Abstract

Nowadays, cyber-attacks are beginning to be smart and hard to be detected, these attacks can be classified as Advance Persistence Threat(APT), which are hard to be detected and need sophisticated mechanisms of cybersecurity detection systems to be implemented to detect these types of attacks. Snort is an Intrusion Detection System (IDS) open source application that gained a high level of trust from hundreds of companies by using it as an IDS sensor whether Host-based Intrusion Detection System (HIDS) or Network Intrusion Detection System (NIDS) mode. Snort is depending on rules that are predefined to detect known attacks where if there is a new attack released and have not been registered to CheckPoint as an attack, then Snort will not detect it as an attack and the attack will bypass. The main problem that stands with traditional IDS (Snort) is the rate of false positive alerts. A new technique has been revealed by understanding the behavior of the traffic flow and deciding if the traffic flow matches the attributes that have abnormal activities that the traditional misuse IDS cannot detect. The new technique is a machine learning process that depending on training and testing the data of the traffic after converting the PCAP file to CSV file through an application that calls CICFlowMeter. it is an open source machine learning application that used as GUI mode calls Weka. After the PCAP file converted through CICFlowMeter, a dataset end with CSV extension will be generated with 80 plus attributes that Weka will learn as the training phase after that the testing phase will determine the matched traffic if they are normal or abnormal.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.