Cover Image

Flow-based approach on bro intrusion detection

Packet-based or Deep Packet Inspection (DPI) intrusion detection systems (IDSs) face challenges when coping with high volume of traffic. Processing every payload on the wire degrades the performance of intrusion detection. This paper aims to develop a model for reducing the amount of data to be proc...

Full description

Saved in:
Bibliographic Details
Main Authors: Alaidaros, Hashem, Mahmuddin, Massudi
Format: Article
Language:English
Published: Universiti Teknikal Malaysia Melaka 2017
Subjects:
QA75 Electronic computers. Computer science
Online Access:http://repo.uum.edu.my/25963/1/JTECE%20%209%202-2%202017%20139%20145.pdf
http://repo.uum.edu.my/25963/
http://journal.utem.edu.my/index.php/jtec/article/view/2234
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.uum.repo.25963
record_format eprints
spelling my.uum.repo.259632019-04-22T00:46:57Z http://repo.uum.edu.my/25963/ Flow-based approach on bro intrusion detection Alaidaros, Hashem Mahmuddin, Massudi QA75 Electronic computers. Computer science Packet-based or Deep Packet Inspection (DPI) intrusion detection systems (IDSs) face challenges when coping with high volume of traffic. Processing every payload on the wire degrades the performance of intrusion detection. This paper aims to develop a model for reducing the amount of data to be processed by intrusion detection using flow-based approach. We investigated the detection accuracy of this approach via implementation of this model using Bro IDS. Bro was used to generate malicious features from several recent labeled datasets. Then, the model made use the machine learning classification algorithms for attribute evaluation and Bro policy scripts for detecting malicious flows. Based on our experiments, the findings showed that flow-based detection was able to identify the presence of all malicious activities. This verifies the capability of this approach to detect malicious flows with high accuracy. However, this approach generated a significant number of false positive alarms. This indicates that for detection purpose, it is difficult to make a complete behavior of the malicious activities from only limited data and flow-level. Universiti Teknikal Malaysia Melaka 2017 Article PeerReviewed application/pdf en cc_by http://repo.uum.edu.my/25963/1/JTECE%20%209%202-2%202017%20139%20145.pdf Alaidaros, Hashem and Mahmuddin, Massudi (2017) Flow-based approach on bro intrusion detection. Journal of Telecommunication, Electronic and Computer Engineering, 9 (2-2). pp. 139-145. ISSN 2180-1843 http://journal.utem.edu.my/index.php/jtec/article/view/2234
institution Universiti Utara Malaysia
building UUM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Utara Malaysia
content_source UUM Institutionali Repository
url_provider http://repo.uum.edu.my/
language English
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Alaidaros, Hashem
Mahmuddin, Massudi
Flow-based approach on bro intrusion detection
description Packet-based or Deep Packet Inspection (DPI) intrusion detection systems (IDSs) face challenges when coping with high volume of traffic. Processing every payload on the wire degrades the performance of intrusion detection. This paper aims to develop a model for reducing the amount of data to be processed by intrusion detection using flow-based approach. We investigated the detection accuracy of this approach via implementation of this model using Bro IDS. Bro was used to generate malicious features from several recent labeled datasets. Then, the model made use the machine learning classification algorithms for attribute evaluation and Bro policy scripts for detecting malicious flows. Based on our experiments, the findings showed that flow-based detection was able to identify the presence of all malicious activities. This verifies the capability of this approach to detect malicious flows with high accuracy. However, this approach generated a significant number of false positive alarms. This indicates that for detection purpose, it is difficult to make a complete behavior of the malicious activities from only limited data and flow-level.
format Article
author Alaidaros, Hashem
Mahmuddin, Massudi
author_facet Alaidaros, Hashem
Mahmuddin, Massudi
author_sort Alaidaros, Hashem
title Flow-based approach on bro intrusion detection
title_short Flow-based approach on bro intrusion detection
title_full Flow-based approach on bro intrusion detection
title_fullStr Flow-based approach on bro intrusion detection
title_full_unstemmed Flow-based approach on bro intrusion detection
title_sort flow-based approach on bro intrusion detection
publisher Universiti Teknikal Malaysia Melaka
publishDate 2017
url http://repo.uum.edu.my/25963/1/JTECE%20%209%202-2%202017%20139%20145.pdf
http://repo.uum.edu.my/25963/
http://journal.utem.edu.my/index.php/jtec/article/view/2234
_version_ 1644284467154518016
score 13.211869

Similar Items