Performance Comparison of Intrusion Detection Systems and Application of Machine Learning to Snort System

by   Syed Ali Raza Shah, et al.

This study investigates the performance of two open source intrusion detection systems (IDSs) namely Snort and Suricata for accurately detecting the malicious traffic on computer networks. Snort and Suricata were installed on two different but identical computers and the performance was evaluated at 10 Gbps network speed. It was noted that Suricata could process a higher speed of network traffic than Snort with lower packet drop rate but it consumed higher computational resources. Snort had higher detection accuracy and was thus selected for further experiments. It was observed that the Snort triggered a high rate of false positive alarms. To solve this problem a Snort adaptive plug-in was developed. To select the best performing algorithm for Snort adaptive plug-in, an empirical study was carried out with different learning algorithms and Support Vector Machine (SVM) was selected. A hybrid version of SVM and Fuzzy logic produced a better detection accuracy. But the best result was achieved using an optimised SVM with firefly algorithm with FPR (false positive rate) as 8.6 result. The novelty of this work is the performance comparison of two IDSs at 10 Gbps and the application of hybrid and optimised machine learning algorithms to Snort.



page 10


Evaluation of Machine Learning Algorithms for Intrusion Detection System

Intrusion detection system (IDS) is one of the implemented solutions aga...

Support Vector Machine-Based Fire Outbreak Detection System

This study employed Support Vector Machine (SVM) in the classification a...

A Deep Belief Network Based Machine Learning System for Risky Host Detection

To assure cyber security of an enterprise, typically SIEM (Security Info...

Fuzzy-Logic Based IDS for Detecting Jamming Attacks in Wireless Mesh IoT Networks

The investigation in this paper targets the design and the evaluation of...

A DDoS-Aware IDS Model Based on Danger Theory and Mobile Agents

We propose an artificial immune model for intrusion detection in distrib...

Intrusion Detection Mechanism Using Fuzzy Rule Interpolation

Fuzzy Rule Interpolation (FRI) methods can serve deducible (interpolated...

Fusion of ANN and SVM Classifiers for Network Attack Detection

With the progressive increase of network application and electronic devi...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.