A hybrid intrusion detection system design for computer network security

Aydın, Muhammed; Zaim, A.; Ceylan, K.

doi:10.1016/j.compeleceng.2008.12.005

A hybrid intrusion detection system design for computer network security

Atıf İçin Kopyala

Aydın M. A., Zaim A. H., Ceylan K. G.

COMPUTERS & ELECTRICAL ENGINEERING, cilt.35, sa.3, ss.517-526, 2009 (SCI-Expanded)

Yayın Türü: Makale / Tam Makale
Cilt numarası: 35 Sayı: 3
Basım Tarihi: 2009
Doi Numarası: 10.1016/j.compeleceng.2008.12.005
Dergi Adı: COMPUTERS & ELECTRICAL ENGINEERING
Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus
Sayfa Sayıları: ss.517-526
İstanbul Üniversitesi Adresli: Evet

Özet

Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Intrusion detection systems can be misuse-detection or anomaly detection based. Misuse-detection based IDSs can only detect known attacks whereas anomaly detection based IDSs can also detect new attacks by using heuristic methods. In this paper we propose a hybrid IDS by combining the two approaches in one system. The hybrid IDS is obtained by combining packet header anomaly detection (PHAD) and network traffic anomaly detection (NETAD) which are anomaly-based IDSs with the misuse-based IDS Snort which is an open-source project.