Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining

Nattawat Khamphakdee, Nunnapus Benjamas, Saiyan Saiyod

Abstract


The intrusion detection system (IDS) is an important network security tool for securing computer and network systems. It is able to detect and monitor network traffic data. Snort IDS is an open-source network security tool. It can search and match rules with network traffic data in order to detect attacks, and generate an alert. However, the Snort IDS  can detect only known attacks. Therefore, we have proposed a procedure for improving Snort IDS rules, based on the association rules data mining technique for detection of network probe attacks.  We employed the MIT-DARPA 1999 data set for the experimental evaluation. Since behavior pattern traffic data are both normal and abnormal, the abnormal behavior data is detected by way of the Snort IDS. The experimental results showed that the proposed Snort IDS rules, based on data mining detection of network probe attacks, proved more efficient than the original Snort IDS rules, as well as icmp.rules and icmp-info.rules of Snort IDS.  The suitable parameters for the proposed Snort IDS rules are defined as follows: Min_sup set to 10%, and Min_conf set to 100%, and through the application of eight variable attributes. As more suitable parameters are applied, higher accuracy is achieved.

Full Text:

PDF

References


Zhimin, Z., Chen, Z., Zhou, T. & Guan, X., The Study On Network Intrusion Detection System of Snort, in Proceedings of The 2nd International Conference on Network and Digital Society (ICNDS), Wenzhou, China, Hong Kong Section CAS/COM Joint Chapter, Guizhou University, Peking University, 2, pp. 194-196, 2010.

Sonawane, S., Pardeshi S. & Prasad, D., A Survey on Intrusion Detection Technique, World Journal of Science and Technology, 2(3), pp. 127-133,2012.

Khamphakdee, N., Benjamas, N. & Saiyod, S., Network Traffic Data to ARFF Convertor for Association Rules Technique of Data Mining, in Proceedings of The 5th IEEE Conference on Open System (ICOS), Subang Jaya, Malaysia, IEEE Malaysia Computer Chapter, pp. 89-93, 2014.

Intrusion Detection Attacks Database, http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/docs/attackDB.html (30 June 2013).

Khamphakdee, N., Benjamas, N. & Saiyod, S., Improving Intrusion Detection System Based on Snort Rules for Network Probe Attack Detection, in Proceedings of The 2nd International Conference on Information and Communication Technology (ICOICT), Bandung,Indonesia, Telkom University, IEEE Indonesia Section, pp. 69-74, 2014.

Sandhu, U.A., Haider, S., Naseer, S. & Ateeb, O.U., A Survey of Intrusion Detection & Prevention Technique, International Conference on Information Communication and Management, Singapore, IACSIT Press,16, pp. 66-71, 2011.

Naiping, S. & Genyuan, Z., A Study on Intrusion Detection Based on Data Mining, in Proceedings of International Conference of Information Science and Management Engineering (ISME), Xi’an, China, IEEE Computer Society, 1, pp. 135-138, 2010.

Pu, W. & Jun-Qing, W., Intrusion Detection System with the Data Mining Technologies, in Proceedings of The 3rd IEEE International Conference on Communication Software and Network (ICCSN), Xi’an, China, Xidian University, IEEE Beijing Section, IEEE Xian Section, pp. 490-492, 2011.

Xue, M. & Zhu, C., Applied Research on Data Mining Algorithm in Network Intrusion Detection, in Proceedings of International Joint Conference on Artificial Intelligence (JCAI ’09), Hainan, Island, Intelligent Information Technology Application Association (iita), IEEE Computer Society, pp. 275-277, 2009.

Denatious, D.K. & John, A., Survey on Data mining Techniques to Enhance Intrusion Detection, in Proceedings of International Conference on Computer Communication and Informatics (ICCCI), Coimbatore, India, Sri Shakthi Instirute of Engineering & Technology Student Branch, IEEE Madras Section, pp. 1-5, 2012.

Kumar, V. & Sangwan, O.P., Signature Based Intrusion Detection System Using SNORT, International Journal of Computer Applications & Information Technology, 1(3), pp. 35-41, 2012.

