JARVIS: An Intelligent Network Intrusion Detection and Prevention System

Abstract

With the current advances in networking and the usage of computer networks in different sectors of technology, network security plays a prime role in enabling the proper functioning of networks by detecting and preventing attacks. In this paper, we propose an architecture using the Snort IDS/IPS and machine learning to build an Intelligent Network Intrusion Detection and Prevention System with dynamic rule updation creating robust and secure system with reduced resource consumption which can be used in Domestic Networks. The objective of JARVIS, the proposed system, is to detect malicious patterns in real-time traffic data and take action by dynamically updating Snort rules. By deploying a machine learning model (Random Forest) in parallel and dynamically enabling rules, resource consumption of Snort can be reduced and optimized. The model detects any attacks and suggests rules that can be deployed on Snort to prevent the attack. The false-positive rate of the model was reduced by looking at DNS queries to analyze the intent behind the traffic data. JARVIS also provides a web interface where the User can view Network Traffic Data, Detected Attacks as well as take the necessary actions. The machine learning model successfully detected incoming attacks with considerable accuracy and suggested rules in the web interface which allowed the user to deploy them and prevent the attack from causing further damage.