Double Step Intrusion Detection System

K.E.A. Negm (UAE)

Keywords

Baseline system, IDS, neural networks, security

Abstract

In this paper we describe the design and implementation of a double step intrusion detection system. This system combines between two methodologies, namely: discriminative neural network training and generic keywords search methodologies, by which it can improve the intrusion detection performance in a real time domain. In addition to the avoidance of the false alarm alerts that an individual system with one methodology of detection can fall in. Generic keywords are selected to detect attack preparations, the actual break-in, and actions after the break-in. Discriminative training weights keyword counts to discriminate between the few attack sessions where keywords are known to occur and the many normal sessions where keywords may occur in other contexts. This system reduced the false alarm rate by two orders of magnitude and increases the detection rate to roughly 85 - 90% in a real prototype working environment. The improved keyword system detects new as well as old attacks and has roughly the same computation requirements as the original baseline system.

Important Links:



Go Back