A proposed HTTP service based IDS

مقال فى مجلة
Abd-Eldayem, Mohamed M. . 2014
نوع عمل المنشور
Research Paper
رابط النشر على الانترنت
وسوم
Cybersecurity
مجلة/صحيفة
Egyptian Informatics Journal
رقم الانشاء
2014
رقم المجلد
Mar
الصفحات
من 13 الي 24
تاريخ المؤتمر
ملخص المنشورات

The tremendous growth of the web-based applications has increased information security vulnerabilities over the Internet. Security administrators use Intrusion-Detection System (IDS) to monitor network traffic and host activities to detect attacks against hosts and network resources. In this paper IDS based on Naïve Bayes classifier is analyzed. The main objective is to enhance IDS performance through preparing the training data set allowing to detect malicious connections that exploit the http service. Results of application are demonstrated and discussed. In the training phase of the proposed IDS, at first a feature selection technique based on Naïve Bayes classifier is used, this technique identifies the most important HTTP traffic features that can be used to detect HTTP attacks. In the testing and running phases proposed IDS classifies the network traffic based on the requested service, then based on the selected features Naïve Bayes classifier is used to analyze the HTTP service based traffic and identifies the HTTP normal connections and attacks. The performance of the IDS is measured through experiments using NSL-KDD data set. The results show that the detection rate of the IDS is about 99%, the false-positive rate is about 1%, and the false-negative rate is about 0.25%; therefore, proposed IDS holds the highest detection rate and the lowest false alarm compared with other leading IDS. In addition, the proposed IDS based on Naïve Bayes is used to classify network connections as a normal or attack. And it holds a high detection rate and a low false alarm.

 

المرفقات
المرفق الحجم
aproposed_http_service_based_ids.pdf 1.74 ميغابايت