IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Intrusion detection
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A machine learning approach to detecting attacks by identifying anomalies in network traffic
A machine learning approach to detecting attacks by identifying anomalies in network traffic
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Data mining approaches for intrusion detection
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
IEEE Network: The Magazine of Global Internetworking
A new intrusion detection method based on antibody concentration
ICIC'09 Proceedings of the Intelligent computing 5th international conference on Emerging intelligent computing technology and applications
An incremental SVM for intrusion detection based on key feature selection
IITA'09 Proceedings of the 3rd international conference on Intelligent information technology application
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
Pulse quarantine strategy of internet worm propagation: Modeling and analysis
Computers and Electrical Engineering
Automatic network intrusion detection: Current techniques and open issues
Computers and Electrical Engineering
Definition of response metrics for an ontology-based Automated Intrusion Response Systems
Computers and Electrical Engineering
Mitigation of DHCP starvation attack
Computers and Electrical Engineering
Towards automatic security management: a model-based approach
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Event stream database based architecture to detect network intrusion: (industry article)
Proceedings of the 7th ACM international conference on Distributed event-based systems
Engineering Applications of Artificial Intelligence
A privacy-aware access control model for distributed network monitoring
Computers and Electrical Engineering
SHAPE--an approach for self-healing and self-protection in complex distributed networks
The Journal of Supercomputing
Hi-index | 0.00 |
Intrusions detection systems (IDSs) are systems that try to detect attacks as they occur or after the attacks took place. IDSs collect network traffic information from some point on the network or computer system and then use this information to secure the network. Intrusion detection systems can be misuse-detection or anomaly detection based. Misuse-detection based IDSs can only detect known attacks whereas anomaly detection based IDSs can also detect new attacks by using heuristic methods. In this paper we propose a hybrid IDS by combining the two approaches in one system. The hybrid IDS is obtained by combining packet header anomaly detection (PHAD) and network traffic anomaly detection (NETAD) which are anomaly-based IDSs with the misuse-based IDS Snort which is an open-source project. The hybrid IDS obtained is evaluated using the MIT Lincoln Laboratories network traffic data (IDEVAL) as a testbed. Evaluation compares the number of attacks detected by misuse-based IDS on its own, with the hybrid IDS obtained combining anomaly-based and misuse-based IDSs and shows that the hybrid IDS is a more powerful system.