Universiti Teknologi Malaysia Institutional Repository

A prototype for network intrusion detection system using danger theory

Al-Dhubhani, Raed and Idris, Norbik Bashah and Saeed, Faisal (2015) A prototype for network intrusion detection system using danger theory. Jurnal Teknologi, 73 (2). pp. 77-84. ISSN 0127-9696

[img]
Preview
PDF (Full Text)
598kB

Official URL: http://dx.doi.org/10.11113/jt.v73.4196

Abstract

Network Intrusion Detection System (NIDS) is considered as one of the last defense mechanisms for any organization. NIDS can be broadly classified into two approaches: misuse-based detection and anomaly-based detection. Misuse-based intrusion detection builds a database of the well-defined patterns of the attacks that exploit weaknesses in systems and network protocols, and uses that database to identify the intrusions. Although this approach can detect all the attacks included in the database, it leads to false negative errors where any new attack not included in that database can’t be detected. The other approach is the anomaly-based NIDS which is developed to emulate the Human Immune System (HIS) and overcome the limitation of the misuse-based approach. The anomaly-based detection approach is based on Negative Selection (NS) mechanism. NS is based on building a database of the normal self patterns, and identifying any pattern not included in that database as a non-self pattern and hence the intrusion is detected. Unfortunately, NS concept has also its drawbacks. Although any attack pattern can be detected as a non-self pattern and this leads to low false negative rate, non-self patterns would not necessarily indicate the existence of intrusions. So, NS has a high false positive error rate caused from that assumption. Danger Theory (DT) is a new concept in HIS, which shows that the response mechanism in HIS is more complicated and beyond the simple NS concept. So, is it possible to utilize the DT to minimize the high false positive detection rate of NIDS? This paper answers this question by developing a prototype for NIDS based on DT and evaluating that prototype using DARPA99 Intrusion Detection dataset.

Item Type:Article
Uncontrolled Keywords:anomaly detection, danger theory
Subjects:T Technology > T Technology (General) > T58.5-58.64 Information technology
Divisions:Computing
ID Code:55857
Deposited By: Practical Student
Deposited On:12 Oct 2016 14:33
Last Modified:01 Nov 2017 12:16

Repository Staff Only: item control page