Performance Comparison of Intrusion Detection Systems and Application of Machine Learning to Snort System

10/13/2017
by   Syed Ali Raza Shah, et al.
0

This study investigates the performance of two open source intrusion detection systems (IDSs) namely Snort and Suricata for accurately detecting the malicious traffic on computer networks. Snort and Suricata were installed on two different but identical computers and the performance was evaluated at 10 Gbps network speed. It was noted that Suricata could process a higher speed of network traffic than Snort with lower packet drop rate but it consumed higher computational resources. Snort had higher detection accuracy and was thus selected for further experiments. It was observed that the Snort triggered a high rate of false positive alarms. To solve this problem a Snort adaptive plug-in was developed. To select the best performing algorithm for Snort adaptive plug-in, an empirical study was carried out with different learning algorithms and Support Vector Machine (SVM) was selected. A hybrid version of SVM and Fuzzy logic produced a better detection accuracy. But the best result was achieved using an optimised SVM with firefly algorithm with FPR (false positive rate) as 8.6 result. The novelty of this work is the performance comparison of two IDSs at 10 Gbps and the application of hybrid and optimised machine learning algorithms to Snort.

READ FULL TEXT
research
01/08/2018

Evaluation of Machine Learning Algorithms for Intrusion Detection System

Intrusion detection system (IDS) is one of the implemented solutions aga...
research
06/08/2019

Support Vector Machine-Based Fire Outbreak Detection System

This study employed Support Vector Machine (SVM) in the classification a...
research
12/29/2017

A Deep Belief Network Based Machine Learning System for Risky Host Detection

To assure cyber security of an enterprise, typically SIEM (Security Info...
research
05/08/2022

Fuzzy-Logic Based IDS for Detecting Jamming Attacks in Wireless Mesh IoT Networks

The investigation in this paper targets the design and the evaluation of...
research
12/31/2013

A DDoS-Aware IDS Model Based on Danger Theory and Mobile Agents

We propose an artificial immune model for intrusion detection in distrib...
research
04/18/2019

Intrusion Detection Mechanism Using Fuzzy Rule Interpolation

Fuzzy Rule Interpolation (FRI) methods can serve deducible (interpolated...
research
01/09/2018

Fusion of ANN and SVM Classifiers for Network Attack Detection

With the progressive increase of network application and electronic devi...

Please sign up or login with your details

Forgot password? Click here to reset