A Suricata and Machine Learning Based Hybrid Network Intrusion Detection System
Lecture Notes in Networks and Systems, ISSN: 2367-3389, Vol: 357 LNNS, Page: 474-485
2022
- 7Citations
- 24Captures
Metric Options: CountsSelecting the 1-year or 3-year option will change the metrics count to percentiles, illustrating how an article or review compares to other articles or reviews within the selected time period in the same journal. Selecting the 1-year option compares the metrics against other articles/reviews that were also published in the same calendar year. Selecting the 3-year option compares the metrics against other articles/reviews that were also published in the same calendar year plus the two years prior.
Example: if you select the 1-year option for an article published in 2019 and a metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019. If you select the 3-year option for the same article published in 2019 and the metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019, 2018 and 2017.
Citation Benchmarking is provided by Scopus and SciVal and is different from the metrics context provided by PlumX Metrics.
Example: if you select the 1-year option for an article published in 2019 and a metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019. If you select the 3-year option for the same article published in 2019 and the metric category shows 90%, that means that the article or review is performing better than 90% of the other articles/reviews published in that journal in 2019, 2018 and 2017.
Citation Benchmarking is provided by Scopus and SciVal and is different from the metrics context provided by PlumX Metrics.
Conference Paper Description
The objective of this paper is to propose a hybrid model of Network Intrusion Detection System (NIDS) based on the use of two types of IDS: Signature-based NIDS (SNIDS) and Anomaly Detection-based NIDS (ADNIDS). Indeed, modern computer networks have become the backbone for all the most critical business sectors. In parallel with the evolution and expansion of computer networks, cyber threats keep improving day after day to become more and more sophisticated and capable of bypassing all security policies implemented by information security managers. Knowing that cyberattacks can cause irreparable damage, costing the victim entity a lot of money, following a leak of critical and sensitive information. In addition, traditional prevention mechanisms such as network firewalls are no longer sufficient to counter cybercrime as they can only stop known attacks from the outside but not those coming from the inside or 0-day attacks. Therefore, intrusion detection systems are important devices to deploy in IT infrastructures to protect them from suspicious activities. However, SNIDS alone only provides detection of intrusions with known signatures but not unknown 0-day attacks. ADNIDS, on the other hand, can detect unknown intrusions but generate very high false alarm rates. Another approach is to use both types of NIDS to form a hybrid system and it is the most effective solution to counter any kind of attack, including unknown cyber threats. The use of both SNIDS and ADNIDS at the same time forms what is called a hybrid NIDS. Our hybrid NIDS model is based on Suricata as the SNIDS and ADNIDS based on the Machine Learning Decision Tree algorithm. The network baseline included the set of benign traffic patterns and was designed after balancing and optimizing the CICIDS2017 dataset. The classification of the benign traffic via Decision Tree yielded very conclusive results in accuracy, F-Measure, Recall, and precision.
Bibliographic Details
http://www.scopus.com/inward/record.url?partnerID=HzOxMe3b&scp=85124148036&origin=inward; http://dx.doi.org/10.1007/978-3-030-91738-8_43; https://link.springer.com/10.1007/978-3-030-91738-8_43; https://dx.doi.org/10.1007/978-3-030-91738-8_43; https://link.springer.com/chapter/10.1007/978-3-030-91738-8_43
Springer Science and Business Media LLC
Provide Feedback
Have ideas for a new metric? Would you like to see something else here?Let us know