A COMBINED APPROACH TO SEARCH FOR EVASION TECHNIQUES IN NETWORK INTRUSION DETECTION SYSTEM

Rutuja R. Patil .
2014 International Journal of Research in Engineering and Technology  
Network Intrusion Detection Systems (NIDS) whose base is signature, works on the signature of attacks. They must be updated quickly in order to prevent the system from new attacks. The attacker finds out new evasion techniques so that he should remain undetected. As the new evasion techniques are being developed it becomes difficult for NIDS to give accurate results and NIDS may fail. The key aspect of our paper is to develop a network intrusion detection system using C4.5 algorithm where
more » ... gorithm where Adaboost algorithm is used to classify the packet as normal packet or attack packet and also to further classify different types of attack. Apriori algorithm is used to find real time evasion and to generate rules to find intrusion These rules are further given as input to Snort intrusion detection system for detecting different attacks. A real time evasion can be shown by apriori algorithm. We can select the file which contains attack sessions as input to apriori algorithm. From the GUI we can select support and confidence values. Rules are generated by apriori algorithm by trying different combination of attacks. Their support and confidence values are checked. Fig 5: Association rule generation of apriori algorithm Snort Output The rules are given to snort. If the intruder generates the same attack for that a signature is stored in snort, snort generates alert messages. Fig 6: Alert message generated by snort on intrusion IJRET: International Journal of Research in Engineering and Technology
doi:10.15623/ijret.2014.0311081 fatcat:a46vaqvlijfs3frih4mwhstymu