A hybrid intrusion detection system design for computer network security

M. Ali Aydin*, A. Halim Zaim, K. Gökhan Ceylan

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

227 Citations (Scopus)

Abstract

Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Intrusion detection systems can be misuse-detection or anomaly detection based. Misuse-detection based IDSs can only detect known attacks whereas anomaly detection based IDSs can also detect new attacks by using heuristic methods. In this paper we propose a hybrid IDS by combining the two approaches in one system. The hybrid IDS is obtained by combining packet header anomaly detection (PHAD) and network traffic anomaly detection (NETAD) which are anomaly-based IDSs with the misuse-based IDS Snort which is an open-source project. The hybrid IDS obtained is evaluated using the MIT Lincoln Laboratories network traffic data (IDEVAL) as a testbed. Evaluation compares the number of attacks detected by misuse-based IDS on its own, with the hybrid IDS obtained combining anomaly-based and misuse-based IDSs and shows that the hybrid IDS is a more powerful system.

Original languageEnglish
Pages (from-to)517-526
Number of pages10
JournalComputers and Electrical Engineering
Volume35
Issue number3
DOIs
Publication statusPublished - May 2009
Externally publishedYes

Keywords

  • Computer network security
  • Computer networks
  • Hybrid intrusion detection system
  • Intrusion detection systems

Fingerprint

Dive into the research topics of 'A hybrid intrusion detection system design for computer network security'. Together they form a unique fingerprint.

Cite this