ABSTRACT
This paper reports the design principles and evaluation results of a new experimental hybrid intrusion detection system (HIDS). This hybrid system combines the advantages of low false-positive rate of signature-based intrusion detection system (IDS) and the ability of anomaly detection system (ADS) to detect novel unknown attacks. By mining anomalous traffic episodes from Internet connections, we build an ADS that detects anomalies beyond the capabilities of signature-based SNORT or Bro systems. A weighted signature generation scheme is developed to integrate ADS with SNORT by extracting signatures from anomalies detected. HIDS extracts signatures from the output of ADS and adds them into the SNORT signature database for fast and accurate intrusion detection. By testing our HIDS scheme over real-life Internet trace data mixed with 10 days of Massachusetts Institute of Technology/Lincoln Laboratory (MIT/LL) attack data set, our experimental results show a 60 percent detection rate of the HIDS, compared with 30 percent and 22 percent in using the SNORT and Bro systems, respectively. This sharp increase in detection rate is obtained with less than 3 percent false alarms. The signatures generated by ADS upgrade the SNORT performance by 33 percent. The HIDS approach proves the vitality of detecting intrusions and anomalies, simultaneously, by automated data mining and signature generation over Internet connection episodes
TABLE OF CONTENTS
TITLE PAGE
CERTIFICATION
DEDICATION
ACKNOWLEDGEMENT
ABSTRACT
TABLE OF CONTENTS
CHAPTER ONE
INTRODUCTION
1.1BACKGROUND OF THE STUDY
1.2STATE OF THE PROBLEM
1.3PURPOSE OF THE STUDY
1.4AIMS AND OBJECTIVES
1.5SCOPE OF STUDY
1.6LIMITATIONS OF STUDY
1.7ASSUMPTIONS
1.8DEFINITION OF TERMS
CHAPTER TWO
LITERATURE REVIEW
CHAPTER THREE
3.1DESCRIPTION AND ANALYSIS OF EXISTING SYSTEM
3.2FACT FINDING METHOD USED
3.3ORGANIZATION STRUCTURE
3.4OBJECTIVES OF EXISTING SYSTEM
3.5INPUT, PROCESS AND OUTPUT ANALYSIS
3.6INFORMATION FLOW DIAGRAMS
3.7PROBLEMS OF THE EXISTING SYSTEM
3.8JUSTIFICATION OF THE NEW SYSTEM
CHAPTER FOUR
4.1DESIGN OF THE NEW SYSTEM
4.2INPUT SPECIFICATION AND DESIGN
4.3OUTPUT SPECIFICATION AND DESIGN
4.4FILE DESIGN
4.5PROCEDURE CHART
4.6SYSTEM FLOW CHART
4.7SYSTEM REQUIREMENTS
CHAPTER FIVE
5.1IMPLEMENTATION
5.2PROGRAM DESIGN
5.3PROGRAM FLOWCHART
5.4PSEUDO CODE
5.5SOURCE PROGRAM: TEST RUN
CHAPTER SIX
DOCUMENTATION
CHAPTER SEVEN
7.1RECOMMENDATION
7.2CONCLUSION
BIBLIOGRAPHY