Cyber security challenges: An efficient intrusion detection system design

Abstract

The importance of accurate intrusion detection is growing tremendously as the malicious network traffic activities have also grown significantly. Intrusion Detection Systems (IDSs) provide automatic detection for security violation like denial of service (DoS), virus, port scans, buffer overflows, CGI attacks, clogging or flooding etc. For network and host based systems, the most widely used and effective approach is data analysis with signature-based detection methods. Thus, the success of the detection system depends on the real appearance of the security violation, detection of the violation and response time. We are working on highly efficient real time network intrusion detection systems (NIDS) which will solve the detection efficiency problem such as real time detection rate, false positive etc in distributed environments. In this work, we propose a concept IDS to investigate the experimental performance of Snort based NIDS. We have used an open source network intrusion detection and prevention system Snort to implement our two different indexing methods. We used Snort version 2.9.7.5 which has almost 26k Snort rules and very efficient for online network auditing. We implemented prefix and random indexing method to all Snort rules to create primary patterns that reduce packet inspection time. Since all highly sensitive positive alerts need instant action from network administrator, our concept IDS also reduces the false positive (wrong alert) rate even at high network traffic. By combining the concept IDS and a data mining technique indexing will improve the accuracy of the intrusion detection in real time. We also present our experimental data and results of our IDS prototype.