (R0)