SNORT BASED HYBRID INTRUSION DETECTION SYSTEM

Abstract

Highly increasing numbers of attack over the internet makes the information under potential violation. Intrusion detection systems are the systems which try to detect the attacks by gathering information from some point on computer system or network and then use this information to protect the network from possible intrusions. Mainly there are two approaches of IDS for detecting intrusion, one of the approaches is by misuse or signature based detection and other is by anomaly based detection. Signature based IDS can only detect the attacks which are known and are not able to detect novel attacks while Anomaly based IDS uses heuristics approach to detect new attacks. In this project a Hybrid Intrusion detection system is proposed which is combination of both types of IDSs. Hybrid IDS is combination of SNORT (an open source project) which is a signature based IDS with P1-TAD (packet header anomaly detection) which is anomaly based IDS. The hybrid IDS obtained will be evaluated using the MIT Lincoln Laboratories network traffic data (IDEVAL) as a testset. Evaluation compares the number of attacks detected by misuse based IDS on its own, with the hybrid IDS obtained combining anomaly-based and misuse based IDSs.