Campus hybrid intrusion detection system using SNORT and C4.5 Algorithm

Slamet, . and Izzeldin, I. Mohd and Fahmi, Samsuri (2020) Campus hybrid intrusion detection system using SNORT and C4.5 Algorithm. In: InECCE2019: Proceedings of the 5th International Conference on Electrical, Control & Computer Engineering , 29th July 2019 , Kuantan, Pahang, Malaysia. pp. 591-603., 632. ISBN 978-981-15-2317-5

Pdf
142. Campus hybrid intrusion detection system using SNORT and IPTables.pdf
Restricted to Repository staff only
Download (282kB) | Request a copy

Preview

Pdf
142.1 Campus hybrid intrusion detection system using SNORT and IPTables.pdf
Download (90kB) | Preview

DOI/Official URL: https://doi.org/10.1007/978-981-15-2317-5_50

Abstract

The rapid development of internet greatly helps human work. However, the number of information system security incidents has risen sharply, so that in fact the sides of human life are threatened. Detection techniques against attacks on computer networks must be continuously developed so that integrity, availability and confidentiality on a computer network become more secure. Most of current intrusion detection systems only use one of the two detection methods, misused detection or anomaly detection, both of them have their own limitations. In this paper, the authors built Hybrid Intrusion Detecting System combines misuse detection system with anomaly detection system. The basis of misused detection module is snort, and anomaly detection module is constructed by using Algorithm C4.5 detectors. This system works by creating alerts built from an engine that reads the parameters in the attacker's IP address. Webmin is used to simplify rule management. Whereas for analyzing logs (attack history), an ACID (Analysis Console for Intrusion Databases) is used. Attack and detection testing is carried out in the campus network of Institut Bisnis dan Informatika Stikom Surabaya. The system implementation uses a PC Router with the Ubuntu 18.04 Linux as operating system. As a result of implementing this system: misused detection module uses the signature of attacks to detection the known attacks; anomaly detection module can detect the unknown attacks; signature generation module extracts the signature of attacks that are detected by Anomaly Detection System module, and maps the signatures into snort rules.

Item Type:	Conference or Workshop Item (Lecture)
Additional Information:	Part of the Lecture Notes in Electrical Engineering book series
Uncontrolled Keywords:	Intrusion Detection; Attack; Snort; C4.5
Subjects:	T Technology > TK Electrical engineering. Electronics Nuclear engineering
Faculty/Division:	Faculty of Electrical & Electronic Engineering
Depositing User:	Pn. Hazlinda Abd Rahman
Date Deposited:	03 Apr 2020 06:56
Last Modified:	15 Jul 2020 03:39
URI:	http://umpir.ump.edu.my/id/eprint/27571
Download Statistic:	View Download Statistics

Actions (login required)

View Item