Skip to main content
SpringerLink
Log in
Book cover

Computing and Network Sustainability pp 337–347Cite as

A Flow-Based Network Intrusion Detection System for High-Speed Networks Using Meta-heuristic Scale

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 75))

Abstract

Internet users are drastically increasing, along with new network services which are leading to more serious network attacks and threats. A network intrusion detection system (NIDS) is designed mainly to detect such attacks. While some NIDSs work by inspecting the complete traffic called as packet-based NIDSs, other NIDSs inspect cumulative information related to the packets in the form of flow called as flow-based NIDSs. Even though packet-based NIDSs generate high detection accuracy with low false alarms, they are hard, or even impossible, to achieve at the speed. In the flow-based IDSs, the amount of information to be processed is lesser, so it is the logic suitable for high-speed networks. But the problem is with flow-based high false alarm rate and low accuracy. In this paper, a flow-based intrusion detection system (IDS) for high-speed networks using meta-heuristic scale is proposed. Initially, a flow-based approach is applied on request stream to define feature metrics. Next, these feature metrics are used to define the scale, which is further used to define whether the flow is normal or malicious. In order to confirm the effectiveness of the model proposed, it has been experimented on NSL-KDD. The experimental results exhibit that the designed models provide improved accuracy with less computational time and minimal false alarm rate.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Adnan M, Abdulazeez B, Adel SI (2011) Intrusion detection and attack classifier based on three techniques. Comp Study Eng Technol J 29(2):233–254

    Google Scholar 

  2. Gao M, Zhang K, Lu J (2006) Efficient packet matching for gigabit network intrusion detection using TCAMs. In: Proceedings of 20th international conference on advanced information networking and applications (AINA’06), pp 249–254

    Google Scholar 

  3. Myung S, Hun K, Seong H, Seung C, James H (2004) A flow-based method for abnormal network traffic detection. In: IEEE/IFIP network operations and management symposium, pp 599–612

    Google Scholar 

  4. Song B, Yang W, Chen M, Zhao X, Fan J (2010) Achieving flow-level controllability in network intrusion detection system. In: 11th ACIS international conference on software engineering, artificial intelligence, networking and parallel/distributed computing, IEEE computer Society

    Google Scholar 

  5. Alaidaros H, Mahmuddin M, Al Mazari A (2011) An overview of flow-based and packet-based intrusion detection performance in high speed networks. In: The international arab conference on information technology (ACIT’2011)

    Google Scholar 

  6. Schaffrath G, Stiller B (2008) Conceptual integration of flow-based and packet-based network intrusion detection. In: IFIP International Federation for Information Processing 2008, AIMS 2008. LNCS 5127, pp 190–194

    Google Scholar 

  7. Abuadlla Y, Kvascev G, Gajin S, Jovanovic Z (2016) Flow-based anomaly intrusion detection system using two neural network stages. Comput Sci Inf Syst 11(2):601–622

    Article  Google Scholar 

  8. Li Z, Gao Y, Chen Y (2009) HiFIND: a high-speed flow-level intrusion detection approach with DoS resiliency. Comput Netw (Elsevier)

    Google Scholar 

  9. Munivara Prasad K, Rama Mohan Reddy A, Venu Gopal Rao K (2018) An experiential metrics-based machine learning approach for anomaly based real time prevention (ARTP) of App-DDoS attacks on web. In: Artificial intelligence and evolutionary computations in engineering systems. Springer, pp 99–112

    Google Scholar 

  10. Munivara Prasad K, Rama Mohan Reddy A, Venu Gopal Rao K (2017) BIFAD: bio-inspired anomaly based HTTP-flood attack detection. Wirel Pers Commun 97(1):281–308

    Article  Google Scholar 

  11. Jyothsna V, Rama Prasad VV (2016) Anomaly based network intrusion detection through assessing feature association impact scale. INDERSCIENCE-Int J Inf Comput Secur (IJICS) 8(3):241–257

    Google Scholar 

  12. Jyothsna V, Rama Prasad VV (2016) FCAAIS: anomaly based network intrusion detection through feature correlation analysis and association impact scale. J Inf Commun Technol Express 2(3):103–116 (Elsevier)

    Article  Google Scholar 

  13. Dhanabal L, Shantharajah, SP (2015) A study on NSL-KDD dataset for intrusion detection system based on classification algorithms. Int J Adv Res Comput Commun Eng 4(6)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Sree Vidyanikethan Engineering College, Tirupati, India

    V. Jyothsna

  2. Chadalawada Ramanamma Engineering College, Tirupati, India

    D. Mukesh & A. N. Sreedhar

Authors
  1. V. Jyothsna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. D. Mukesh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. N. Sreedhar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to V. Jyothsna .

Editor information

Editors and Affiliations

  1. Department of Computer Science , National Dong Hwa University, Hualien, Taiwan

    Sheng-Lung Peng

  2. Techno India College of Technology, Kolkata, West Bengal, India

    Nilanjan Dey

  3. Poornima University, Jaipur, Rajasthan, India

    Mahesh Bundele

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Jyothsna, V., Mukesh, D., Sreedhar, A.N. (2019). A Flow-Based Network Intrusion Detection System for High-Speed Networks Using Meta-heuristic Scale. In: Peng, SL., Dey, N., Bundele, M. (eds) Computing and Network Sustainability. Lecture Notes in Networks and Systems, vol 75. Springer, Singapore. https://doi.org/10.1007/978-981-13-7150-9_36

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-7150-9_36

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-7149-3

  • Online ISBN: 978-981-13-7150-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation