Ca-NIDS:一种基于组合算法的网络入侵检测系统

IF 0.5 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING

International Journal of Information Security and Privacy Pub Date : 2016-10-01 DOI:10.1080/15536548.2016.1257680

O. Folorunso, F. E. Ayo, Y. Babalola

{"title":"Ca-NIDS:一种基于组合算法的网络入侵检测系统","authors":"O. Folorunso, F. E. Ayo, Y. Babalola","doi":"10.1080/15536548.2016.1257680","DOIUrl":null,"url":null,"abstract":"ABSTRACT A signature-based system (SBS) is a common approach for intrusion detection and the most preferable by researchers. In spite of the popularity of SBS, it cannot detect new attacks on the network compared to anomaly-based systems (ABS). The most challenging problem of SBS is keeping an up-to-date database of known attack signatures and the setting of a suitable threshold level for intrusion detection. In this article, a network intrusion detection system based on combinatorial algorithm (CA-NIDS) is proposed. The CA-NIDS uses additional databases to enable the SBS to act as an ABS for the purpose of detecting new attacks and to speed up network traffic during traffic analysis by the combinatorial algorithm. A suitable threshold of 12 was also set based on the study of past works to lower the false positive rate. The CA-NIDS was evaluated with similar online schemes and result shows a small false-positive rate of 3% and a better accuracy of 96.5% compared with related online algorithms.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.5000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":"{\"title\":\"Ca-NIDS: A network intrusion detection system using combinatorial algorithm approach\",\"authors\":\"O. Folorunso, F. E. Ayo, Y. Babalola\",\"doi\":\"10.1080/15536548.2016.1257680\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT A signature-based system (SBS) is a common approach for intrusion detection and the most preferable by researchers. In spite of the popularity of SBS, it cannot detect new attacks on the network compared to anomaly-based systems (ABS). The most challenging problem of SBS is keeping an up-to-date database of known attack signatures and the setting of a suitable threshold level for intrusion detection. In this article, a network intrusion detection system based on combinatorial algorithm (CA-NIDS) is proposed. The CA-NIDS uses additional databases to enable the SBS to act as an ABS for the purpose of detecting new attacks and to speed up network traffic during traffic analysis by the combinatorial algorithm. A suitable threshold of 12 was also set based on the study of past works to lower the false positive rate. The CA-NIDS was evaluated with similar online schemes and result shows a small false-positive rate of 3% and a better accuracy of 96.5% compared with related online algorithms.\",\"PeriodicalId\":44332,\"journal\":{\"name\":\"International Journal of Information Security and Privacy\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"19\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1080/15536548.2016.1257680\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1080/15536548.2016.1257680","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 19

摘要

基于签名的入侵检测系统(SBS)是一种常用的入侵检测方法，也是研究人员最青睐的入侵检测方法。尽管SBS很受欢迎，但与基于异常的系统(ABS)相比，它无法检测网络上的新攻击。SBS最具挑战性的问题是保持已知攻击签名的最新数据库，并为入侵检测设置合适的阈值水平。提出了一种基于组合算法的网络入侵检测系统(CA-NIDS)。CA-NIDS使用额外的数据库使SBS充当ABS，以检测新的攻击，并在组合算法进行流量分析时加快网络流量。在对以往工作的研究基础上，设定了一个合适的阈值为12，以降低误报率。用类似的在线方案对CA-NIDS进行评估，结果显示，与相关的在线算法相比，CA-NIDS的假阳性率较低，为3%，准确率为96.5%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Ca-NIDS: A network intrusion detection system using combinatorial algorithm approach

ABSTRACT A signature-based system (SBS) is a common approach for intrusion detection and the most preferable by researchers. In spite of the popularity of SBS, it cannot detect new attacks on the network compared to anomaly-based systems (ABS). The most challenging problem of SBS is keeping an up-to-date database of known attack signatures and the setting of a suitable threshold level for intrusion detection. In this article, a network intrusion detection system based on combinatorial algorithm (CA-NIDS) is proposed. The CA-NIDS uses additional databases to enable the SBS to act as an ABS for the purpose of detecting new attacks and to speed up network traffic during traffic analysis by the combinatorial algorithm. A suitable threshold of 12 was also set based on the study of past works to lower the false positive rate. The CA-NIDS was evaluated with similar online schemes and result shows a small false-positive rate of 3% and a better accuracy of 96.5% compared with related online algorithms.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Information Security and Privacy COMPUTER SCIENCE, SOFTWARE ENGINEERING-

CiteScore

2.50

自引率

0.00%

发文量

期刊介绍： As information technology and the Internet become more and more ubiquitous and pervasive in our daily lives, there is an essential need for a more thorough understanding of information security and privacy issues and concerns. The International Journal of Information Security and Privacy (IJISP) creates and fosters a forum where research in the theory and practice of information security and privacy is advanced. IJISP publishes high quality papers dealing with a wide range of issues, ranging from technical, legal, regulatory, organizational, managerial, cultural, ethical and human aspects of information security and privacy, through a balanced mix of theoretical and empirical research articles, case studies, book reviews, tutorials, and editorials. This journal encourages submission of manuscripts that present research frameworks, methods, methodologies, theory development and validation, case studies, simulation results and analysis, technological architectures, infrastructure issues in design, and implementation and maintenance of secure and privacy preserving initiatives.