利用克隆选择改进Snort入侵检测性能

2019 International Conference on Innovative Trends in Computer Engineering (ITCE) Pub Date : 2019-02-01 DOI:10.1109/ITCE.2019.8646601

Hussein M. Elshafie, Tarek M. Mahmoud, Abdelmgeid A. Ali

{"title":"利用克隆选择改进Snort入侵检测性能","authors":"Hussein M. Elshafie, Tarek M. Mahmoud, Abdelmgeid A. Ali","doi":"10.1109/ITCE.2019.8646601","DOIUrl":null,"url":null,"abstract":"Network intrusion detection system (NIDS) monitors network traffic to detect an unauthorized activity in computer networks. The NIDS is classified according to detection technique into signature and anomaly based. Each of them has its own advantage and disadvantage. The signature-based is more effective in detecting known attacks but it is unable to detect new attacks. The anomaly-based is better in detecting new attacks but it may produce many false alarms. NIDS which use both of them try to exploit the strengths of them. In this paper we propose an improvement of the well known Snort NIDS using clonal selection algorithm (CSA). The proposed approach is evaluated using the 1999 DARPA Intrusion Detection Evaluation Data Sets of MIT (Massachusetts Institute of Technology) as a testbed. The conducted experiments compare the recall, precision, and F-score of Snort NIDS on its own, Snort NIDS improved by negative selection algorithm (NSA), and the proposed approach. The obtained results show that the proposed approach is more powerful than the others.","PeriodicalId":391488,"journal":{"name":"2019 International Conference on Innovative Trends in Computer Engineering (ITCE)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Improving the Performance of the Snort Intrusion Detection Using Clonal Selection\",\"authors\":\"Hussein M. Elshafie, Tarek M. Mahmoud, Abdelmgeid A. Ali\",\"doi\":\"10.1109/ITCE.2019.8646601\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network intrusion detection system (NIDS) monitors network traffic to detect an unauthorized activity in computer networks. The NIDS is classified according to detection technique into signature and anomaly based. Each of them has its own advantage and disadvantage. The signature-based is more effective in detecting known attacks but it is unable to detect new attacks. The anomaly-based is better in detecting new attacks but it may produce many false alarms. NIDS which use both of them try to exploit the strengths of them. In this paper we propose an improvement of the well known Snort NIDS using clonal selection algorithm (CSA). The proposed approach is evaluated using the 1999 DARPA Intrusion Detection Evaluation Data Sets of MIT (Massachusetts Institute of Technology) as a testbed. The conducted experiments compare the recall, precision, and F-score of Snort NIDS on its own, Snort NIDS improved by negative selection algorithm (NSA), and the proposed approach. The obtained results show that the proposed approach is more powerful than the others.\",\"PeriodicalId\":391488,\"journal\":{\"name\":\"2019 International Conference on Innovative Trends in Computer Engineering (ITCE)\",\"volume\":\"65 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 International Conference on Innovative Trends in Computer Engineering (ITCE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITCE.2019.8646601\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Innovative Trends in Computer Engineering (ITCE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITCE.2019.8646601","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

摘要

网络入侵检测系统(NIDS)通过监控网络流量来检测计算机网络中未经授权的活动。根据检测技术的不同，将网络入侵检测分为基于特征和基于异常两类。每一种都有自己的优点和缺点。基于签名的检测方法在检测已知攻击时更有效，但在检测新的攻击时却无能为力。基于异常的检测方法在检测新攻击方面效果较好，但可能产生较多的误报。同时使用两者的NIDS试图利用它们的优势。本文提出了一种基于克隆选择算法(CSA)的Snort NIDS改进方案。采用1999年美国麻省理工学院的DARPA入侵检测评估数据集作为测试平台，对该方法进行了评估。所进行的实验比较了Snort NIDS本身、负面选择算法(NSA)改进的Snort NIDS和所提出的方法的查全率、查全率和f分数。结果表明，该方法比其他方法更有效。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Improving the Performance of the Snort Intrusion Detection Using Clonal Selection

Network intrusion detection system (NIDS) monitors network traffic to detect an unauthorized activity in computer networks. The NIDS is classified according to detection technique into signature and anomaly based. Each of them has its own advantage and disadvantage. The signature-based is more effective in detecting known attacks but it is unable to detect new attacks. The anomaly-based is better in detecting new attacks but it may produce many false alarms. NIDS which use both of them try to exploit the strengths of them. In this paper we propose an improvement of the well known Snort NIDS using clonal selection algorithm (CSA). The proposed approach is evaluated using the 1999 DARPA Intrusion Detection Evaluation Data Sets of MIT (Massachusetts Institute of Technology) as a testbed. The conducted experiments compare the recall, precision, and F-score of Snort NIDS on its own, Snort NIDS improved by negative selection algorithm (NSA), and the proposed approach. The obtained results show that the proposed approach is more powerful than the others.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 International Conference on Innovative Trends in Computer Engineering (ITCE)

自引率

0.00%

发文量