As the technology is advancing, there are risks of information to be available to the malicious users while providing it to normal users and the possibility of attack is also increasing in that ratio. An intrusion detection system is required for securing network. Signature-based detection is used for detecting known attacks as many attacks have distinct signatures. An anomaly-based IDS tries to find suspicious activity on the system. Clustering is suitable for anomaly detection, since no knowledge of the attack classes is needed whilst training. In this paper a survey has been done on anomaly detection techniques and clustering. It also consists idea to our research of integrating Snort with Clustering Algorithm for anomaly detection.

 

Published In : IJCSN Journal Volume 3, Issue 3

Date of Publication : 01 June 2014

Pages : 88 - 91

Figures : --

Tables : --

Publication Link : Integration of Signature Based and Anomaly Based Detection

 

 

 

Prerika Agarwal : did her schooling from Seventh Day Adventist Sr. Sec. School, Hapur. She completed her B.Tech in Information Technology from Shobhit Universty. She is perusing M.Tech in Computer Science from AKGEC. She has published four research papers in international journal and international and national conferences. Her areas of interest are Network Security, Data Mining.

Sangita Rani Satapahty : has been working as a Asst. Professor, department of CSE, AKGEC, Ghaziabad. She has 6 years of teaching experience. She has published/ presented several papers in journals/ conference of repute. His research interest includes Data Mining and Algorithm.

 

 

 

 

 

 

 

Intrusion Detection System

Signature based Detection

Anomaly based Detection

Hierarchical Clustering

Snort

Security is a big concern for all networks in today’s enterprise environment. Intruders have made many successful attempts in bringing down networks and web services. Signature based IDS are reliable when receives pattern matching with library of predefined signatures. Anomaly based IDS are able to detect unknown attacks, but producing number of false alarms. Snort is a powerful tool, capable of performing real time traffic analysis and packet logging. Clustering Algorithm forms normal behavior profile on the audit records and adjust the profile timely as the program behavior changed.

 

 

 

 

 

 

 

 

 

[1] Burbeck K, Nadjm-Tehrani S.: ADWICE – anomaly detection with fast incremental clustering. In: Proceedings of the seventh international conference on security and cryptology (ICICS’04). Springer Verlag; December 2004.

[2] Burbeck. K, Nadjm-Tehrani S.: ADWICE – Anomaly Detection with Real-Time Incremental Clustering ICISC 2004, LNCS 3506, pp. 407–424, 2005. Springer-Verlag Berlin Heidelberg 2005

[3] Burbeck K. Adaptive real-time anomaly detection for safeguarding critical networks. Linko¨ping University, ISBN 91-85497-23-1; February 2006

[4] Burbeck. K, Nadjm-Tehrani S.: Adaptive real-time anomaly detection with incremental clustering, Information Security Technical Report, 1363-4127 Elsevier 2007 Ltd.

[5] Chen.Z, Zhu.D.: Hierarchic Clustering Algorithm used for Anomaly Detecting, Advanced in Control Engineering and Information Science, Procedia Engineering 15 (2011) 3401-3405, Elsevier 2011

[6] Guan, Y., Ghorbani, A.A., Belacel, N.: Y-means: A clustering method for intrusion detection. In: Canadian Conference on AI. Volume 2671 of Lecture Notes in Computer Science., Montreal, Canada, 616- 617, Springer (2003)

[7] Horng.S.J, Su.M.Y,Chen.Y.H, Kao.T.W, Chen.R.J, La.J.J,Perkasa.C.D.: A novel intrusion detection system based on hierarchical clustering and support vector machines Expert Systems with Applications 38 (2011) 306–313, Elsevier 2011

[8] Jiang. S.Y, Song.X, Wang.H, Han.J.J, Li.Q.H.: A clustering-based method for unsupervised intrusion detections. Pattern Recognition Letters 27 802–810, Elsevier 2006

[9] Portnoy L, Eskin E, Stolfo S.: Intrusion detection with unlabeled data using clustering. In: ACM workshop on data mining applied to security; November 2001.

[10] S.Jungsuk, Takakura.H, Okab.Y, Nakao.K.: Toward a more practical unsupervised anomaly detection system, Inform. Sci. 1345-1356 Elsevier 2011 Ltd.

[11] Zhang T, Ramakrishnan R, Livny M.: BIRCH: an efficient data clustering method for very large databases. In: SIGMOD record 1996 ACM SIGMOD international conference on management of data, vol. 25(2); 4–6 June 1996. p. 103–14.

[12] C. Chang and C. Lin, “LIBSVM: a library for support vector machines,” 2001. Available at http://www.csie.ntu.edu.tw/ cjlin/libsvm.

[13] KDD Cup 1999. Available on: http://kdd.ics.uci.edu/databases/kddcup 99/kddcup99.html, Ocotber 2012

[14] Nsl-kdd data set for network-based intrusion detection systems.” Available on: http://nsl.cs.unb.ca/NSL-KDD/, March 2009.