Hybrid Based Network Intrusions Detection Systems

Abstract

Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. The Intruder is someone without permission or privilege try to access to system resource performs unnecessary/unauthorized activities, intrusion detection means detecting unauthorized activity or attacks upon system or network. An IDS is a system that generates an alarm when suspicious activity or use on system or network when it configured its monitor the gateway or host to identify the intruder. Two type of detect method: anomaly detection (also called behaviour-based) and signature-based (also named misuse or pattern based), signature-based detection identify the intruder by matching according to predefined signature of attack, if signature match is classified as an attack, but it cannot detect the attack that is not stored in the signature database which cannot detect novel attack (zero-day attack). Anomaly detection can detect both the known and novel attack due to that anomaly detection based on the preserve profile for normal activity of system or network if any deviation is considered as an attack. This research provides a review of various Intrusion Detection Systems and its tools by focusing on SNORT IDS-an open source tool, also provide an extension for SNORT by adding pre-processor to detect anomalies, that make the system hybrid based detection which increase the rate of intruder detection.