Implementation of Intrusion Detection System (IDS) and Snort Community Rules to Detect Types of Network Attacks

Network technologies have been steadily developing and their application has been expanding. One of the aspects of the development is a modification of the current network attacks and the appearance of new ones. The anomalies that can be detected in network traffic conform with such attacks. Development of new and improvement of the current approaches to detect anomalies in network traffic have become an urgent task. The article suggests a hybrid approach to detect anomalies on the basis of the combined signature approach and computationally effective classifiers of machine learning: logistic regression, stochastic gradient descent and decision tree with accuracy increase due to weighted voting. The choice of the classifiers is explained by the admissible complexity of the algorithms that allows detection of network traffic events for the time close to real. Signature analysis is carried out with the help of the Zeek IDS (Intrusion Detection System) signature base. Learning is fulfilled by preliminary prepared (by excluding extra recordings and parameters) CICIDS2017 (Canadian Institute for Cybersecurity Intrusion Detection System) signature set by cross validation. The set is roughly divided into ten parts that allows us to increase the accuracy. Experimental evaluation of the developed approach comparing with individual classifiers and with other approaches by such criteria as part of type I and II errors, accuracy and level of detection, has proved the approach suitable to be applied in network attacks detection systems. It is possible to introduce the developed approach into both existing and new anomaly detection systems.

Download Full-text

DESIGNING RULES TO IMPLEMENT RECONNAISSANCE AND UNAUTHORIZED ACCESS ATTACKS FOR INTRUSION DETECTION SYSTEM

Iraqi Journal of Information & Communications Technology ◽

10.31987/ijict.2.2.67 ◽

2019 ◽

Vol 2 (2) ◽

pp. 25-43

Author(s):

Subhi A. Mohammed

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

Intrusion Detection System ◽

Detection System ◽

Network Attacks ◽

Unauthorized Access ◽

Large Numbers

Abstract- Network attacks are classified according to their objective into three types: Denial of Services (DOS), reconnaissance and unauthorized access. A base signature Intrusion Detection System (IDS) which gives an alarm when the monitor network traffic meets a previously specified set of criteria of attack traffic. This paper will focus on design, compose, and process IDS rules, and then to decide whether that packet is intrusive or not, by examining the signatures of the attacks in both incoming packets headers and payload to networks. Packet sniffer is performs capturing, decoding and reassembling of the network packet traffic, then passes it to the programmed rules. Linux backtrack tools was used to implement an IDS scenario for two types of attacks (Reconnaissance and Unauthorized access). The results show that IDS rules are able to detect large numbers of various attacks.

Download Full-text

IDS-attention: an efficient algorithm for intrusion detection systems using attention mechanism

Journal Of Big Data ◽

10.1186/s40537-021-00544-5 ◽

2021 ◽

Vol 8 (1) ◽

Author(s):

FatimaEzzahra Laghrissi ◽

Samira Douzi ◽

Khadija Douzi ◽

Badr Hssina

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Short Term Memory ◽

Detection System ◽

False Negative ◽

False Negative Rate ◽

Attention Mechanism ◽

Intrusion Detection Systems ◽

Network Attacks ◽

Detection Systems

AbstractNetwork attacks are illegal activities on digital resources within an organizational network with the express intention of compromising systems. A cyber attack can be directed by individuals, communities, states or even from an anonymous source. Hackers commonly conduct network attacks to alter, damage, or steal private data. Intrusion detection systems (IDS) are the best and most effective techniques when it comes to tackle these threats. An IDS is a software application or hardware device that monitors traffic to search for malevolent activity or policy breaches. Moreover, IDSs are designed to be deployed in different environments, and they can either be host-based or network-based. A host-based intrusion detection system is installed on the client computer, while a network-based intrusion detection system is located on the network. IDSs based on deep learning have been used in the past few years and proved their effectiveness. However, these approaches produce a big false negative rate, which impacts the performance and potency of network security. In this paper, a detection model based on long short-term memory (LSTM) and Attention mechanism is proposed. Furthermore, we used four reduction algorithms, namely: Chi-Square, UMAP, Principal Components Analysis (PCA), and Mutual information. In addition, we evaluated the proposed approaches on the NSL-KDD dataset. The experimental results demonstrate that using Attention with all features and using PCA with 03 components had the best performance, reaching an accuracy of 99.09% and 98.49% for binary and multiclass classification, respectively.

Download Full-text

Network Attacks and Intrusion Detection System: A Brief

2019 2nd International Conference on Intelligent Communication and Computational Techniques (ICCT) ◽

10.1109/icct46177.2019.8969033 ◽

2019 ◽

Author(s):

Neha V Sharma ◽

Kavita ◽

Gaurav Agarwal

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Network Attacks ◽

System A

Download Full-text

Software Defined Network Detection System

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.b3549.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 1391-1395

Keyword(s):

Deep Learning ◽

Intrusion Detection ◽

Real Time ◽

Intrusion Detection System ◽

Detection System ◽

Software Defined Network ◽

Wireless Internet ◽

Network Attacks ◽

Network Usage ◽

Software Define Network

The ongoing increase in the use of wireless Internet and smartphones has resulted in changing consumer patterns, which has changed the demand for network usage such that existing hardware-centric devices cannot satisfy this demand. One of the fastest growing technologies is software define network, which can solve this problem. An intrusion detection system is a system that detects and responds to network attacks in real time in a network environment based on software define network. The focus of this paper is to present a deep learning-based network detection system. We describe pre-processing for deep learning algorithms and propose an architecture of the detection system. The analysis results of the system are also described

Download Full-text

DeliveryCoin: An IDS and Blockchain-Based Delivery Framework for Drone-Delivered Services

Computers ◽

10.3390/computers8030058 ◽

2019 ◽

Vol 8 (3) ◽

pp. 58 ◽

Cited By ~ 9

Author(s):

Mohamed Amine Ferrag ◽

Leandros Maglaras

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Privacy Preservation ◽

Detection System ◽

Network Attacks ◽

Random Oracles ◽

Diffie Hellman ◽

Delivery Platform ◽

Bilinear Groups ◽

Short Signatures

In this paper, we propose an intrusion detection system (IDS) and Blockchain-based delivery framework, called DeliveryCoin, for drone-delivered services. The DeliveryCoin framework consists of four phases, including system initialization phase, creating the block, updating the blockchain, and intrusion detection phase. To achieve privacy-preservation, the DeliveryCoin framework employs hash functions and short signatures without random oracles and the Strong Diffie–Hellman (SDH) assumption in bilinear groups. To achieve consensus inside the blockchain-based delivery platform, we introduce a UAV-aided forwarding mechanism, named pBFTF. We also propose an IDS system in each macro eNB (5G) for detecting self-driving network attacks as well as false transactions between self-driving nodes. Furthermore, extensive simulations are conducted, and results confirm the efficiency of our proposed DeliveryCoin framework in terms of latency of blockchain consensus and accuracy.

Download Full-text