Beruflich Dokumente
Kultur Dokumente
Abstract As advances in the networking technology help to connect distant corners of the globe and as the Internet continues to expand its
influence as a medium for communication, the threat from attackers and criminal enterprises has also grown accordingly. The increasing
occurrence of network attacks is a very big issue to the network services. So, Intrusion Detection System has become a necessary component of
network security. It is used for detection of many known and unknown network vulnerabilities in wired networks. While the Internet service for
any purpose is used, normally who are attacking on the computer network is not known by us. Those network attacks can cause network services
slow, temporarily unavailable, or down for a long period of time. The concern on this work is to perusal various methods of networking attacks
detection and compare them against these methods by considering their pros and cons.
Keywords- Intrusion Detection Systems, signature based detection, anomaly based detection, hybrid; attack; snort
__________________________________________________*****_________________________________________________
312
IJRITCC | June 2016, Available @ http://www.ijritcc.org
________________________________________________________________________________________________________
International Journal on Recent and Innovation Trends in Computing and Communication ISSN: 2321-8169
Volume: 4 Issue: 6 311 - 313
_______________________________________________________________________________________________
E. A serial Combination of Anomaly and Misuse IDSes engine and detection
Applied to HTTP Traffic neural component to
network detect
E. Tombini [6] et al. described in their paper regarding anomalies in
combining an anomaly and a misuse IDSes that offers the the network
benefit of separating the monitored events between intrusive, traffic.
The
normal or unqualified classes (i.e. not known as an attack,
unqualified
however not acknowledged as safe either). They provided a A framework
A Serial events
framework to systematically reason regarding the mix of with
Combination More Accuracy require
anomaly and misuse components. This framework applied to combination of
of Anomaly and less time further
internet servers leads to a serial architecture, using anomaly anomaly and
and Misuse consuming, low investigatio
misuse
component which is drastic with a sensitive misuse based IDSes rate of false n in order
components(W
component. Applied to negatives to be
IDS) applied to
HTTP qualified as
This design provides the operator with higher qualification web servers
Traffic safe or
of the detection results, raises lower quantity of false alarms intrusive
and unqualified events. Analyzing web server log files is a vital
issue, as web servers and proxies offer a universal gateway to
the information system. They have been employing a web IV. CONCLUSION
intrusion detection system (WIDS) to research in batch mode In this paper we have described the different networking
web server log files to detect compromise attempts and the attacks in wired network and intrusion detection system. This
worm infections. Table 1 shows the comparison of different paper presents review of various attack detection techniques
attack detection techniques used.
and how they are used for detecting number of attacks in wired
III. COMPARISON OF TECHNIQUES network. In literature survey we have described the attack
detection techniques, and various issues involved in the
TABLE I. COMPARISON OF ATTACK DETECTION TECHNIQUES
process. In tabular form we summarized the attack detection
Basic techniques for wired network. The limitation of previous
Technique Advantage Limitation
Concept techniques in intrusion detection system in term of detected
Initial new attacks and false alarm rate respectively had motivated to
clustering of
come up with the idea to integrate them referred to as Hybrid
data using K-
Means and IDS. Hence the aim is to combine both algorithms that are
Hybrid refined cluster Reduce misuse based and anomaly based in order to enhance system
anomaly locations with dimensionality Less security and help IDS user to decide about detected attacks by
detection use of a of the data using classificati the system.
based competitive Genetic on rate
methodology network Algorithm REFERENCES
referred as
Learning [1] G M. S. Hoque, M. A. Mukit and M. A. N. Bikas, "An
Vector implementation of Intrusion Detection System using Genetic
Quantization Algorithm," International Journal of Network Security & Its
Applications (IJNSA), vol. 4, no. 2, March 2012.
Covariance
Exhibits better [2] J. Marin, D. Ragsdale and J. Surdu, "A Hybrid Approach to the
Anomaly Principal matrix is
detection rate Profile Creation and Intrusion Detection," in DARPA
detection component difficult to
than other well- Information Survivability Conference and Exposition , 2001.
technique analysis based be
known outlier [3] M. L. Shyu, S. C. Chen, K. Sarinnapakorn and L. Chang, "A
based on anomaly evaluated
based anomaly novel anomaly detection scheme based on principal component
Principal detection in an
detection classifier," in Proceedings of the IEEE Foundations and New
Component technique accurate
algorithms Directions of Data Mining Workshop, Melbourne, FL, USA,
Classifier manner
2003.
Combination
[4] M. A. Aydin, A. H. Zaim and K. G. Ceylan, "A hybrid intrusion
of each Snort
detection system design for computer network security,"
with Packet
Combining Number of Computers & Electrical Engineering, vol. 35, pp. 517-526, May
Header
PHAD and attacks detected Suffer from 2009.
Anomaly
NETAD to increases much high false [5] C. Amza, C. Leordeanu and V. Cristea, "Hybrid Network
Detection
signature- more with the alarm rate Intrusion Detection," in IEEE International Conference on
(PHAD) and
based IDS hybrid IDS Intelligent Computer Communication and, 2011.
Network
Snort [6] E. Tombini, H. Debar, L. Me and M. Ducasse, "A Serial
Traffic
Combination of Anomaly and Misuse IDSes Applied to HTTP
Anomaly
Traffic," in Proceedings of the 20th Annual Computer Security
Detection
Applications Conference, 2004.
Hybrid Combined a Increase Not able to
[7] D. J. Brown, B. Suckow and T. Wang, A Survey of Intrusion
approach basic pattern Efficiency and detect large
Detection Systems, Department of Computer Science, University
based on matching produce few number of
of California, San Diego, 2002.
pattern engine with a false positives attacks
matching neural network
313
IJRITCC | June 2016, Available @ http://www.ijritcc.org
________________________________________________________________________________________________________