首页    期刊浏览 2025年01月06日 星期一
登录注册

文章基本信息

  • 标题:Conditional Hybrid Approach for Intrusion Detection
  • 本地全文:下载
  • 作者:H. Alaidaros ; M. Mahmuddin
  • 期刊名称:Research Journal of Information Technology
  • 印刷版ISSN:1815-7432
  • 电子版ISSN:2151-7959
  • 出版年度:2016
  • 卷号:8
  • 期号:3
  • 页码:55-65
  • DOI:10.3923/rjit.2016.55.65
  • 出版社:Academic Journals Inc., USA
  • 摘要:Background and Objective: Inspecting all packets to detect intrusions faces challenges when coping with a high volume of traffic. Packet-based detection processes every payload on the wire, which degrades the performance of intrusion-detection systems. This issue requires the introduction of a flow-based IDS approach that reduces the amount of data to be processed by examining aggregated information of related packets in the form of flow. However, flow-based detection still suffers from the generation of false positive alerts due to lack of completed data input. This study proposed a model to improve packet-based performance and reduce flow-based false positive rate by combining flow-based with packet-based detection to compensate for their mutual shortcomings. This proposed model is named as conditional hybrid intrusion detection. Materials and Methods: In this model, only malicious flows marked by flow-based must be further analyzed by packet-based detection. For packet-based detection to communicate with flow-based detection, input framework approach was used. To evaluate the proposed detection methods, public datasets were replayed in different traffic rates into both the proposed method and default Bro implementations in a testbed controlled environment. Results: Experimental evaluation shows that the proposed approach was able to detect all infected hosts reported and corresponding datasets. At 200 Mbps rate, proposed approach can save 50.6% of memory and 18.1% of CPU usage compared with default Bro packet-based detection. Experiments demonstrated that the default Bro packet-based can handle bandwidth up to 100 Mbps without packets drop, while 200 Mbps in the proposed approach. Conclusion: Experimental evaluation showed that the proposed model gains a significant performance improvement, in term of resource consumption and packet drop rate compared with a default Bro packet-based detection implementation. The proposed approach can mitigate the false positive rate of flow-based detection and reduce the resource consumption of packet-based detection, while preserving detection accuracy. This study can be considered as skeleton model to be applied for intrusion or monitoring detection systems.
国家哲学社会科学文献中心版权所有