Alaidaros, Hashem and Mahmuddin, Massudi (2017) Flow-based approach on bro intrusion detection. Journal of Telecommunication, Electronic and Computer Engineering, 9 (2-2). pp. 139-145. ISSN 2180-1843

Preview

PDF Available under License Creative Commons Attribution. Download (718kB) | Preview

Abstract

Packet-based or Deep Packet Inspection (DPI) intrusion detection systems (IDSs) face challenges when coping with high volume of traffic. Processing every payload on the wire degrades the performance of intrusion detection. This paper aims to develop a model for reducing the amount of data to be processed by intrusion detection using flow-based approach. We investigated the detection accuracy of this approach via implementation of this model using Bro IDS. Bro was used to generate malicious features from several recent labeled datasets. Then, the model made use the machine learning classification algorithms for attribute evaluation and Bro policy scripts for detecting malicious flows. Based on our experiments, the findings showed that flow-based detection was able to identify the presence of all malicious activities. This verifies the capability of this approach to detect malicious flows with high accuracy. However, this approach generated a significant number of false positive alarms. This indicates that for detection purpose, it is difficult to make a complete behavior of the malicious activities from only limited data and flow-level.

Item Type:	Article
Uncontrolled Keywords:	Flow-Based Detection; Bro Intrusion Detection System; Machine Learning; Public Datasets;
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:	School of Computing
Depositing User:	Mrs. Norazmilah Yaakub
Date Deposited:	22 Apr 2019 00:46
Last Modified:	22 Apr 2019 00:46
URI:	https://repo.uum.edu.my/id/eprint/25963

Actions (login required)

View Item