Building an Effective Intrusion Detection System using combined Signature and Anomaly Detection Techniques
Prakash N Kalavadekar1, Shirish S. Sane2
1Mr. Prakash N. Kalavadekar, K.K Wagh Institute of Engineering Education & Research, Nashik, Savitribai Phule Pune University, India.
2Dr. Shirish S. Sane, K.K Wagh Institute of Engineering Education & Research, Nashik, Savitribai Phule Pune University, India.
Manuscript received on 02 July 2019 | Revised Manuscript received on 05 July 2019 | Manuscript published on 30 August 2019 | PP: 429-435 | Volume-8 Issue-10, August 2019 | Retrieval Number: I8469078919/2019©BEIESP | DOI: 10.35940/ijitee.I8469.0881019
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: Intrusion Detection Systems (IDS) are providing better solution to the current issues and thus became an important element of any security infrastructure to detect various threats so as to prevent widespread harm. The basic aim of IDS is to detect attacks and their nature and prevent damage to the computer systems. Several different approaches for intrusion detection have been reported in the literature. These approaches are broadly categorized into three approaches: I) Signature-based approach II) Anomaly based approach and III) Hybrid approach that combines signature and anomaly detection approaches. Hybrid approach has been found to be superior to either signature based or anomaly based approaches. Several different algorithms are available for hybrid approach. This paper suggests the combined approach using signature and anomaly detection techniques. The signature based is build using genetic algorithm as filter based feature selection and J48 as classifier and data mining approach is used to build anomaly based IDS. The performance of combined IDS is evaluated on well known datasets such as KDD Cup 99, UGR 16 and Kyoto 2006+ etc. The experimental results presented here are encouraging and show superiority of combined IDS to detect network anomalies with respect to time required building the model, detection rate, accuracy and false positive rate.
Keywords: Anomaly, Data Mining, Intrusion Detection, Anomaly, Signature.
Scope of the Article: Data Mining