A prototype for network intrusion detection system using danger theory
Network Intrusion Detection System (NIDS) is considered as one of the last defense mechanisms for any organization. NIDS can be broadly classified into two approaches: misuse-based detection and anomaly-based detection. Misuse-based intrusion detection builds a database of the well-defined patterns...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Penerbit UTM Press
2015
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/55857/1/RaedAlDhubhani2015_APrototypeforNetworkIntrusion.pdf http://eprints.utm.my/id/eprint/55857/ http://dx.doi.org/10.11113/jt.v73.4196 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utm.55857 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.558572017-11-01T04:16:58Z http://eprints.utm.my/id/eprint/55857/ A prototype for network intrusion detection system using danger theory Al-Dhubhani, Raed Idris, Norbik Bashah Saeed, Faisal T58.5-58.64 Information technology Network Intrusion Detection System (NIDS) is considered as one of the last defense mechanisms for any organization. NIDS can be broadly classified into two approaches: misuse-based detection and anomaly-based detection. Misuse-based intrusion detection builds a database of the well-defined patterns of the attacks that exploit weaknesses in systems and network protocols, and uses that database to identify the intrusions. Although this approach can detect all the attacks included in the database, it leads to false negative errors where any new attack not included in that database can’t be detected. The other approach is the anomaly-based NIDS which is developed to emulate the Human Immune System (HIS) and overcome the limitation of the misuse-based approach. The anomaly-based detection approach is based on Negative Selection (NS) mechanism. NS is based on building a database of the normal self patterns, and identifying any pattern not included in that database as a non-self pattern and hence the intrusion is detected. Unfortunately, NS concept has also its drawbacks. Although any attack pattern can be detected as a non-self pattern and this leads to low false negative rate, non-self patterns would not necessarily indicate the existence of intrusions. So, NS has a high false positive error rate caused from that assumption. Danger Theory (DT) is a new concept in HIS, which shows that the response mechanism in HIS is more complicated and beyond the simple NS concept. So, is it possible to utilize the DT to minimize the high false positive detection rate of NIDS? This paper answers this question by developing a prototype for NIDS based on DT and evaluating that prototype using DARPA99 Intrusion Detection dataset. Penerbit UTM Press 2015 Article PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/55857/1/RaedAlDhubhani2015_APrototypeforNetworkIntrusion.pdf Al-Dhubhani, Raed and Idris, Norbik Bashah and Saeed, Faisal (2015) A prototype for network intrusion detection system using danger theory. Jurnal Teknologi, 73 (2). pp. 77-84. ISSN 0127-9696 http://dx.doi.org/10.11113/jt.v73.4196 DOI:10.11113/jt.v73.4196 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| language |
English |
| topic |
T58.5-58.64 Information technology |
| spellingShingle |
T58.5-58.64 Information technology Al-Dhubhani, Raed Idris, Norbik Bashah Saeed, Faisal A prototype for network intrusion detection system using danger theory |
| description |
Network Intrusion Detection System (NIDS) is considered as one of the last defense mechanisms for any organization. NIDS can be broadly classified into two approaches: misuse-based detection and anomaly-based detection. Misuse-based intrusion detection builds a database of the well-defined patterns of the attacks that exploit weaknesses in systems and network protocols, and uses that database to identify the intrusions. Although this approach can detect all the attacks included in the database, it leads to false negative errors where any new attack not included in that database can’t be detected. The other approach is the anomaly-based NIDS which is developed to emulate the Human Immune System (HIS) and overcome the limitation of the misuse-based approach. The anomaly-based detection approach is based on Negative Selection (NS) mechanism. NS is based on building a database of the normal self patterns, and identifying any pattern not included in that database as a non-self pattern and hence the intrusion is detected. Unfortunately, NS concept has also its drawbacks. Although any attack pattern can be detected as a non-self pattern and this leads to low false negative rate, non-self patterns would not necessarily indicate the existence of intrusions. So, NS has a high false positive error rate caused from that assumption. Danger Theory (DT) is a new concept in HIS, which shows that the response mechanism in HIS is more complicated and beyond the simple NS concept. So, is it possible to utilize the DT to minimize the high false positive detection rate of NIDS? This paper answers this question by developing a prototype for NIDS based on DT and evaluating that prototype using DARPA99 Intrusion Detection dataset. |
| format |
Article |
| author |
Al-Dhubhani, Raed Idris, Norbik Bashah Saeed, Faisal |
| author_facet |
Al-Dhubhani, Raed Idris, Norbik Bashah Saeed, Faisal |
| author_sort |
Al-Dhubhani, Raed |
| title |
A prototype for network intrusion detection system using danger theory |
| title_short |
A prototype for network intrusion detection system using danger theory |
| title_full |
A prototype for network intrusion detection system using danger theory |
| title_fullStr |
A prototype for network intrusion detection system using danger theory |
| title_full_unstemmed |
A prototype for network intrusion detection system using danger theory |
| title_sort |
prototype for network intrusion detection system using danger theory |
| publisher |
Penerbit UTM Press |
| publishDate |
2015 |
| url |
http://eprints.utm.my/id/eprint/55857/1/RaedAlDhubhani2015_APrototypeforNetworkIntrusion.pdf http://eprints.utm.my/id/eprint/55857/ http://dx.doi.org/10.11113/jt.v73.4196 |
| _version_ |
1643653922101919744 |
| score |
13.2442 |