CFP last date
20 January 2025
Reseach Article

An Improved Approach for Signature and Anomaly based Intrusion Detection and Prevention

Published on March 2012 by Shivarkar Sandip A., Muzumdar Ajit A., Dange Bapusaheb J.
International Conference in Computational Intelligence
Foundation of Computer Science USA
ICCIA - Number 8
March 2012
Authors: Shivarkar Sandip A., Muzumdar Ajit A., Dange Bapusaheb J.
e20e8bf3-6267-4603-9c74-557e14e31236

Shivarkar Sandip A., Muzumdar Ajit A., Dange Bapusaheb J. . An Improved Approach for Signature and Anomaly based Intrusion Detection and Prevention. International Conference in Computational Intelligence. ICCIA, 8 (March 2012), 21-25.

@article{
author = { Shivarkar Sandip A., Muzumdar Ajit A., Dange Bapusaheb J. },
title = { An Improved Approach for Signature and Anomaly based Intrusion Detection and Prevention },
journal = { International Conference in Computational Intelligence },
issue_date = { March 2012 },
volume = { ICCIA },
number = { 8 },
month = { March },
year = { 2012 },
issn = 0975-8887,
pages = { 21-25 },
numpages = 5,
url = { /proceedings/iccia/number8/5147-1059/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Proceeding Article
%1 International Conference in Computational Intelligence
%A Shivarkar Sandip A.
%A Muzumdar Ajit A.
%A Dange Bapusaheb J.
%T An Improved Approach for Signature and Anomaly based Intrusion Detection and Prevention
%J International Conference in Computational Intelligence
%@ 0975-8887
%V ICCIA
%N 8
%P 21-25
%D 2012
%I International Journal of Computer Applications
Abstract

Intrusion detection systems (IDS) are developing very rapid in recent years. But most traditional IDS can only detect either misuse or anomaly attacks. In this paper, we propose a system that combining both misuse and anomaly attacks. Hybrid intrusion detection is a novel kind of model combining the advantages of anomaly detection and misuse detection. We design a new hybrid intrusion system based on conditional random fields. Experimental results for Signature based detection based on the KDD 1999 Cup dataset shows that the proposed model is promising in terms of detection accuracy and computational efficiency, where as for anomaly based detection system we use conditional random fields which are more accurate.

References
  1. Kapil Kumar Gupta, Baikunth Nath, Senior Member, IEEE, and Ramamohanarao Kotagiri, Member, IEEE, ?Layered Approach Using Conditional Random Fields for Intrusion Detection?, ieee transactions on dependable and secure computing, vol. 7, no. 1, january-march 2010
  2. Autonomous Agents for Intrusion Detection,http://www.cerias. purdue.edu/ research /aafid/, 2010.
  3. CRF++: Yet Another CRF Toolkit, http://crfpp.sourceforge.net/, 2010.
  4. KDD Cup 1999 Intrusion Detection Data, http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, 2010.
  5. T. Abraham, IDDM: Intrusion Detection Using Data Mining Techniques, http:// www.dsto.defence./gov.au/publications/ 2345/DSTO-GD-0286.pdf, 2008.
  6. SANS Institute—Intrusion Detection FAQ, http://www.sans.org/resources/idfaq/, 2010.
  7. Ram Soni, Navneet Kour, Alka Kushwaha, Satyendra Singh, Abhishek Vaish Live Computer Forensics on Windows and Linux platform IJSDIA International Journal of Secure Digital Information Age, Volume 2, No.1, 2010
  8. A Hybrid Network Intrusion Detection Technique Using Random Forests Jiong Zhang and Mohammad Zulkernine School of Computing Queen’s University, Kingston Ontario, Canada K7L 3N6 zhang, mzulker @cs.queensu.ca
  9. Yu-Xin Ding, Min Xiao, Ai-Wu Liu,? Research And Implementation On Snort-Based Hybrid Intrusion Detection System?, International Conference On Machine Learning And Cybernetics, Baoding, 12-15 July 2009
  10. C. Kruegel, D. Mutz, W. Robertson, and F. Valeur, ?Bayesian Event Classification for Intrusion Detection,? Proc. 19th Ann. Com-puter Security Applications Conf. (ACSAC ’03), pp. 14-23, 2003.
  11. S. Forrest, S.A. Hofmeyr, A. Somayaji, and T.A. Longstaff, ?A Sense of Self for Unix Processes,?Proc.IEEE Symp. Re-search in Security and Privacy (RSP ’96), pp. 120-128, 1996.
  12. W. Wang, X.H. Guan, and X.L. Zhang, ?Modeling Program Behaviors by Hidden Markov Models for Intrusion Detection,? Proc. Int’l Conf. Machine Learning and Cybernetics (ICMLC ’04), vol. 5, pp. 2830-2835, 2004.
  13. L. Portnoy, E. Eskin, and S. Stolfo, ?Intrusion Detection with Unlabeled Data Using Clustering,? Proc. ACM Workshop Data Mining Applied to Security (DMSA), 2001.
  14. H. Shah, J. Undercoffer, and A. Joshi, ?Fuzzy Clustering for Intrusion Dete-ction,? Proc. 12th IEEE Int’l Conf. Fuzzy Systems (FUZZ-IEEE ’03), vol. 2, pp. 1274-1278, 2003.
  15. W. Lee, S. Stolfo, and K. Mok, ?Mining Audit Data to Build Intrusion Detection Models,? Proc. Fourth Int’l Conf. Knowledge Discovery and Data Mining (KDD ’98), pp. 66-72, 1998.
  16. W. Lee and S. Stolfo, ?Data Mining Approaches for Intrusion Detection,? Proc. Seventh USENIX Security Symp. (Sec-urity ’98), pp. 79-94, 1998.
  17. K.K. Gupta, B. Nath, and R. Kotagiri, ?Conditional Random Fields for Intrusion Detection,? Proc. 21st Int’l Conf. Advanced Information Networking and Applications Workshops (AINAW ’07), pp. 203-208, 2007.
  18. Feng H. H., O. M. Kolesnikov, P. Fogla, W. Lee, W. Gong, Anomaly detection using call stack information, In Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, 2003, pp. 62-76.
  19. Leung K., C. Leckie, Unsupervised anomaly detection in network intrusion detection using clusters, In Proceedings of the Twenty - eighth Australasian confe- rence on Computer Science - Volume 38, Newcastle, Australia, 2005, pp. 333 – 342.
  20. Feng H. H., O. M. Kolesnikov, P. Fogla, W. Lee, W. Gong, Anomaly detection using call stack information, In Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, 2003, pp. 62-76.
  21. Sekar R., M. Bendre, P. Dhurjati, D. Bullineni, A fast automaton-based method for detecting anomalous program behave-ours, IEEE Symposium on Security and Privacy, 2001, S&P 2001, pp. 144 – 155.
Index Terms

Computer Science
Information Sciences

Keywords

Conditional Random Fields Anomalous activity Signature