Networking and Communication Engineering

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Advanced Intrusion Detection and Prevention System with Rule Based Mining Techniques and Using Prevention Policies over an Internet


Affiliations
1 Computer Science & Engineering Department, Government College of Engineering, Aurangabad (M.S), India
     

   Subscribe/Renew Journal


This paper explores the design principles of an advanced intrusion detection system (AIDS) with the prevention from the generated attacks. This advanced system combines the advantages of low false-positive rate of signature-based intrusion detection system (IDS) and the ability of anomaly detection system (ADS) to detect novel unknown attacks. By mining anomalous traffic episodes from Internet connections, we build ADS that detects anomalies beyond the capabilities of signature-based systems. A weighted signature generation rule based mining scheme is developed to integrate ADS with signature based system by extracting signatures from anomalies detected. AIDS extracts signatures from the output of ADS and adds them into the signature database for fast and accurate intrusion detection. After this prevention phase of the system is developed using different prevention policy options to the network administrator to avoid further possible network attacks and to prevent it before massive damage. By using new scheme, definitely the detection rate is more compared with 30 percent and 22 percent in using the SNORT and Bro systems, respectively. This increase in detection rate will be obtained with fewer false alarms. The signatures generated by ADS upgrade the SNORT performance by giving options to administrator to set the rule attributes through provided user interface of the system. The AIDS approach proves the vitality of detecting intrusions and anomalies, simultaneously, by automated data mining and signature generation over Internet. The prevention phase provides the flexibility in the intrusion system updating so that it reduces burden from the network administrator to reconfigure the intrusion detection system for the detected attacks.

Keywords

Anomaly Detection, Data Mining, False Alarms, Internet Episodes, Prevention, Signature Detection.
User
Subscription Login to verify subscription
Notifications
Font Size

Abstract Views: 192

PDF Views: 2




  • Advanced Intrusion Detection and Prevention System with Rule Based Mining Techniques and Using Prevention Policies over an Internet

Abstract Views: 192  |  PDF Views: 2

Authors

P. S. Revankar
Computer Science & Engineering Department, Government College of Engineering, Aurangabad (M.S), India
A. B. Pawar
Computer Science & Engineering Department, Government College of Engineering, Aurangabad (M.S), India

Abstract


This paper explores the design principles of an advanced intrusion detection system (AIDS) with the prevention from the generated attacks. This advanced system combines the advantages of low false-positive rate of signature-based intrusion detection system (IDS) and the ability of anomaly detection system (ADS) to detect novel unknown attacks. By mining anomalous traffic episodes from Internet connections, we build ADS that detects anomalies beyond the capabilities of signature-based systems. A weighted signature generation rule based mining scheme is developed to integrate ADS with signature based system by extracting signatures from anomalies detected. AIDS extracts signatures from the output of ADS and adds them into the signature database for fast and accurate intrusion detection. After this prevention phase of the system is developed using different prevention policy options to the network administrator to avoid further possible network attacks and to prevent it before massive damage. By using new scheme, definitely the detection rate is more compared with 30 percent and 22 percent in using the SNORT and Bro systems, respectively. This increase in detection rate will be obtained with fewer false alarms. The signatures generated by ADS upgrade the SNORT performance by giving options to administrator to set the rule attributes through provided user interface of the system. The AIDS approach proves the vitality of detecting intrusions and anomalies, simultaneously, by automated data mining and signature generation over Internet. The prevention phase provides the flexibility in the intrusion system updating so that it reduces burden from the network administrator to reconfigure the intrusion detection system for the detected attacks.

Keywords


Anomaly Detection, Data Mining, False Alarms, Internet Episodes, Prevention, Signature Detection.