A proposed HTTP service based IDS

Journal Article
Abd-Eldayem, Mohamed M. . 2014
نوع عمل المنشور: 
Research Paper
الوسوم: 
Cybersecurity
المجلة \ الصحيفة: 
Egyptian Informatics Journal
رقم العدد: 
2014
رقم الإصدار السنوي: 
Mar
الصفحات: 
من 13 الي 24
مستخلص المنشور: 

The tremendous growth of the web-based applications has increased information security vulnerabilities over the Internet. Security administrators use Intrusion-Detection System (IDS) to monitor network traffic and host activities to detect attacks against hosts and network resources. In this paper IDS based on Naïve Bayes classifier is analyzed. The main objective is to enhance IDS performance through preparing the training data set allowing to detect malicious connections that exploit the http service. Results of application are demonstrated and discussed. In the training phase of the proposed IDS, at first a feature selection technique based on Naïve Bayes classifier is used, this technique identifies the most important HTTP traffic features that can be used to detect HTTP attacks. In the testing and running phases proposed IDS classifies the network traffic based on the requested service, then based on the selected features Naïve Bayes classifier is used to analyze the HTTP service based traffic and identifies the HTTP normal connections and attacks. The performance of the IDS is measured through experiments using NSL-KDD data set. The results show that the detection rate of the IDS is about 99%, the false-positive rate is about 1%, and the false-negative rate is about 0.25%; therefore, proposed IDS holds the highest detection rate and the lowest false alarm compared with other leading IDS. In addition, the proposed IDS based on Naïve Bayes is used to classify network connections as a normal or attack. And it holds a high detection rate and a low false alarm.

 

    ملف مرفق: 
    المرفقالحجم
    PDF icon aproposed_http_service_based_ids.pdf1.74 ميغابايت