Hussein M. Elshafie, Tarek M. Mahmoud, Abdelmgeid A. Ali
{"title":"利用克隆选择改进Snort入侵检测性能","authors":"Hussein M. Elshafie, Tarek M. Mahmoud, Abdelmgeid A. Ali","doi":"10.1109/ITCE.2019.8646601","DOIUrl":null,"url":null,"abstract":"Network intrusion detection system (NIDS) monitors network traffic to detect an unauthorized activity in computer networks. The NIDS is classified according to detection technique into signature and anomaly based. Each of them has its own advantage and disadvantage. The signature-based is more effective in detecting known attacks but it is unable to detect new attacks. The anomaly-based is better in detecting new attacks but it may produce many false alarms. NIDS which use both of them try to exploit the strengths of them. In this paper we propose an improvement of the well known Snort NIDS using clonal selection algorithm (CSA). The proposed approach is evaluated using the 1999 DARPA Intrusion Detection Evaluation Data Sets of MIT (Massachusetts Institute of Technology) as a testbed. The conducted experiments compare the recall, precision, and F-score of Snort NIDS on its own, Snort NIDS improved by negative selection algorithm (NSA), and the proposed approach. The obtained results show that the proposed approach is more powerful than the others.","PeriodicalId":391488,"journal":{"name":"2019 International Conference on Innovative Trends in Computer Engineering (ITCE)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Improving the Performance of the Snort Intrusion Detection Using Clonal Selection\",\"authors\":\"Hussein M. Elshafie, Tarek M. Mahmoud, Abdelmgeid A. Ali\",\"doi\":\"10.1109/ITCE.2019.8646601\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Network intrusion detection system (NIDS) monitors network traffic to detect an unauthorized activity in computer networks. The NIDS is classified according to detection technique into signature and anomaly based. Each of them has its own advantage and disadvantage. The signature-based is more effective in detecting known attacks but it is unable to detect new attacks. The anomaly-based is better in detecting new attacks but it may produce many false alarms. NIDS which use both of them try to exploit the strengths of them. In this paper we propose an improvement of the well known Snort NIDS using clonal selection algorithm (CSA). The proposed approach is evaluated using the 1999 DARPA Intrusion Detection Evaluation Data Sets of MIT (Massachusetts Institute of Technology) as a testbed. The conducted experiments compare the recall, precision, and F-score of Snort NIDS on its own, Snort NIDS improved by negative selection algorithm (NSA), and the proposed approach. The obtained results show that the proposed approach is more powerful than the others.\",\"PeriodicalId\":391488,\"journal\":{\"name\":\"2019 International Conference on Innovative Trends in Computer Engineering (ITCE)\",\"volume\":\"65 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-02-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 International Conference on Innovative Trends in Computer Engineering (ITCE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITCE.2019.8646601\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Innovative Trends in Computer Engineering (ITCE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITCE.2019.8646601","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Improving the Performance of the Snort Intrusion Detection Using Clonal Selection
Network intrusion detection system (NIDS) monitors network traffic to detect an unauthorized activity in computer networks. The NIDS is classified according to detection technique into signature and anomaly based. Each of them has its own advantage and disadvantage. The signature-based is more effective in detecting known attacks but it is unable to detect new attacks. The anomaly-based is better in detecting new attacks but it may produce many false alarms. NIDS which use both of them try to exploit the strengths of them. In this paper we propose an improvement of the well known Snort NIDS using clonal selection algorithm (CSA). The proposed approach is evaluated using the 1999 DARPA Intrusion Detection Evaluation Data Sets of MIT (Massachusetts Institute of Technology) as a testbed. The conducted experiments compare the recall, precision, and F-score of Snort NIDS on its own, Snort NIDS improved by negative selection algorithm (NSA), and the proposed approach. The obtained results show that the proposed approach is more powerful than the others.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