Shah, S.N. & Singh P., Signature-Based Network Intrusion Detection System Using SNORT And WINPCAP, International Journal of Engineering Research & Technology (IJERT), 1(10), pp. 1-7, 2012.

Geng, X., Liu, B. & Huang, X., Investigation on Security System for Snort-Based Campus Network, in Proceedings of The 1st International Conference on Information Science and Engineering (ICISE), Nanjing, China, Nanjing University of Science and Technology, IEEE Nanjing Section, pp. 1756-1758, 2009.

Rani, S. & Singh V., SNORT: An Open Source Network Security Tool for Intrusion Detection in Campus Network Environment, International Journal of Computer Technology and Electronics Engineering, 2(1), pp.137-142, 2012.

Huang, C., Xiong, J. & Peng, Z., Applied Research on Snort Intrusion Detection Model in The Campus Network, in Proceedings of IEEE Symposium on Robotics and Applications (ISRA), Kuala Lumpur,Malaysia, IEEE Malaysia Section IE/IA/PEL Joint Chapter, pp. 596-599, 2012.

Haixia, G., Research of the Intrusion Detection System Based On Data Mining, in Proceedings of International Conference on e-Education, Entertainment and e-Management (ICEEE), Bali, Indonesia, International Association of Management Science and Industrial Engineering, IEEE Indonesia Section, pp. 190-192, 2011.

Miao, C. & Chen, W., A Study of Intrusion Detection System Based on Data Mining, in Proceedings of IEEE International Conference on Information Theory and Information Security (ICITIS), Beijing, China,Beijing University of Posts and Telecommunications, IEEE Beijing Section, pp. 186-189, 2010.

Wu, G. & Huang, Y., Design of A New Intrusion Detection System Based on Database, in Proceedings of International Conference on Signal Processing System, Singapore, International Association of Computer Science and Information Technology, IEEE Computer Society, pp. 814-817, 2009.

Snort, https://snort.org (5 April 2013).

Roesch, M., Snort-Lightweight Intrusion Detection for Networks, in Proceedings of LISA’99: 13th Systems Administration Conference, Washington, USA, pp.229-238, 1999.

Xu, J., Zhaug, J., Gadipalli, T., Yuan, X. &Yu, H., Learning Snort Rules by Capturing Intrusions in Live Network Traffic Replay, in Proceedings of The 15th

Colloquium for Information System Security Education,Fairborn, Ohio, USA, The Colloquium for Information Systems Security Education, pp. 145-150, 2011.

Rehman, R.U., Intrusion Detection System with Snort, Prentice Hall PTR Upper Saddle River, New Jersey, 2003.

Zhao, Q. & Bhowmick, S.S., Association Rule Mining: A Survey, Nanyang Technological University, Singapore, https://www.lri.fr/~antoine/Courses/Master-ISI/Regle-association.pdf (15 June 2014).

Agrawal, R., Imielinski, T. & Swami, A., Mining Association Rules Between Sets of Items in Large Databases, in Proceedings of The ACM SIGMOD Conference on Management of Data, Washington, D.C., USA,Association for Computing Machinery (ACM), pp. 207-216,1993.

Agrawal, R. & Srikant, R., Fast Algorithm for Mining Association Rules,in Proceedings of The 20th International Conference on Very Large Data Bases (VLDB), Santiago, Chile, Association for Computing Machinery (ACM), pp. 487-499, 1994.

MIT-DARPA 1999 Data Set, http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/1999data.htm (30 June 2013).

Linux CentOS, http://www.centos.org (1 April 2013).

Elshoush, H.T. & Osman, I.M., Alert Correlation in Collaborative Intelligent Intrusion Detection Systems-A Survey, Applied Soft Computing, 11(7), pp. 4349-4365, 2011.




DOI: http://dx.doi.org/10.5614%2Fitbj.ict.res.appl.2015.8.3.4

Refbacks

  • There are currently no refbacks.


Contact Information:

ITB Journal Publisher, LPPM – ITB, 

Center for Research and Community Services (CRCS) Building Floor 7th, 
Jl. Ganesha No. 10 Bandung 40132, Indonesia,

Tel. +62-22-86010080,

Fax.: +62-22-86010051;

e-mail: jictra@lppm.itb.ac.id.