JARVIS:一个智能网络入侵检测和防御系统

2022 IEEE Fourth International Conference on Advances in Electronics, Computers and Communications (ICAECC) Pub Date : 2022-01-10 DOI:10.1109/ICAECC54045.2022.9716622

A. Patil, Harivind Premkumar, Kiran M H M, Pranav Hegde

{"title":"JARVIS:一个智能网络入侵检测和防御系统","authors":"A. Patil, Harivind Premkumar, Kiran M H M, Pranav Hegde","doi":"10.1109/ICAECC54045.2022.9716622","DOIUrl":null,"url":null,"abstract":"With the current advances in networking and the usage of computer networks in different sectors of technology, network security plays a prime role in enabling the proper functioning of networks by detecting and preventing attacks. In this paper, we propose an architecture using the Snort IDS/IPS and machine learning to build an Intelligent Network Intrusion Detection and Prevention System with dynamic rule updation creating robust and secure system with reduced resource consumption which can be used in Domestic Networks. The objective of JARVIS, the proposed system, is to detect malicious patterns in real-time traffic data and take action by dynamically updating Snort rules. By deploying a machine learning model (Random Forest) in parallel and dynamically enabling rules, resource consumption of Snort can be reduced and optimized. The model detects any attacks and suggests rules that can be deployed on Snort to prevent the attack. The false-positive rate of the model was reduced by looking at DNS queries to analyze the intent behind the traffic data. JARVIS also provides a web interface where the User can view Network Traffic Data, Detected Attacks as well as take the necessary actions. The machine learning model successfully detected incoming attacks with considerable accuracy and suggested rules in the web interface which allowed the user to deploy them and prevent the attack from causing further damage.","PeriodicalId":199351,"journal":{"name":"2022 IEEE Fourth International Conference on Advances in Electronics, Computers and Communications (ICAECC)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"JARVIS: An Intelligent Network Intrusion Detection and Prevention System\",\"authors\":\"A. Patil, Harivind Premkumar, Kiran M H M, Pranav Hegde\",\"doi\":\"10.1109/ICAECC54045.2022.9716622\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the current advances in networking and the usage of computer networks in different sectors of technology, network security plays a prime role in enabling the proper functioning of networks by detecting and preventing attacks. In this paper, we propose an architecture using the Snort IDS/IPS and machine learning to build an Intelligent Network Intrusion Detection and Prevention System with dynamic rule updation creating robust and secure system with reduced resource consumption which can be used in Domestic Networks. The objective of JARVIS, the proposed system, is to detect malicious patterns in real-time traffic data and take action by dynamically updating Snort rules. By deploying a machine learning model (Random Forest) in parallel and dynamically enabling rules, resource consumption of Snort can be reduced and optimized. The model detects any attacks and suggests rules that can be deployed on Snort to prevent the attack. The false-positive rate of the model was reduced by looking at DNS queries to analyze the intent behind the traffic data. JARVIS also provides a web interface where the User can view Network Traffic Data, Detected Attacks as well as take the necessary actions. The machine learning model successfully detected incoming attacks with considerable accuracy and suggested rules in the web interface which allowed the user to deploy them and prevent the attack from causing further damage.\",\"PeriodicalId\":199351,\"journal\":{\"name\":\"2022 IEEE Fourth International Conference on Advances in Electronics, Computers and Communications (ICAECC)\",\"volume\":\"21 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-01-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE Fourth International Conference on Advances in Electronics, Computers and Communications (ICAECC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICAECC54045.2022.9716622\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Fourth International Conference on Advances in Electronics, Computers and Communications (ICAECC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAECC54045.2022.9716622","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

随着网络的发展和计算机网络在不同技术领域的应用，网络安全通过检测和防止攻击，在确保网络正常运行方面发挥着重要作用。本文提出了一种利用Snort IDS/IPS和机器学习构建具有动态规则更新的智能网络入侵检测和防御系统的体系结构，该系统具有鲁棒性和安全性，并且减少了资源消耗，可用于家庭网络。所提出的系统JARVIS的目标是检测实时流量数据中的恶意模式，并通过动态更新Snort规则来采取行动。通过在并行和动态启用规则中部署机器学习模型(Random Forest)，可以减少和优化Snort的资源消耗。该模型检测任何攻击，并建议可以在Snort上部署的规则来防止攻击。通过查看DNS查询来分析流量数据背后的意图，降低了模型的误报率。JARVIS还提供了一个web界面，用户可以在其中查看网络流量数据，检测到的攻击以及采取必要的行动。机器学习模型成功地以相当的准确性检测到传入的攻击，并在web界面中建议规则，允许用户部署它们并防止攻击造成进一步的损害。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

JARVIS: An Intelligent Network Intrusion Detection and Prevention System

With the current advances in networking and the usage of computer networks in different sectors of technology, network security plays a prime role in enabling the proper functioning of networks by detecting and preventing attacks. In this paper, we propose an architecture using the Snort IDS/IPS and machine learning to build an Intelligent Network Intrusion Detection and Prevention System with dynamic rule updation creating robust and secure system with reduced resource consumption which can be used in Domestic Networks. The objective of JARVIS, the proposed system, is to detect malicious patterns in real-time traffic data and take action by dynamically updating Snort rules. By deploying a machine learning model (Random Forest) in parallel and dynamically enabling rules, resource consumption of Snort can be reduced and optimized. The model detects any attacks and suggests rules that can be deployed on Snort to prevent the attack. The false-positive rate of the model was reduced by looking at DNS queries to analyze the intent behind the traffic data. JARVIS also provides a web interface where the User can view Network Traffic Data, Detected Attacks as well as take the necessary actions. The machine learning model successfully detected incoming attacks with considerable accuracy and suggested rules in the web interface which allowed the user to deploy them and prevent the attack from causing further damage.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2022 IEEE Fourth International Conference on Advances in Electronics, Computers and Communications (ICAECC)

自引率

0.00%

发文量