Abstract
In enterprise network attack intrusion detection system, false positives and false negatives are the opposite of each other, and it is difficult to achieve both, so reducing false positives rate and false negatives rate is one of the core problems of IDS. Snort and Suricata adopts misuse detection mode, which has low calculation cost and high accuracy, but it has a high false negatives rate and cannot detect unknown attacks. The anomaly detection system based on machine learning and data mining has a high detection rate for unknown attacks, but a high false positives rate.In view of the shortcomings of the two detection technologies, this paper proposes LC-IDS (logical combination based intrusion detection system), which combines the advantages of misuse detection method based on rule matching and anomaly detection method based on LSTM model, and adopts the methods of phased detection, alarm merge aggregation. The experimental results show that, compared with the single intrusion detection technology, this scheme can maintain a low false positives rate and improve the true positive rate of attack traffic.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
