Building an Effective Intrusion Detection System using combined Signature and Anomaly Detection Techniques

Abstract

Intrusion Detection Systems (IDS) are providing better solution to the current issues and thus became an important element of any security infrastructure to detect various threats so as to prevent widespread harm. The basic aim of IDS is to detect attacks and their nature and prevent damage to the computer systems. Several different approaches for intrusion detection have been reported in the literature. These approaches are broadly categorized into three approaches: I) Signature-based approach II) Anomaly based approach and III) Hybrid approach that combines signature and anomaly detection approaches. Hybrid approach has been found to be superior to either signature based or anomaly based approaches. Several different algorithms are available for hybrid approach. This paper suggests the combined approach using signature and anomaly detection techniques. The signature based is build using genetic algorithm as filter based feature selection and J48 as classifier and data mining approach is used to build anomaly based IDS. The performance of combined IDS is evaluated on well known datasets such as KDD Cup 99, UGR 16 and Kyoto 2006+ etc. The experimental results presented here are encouraging and show superiority of combined IDS to detect network anomalies with respect to time required building the model, detection rate, accuracy and false positive rate.