Real-time application of OPF-based classifier in Snort IDS
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2022 |
| Outros Autores: | , |
| Tipo de documento: | Capítulo de livro |
| Idioma: | eng |
| Título da fonte: | Repositório Institucional da UNESP |
| Texto Completo: | http://dx.doi.org/10.1016/B978-0-12-822688-9.00011-6 http://hdl.handle.net/11449/240550 |
Resumo: | As the internet grows over the years, it is possible to observe an increase in the amount of data that travels on computer networks around the world. In a context in which the volume of data is continuously being renewed, from the perspective of the Computer Network Security area, it becomes a great challenge to protect, in terms of effectiveness and efficiency, today's computer systems. Among the primary security mechanisms employed in these environments, the Network Intrusion Detection Systems stand out. Although the signature-based detection approach of these tools is sufficient to combat known attacks, with the eventual discovery of new vulnerabilities, it is necessary to use anomaly-based detection approaches to mitigate the damage of unknown attacks. In the academic field, several studies have explored the development of hybrid approaches to improve the accuracy of these tools, with the aid of machine learning techniques. In this same line of research, this chapter aims at the application of these techniques for intrusion detection in a real-time environment using a popular and widely utilized tool, the Snort IDS. The presented results show that in certain attack scenarios, the anomaly-based detection approach can outperform the signature-based detection approach, with emphasis on the optimum-path forest, AdaBoost, Random Forests, decision tree, and support vector machine techniques. © 2022 Copyright |
| id |
UNSP_86b706d75e90897936c206f55b6fca1b |
|---|---|
| oai_identifier_str |
oai:repositorio.unesp.br:11449/240550 |
| network_acronym_str |
UNSP |
| network_name_str |
Repositório Institucional da UNESP |
| repository_id_str |
2946 |
| spelling |
Real-time application of OPF-based classifier in Snort IDSAnomaly detectionIntrusion detection systemsMachine learningOPFSnortAs the internet grows over the years, it is possible to observe an increase in the amount of data that travels on computer networks around the world. In a context in which the volume of data is continuously being renewed, from the perspective of the Computer Network Security area, it becomes a great challenge to protect, in terms of effectiveness and efficiency, today's computer systems. Among the primary security mechanisms employed in these environments, the Network Intrusion Detection Systems stand out. Although the signature-based detection approach of these tools is sufficient to combat known attacks, with the eventual discovery of new vulnerabilities, it is necessary to use anomaly-based detection approaches to mitigate the damage of unknown attacks. In the academic field, several studies have explored the development of hybrid approaches to improve the accuracy of these tools, with the aid of machine learning techniques. In this same line of research, this chapter aims at the application of these techniques for intrusion detection in a real-time environment using a popular and widely utilized tool, the Snort IDS. The presented results show that in certain attack scenarios, the anomaly-based detection approach can outperform the signature-based detection approach, with emphasis on the optimum-path forest, AdaBoost, Random Forests, decision tree, and support vector machine techniques. © 2022 CopyrightSão Paulo State University Department of ComputingCzestochowa University of Technology Department of ComputingSão Paulo State University Department of ComputingUniversidade Estadual Paulista (UNESP)Czestochowa University of TechnologyUtimura, Luan [UNESP]Costa, Kelton [UNESP]Scherer, Rafał2023-03-01T20:22:14Z2023-03-01T20:22:14Z2022-01-24info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/bookPart55-93http://dx.doi.org/10.1016/B978-0-12-822688-9.00011-6Optimum-Path Forest: Theory, Algorithms, and Applications, p. 55-93.http://hdl.handle.net/11449/24055010.1016/B978-0-12-822688-9.00011-62-s2.0-85134983394Scopusreponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPengOptimum-Path Forest: Theory, Algorithms, and Applicationsinfo:eu-repo/semantics/openAccess2023-03-01T20:22:15Zoai:repositorio.unesp.br:11449/240550Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462024-08-05T21:13:49.872810Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false |
| dc.title.none.fl_str_mv |
Real-time application of OPF-based classifier in Snort IDS |
| title |
Real-time application of OPF-based classifier in Snort IDS |
| spellingShingle |
Real-time application of OPF-based classifier in Snort IDS Utimura, Luan [UNESP] Anomaly detection Intrusion detection systems Machine learning OPF Snort |
| title_short |
Real-time application of OPF-based classifier in Snort IDS |
| title_full |
Real-time application of OPF-based classifier in Snort IDS |
| title_fullStr |
Real-time application of OPF-based classifier in Snort IDS |
| title_full_unstemmed |
Real-time application of OPF-based classifier in Snort IDS |
| title_sort |
Real-time application of OPF-based classifier in Snort IDS |
| author |
Utimura, Luan [UNESP] |
| author_facet |
Utimura, Luan [UNESP] Costa, Kelton [UNESP] Scherer, Rafał |
| author_role |
author |
| author2 |
Costa, Kelton [UNESP] Scherer, Rafał |
| author2_role |
author author |
| dc.contributor.none.fl_str_mv |
Universidade Estadual Paulista (UNESP) Czestochowa University of Technology |
| dc.contributor.author.fl_str_mv |
Utimura, Luan [UNESP] Costa, Kelton [UNESP] Scherer, Rafał |
| dc.subject.por.fl_str_mv |
Anomaly detection Intrusion detection systems Machine learning OPF Snort |
| topic |
Anomaly detection Intrusion detection systems Machine learning OPF Snort |
| description |
As the internet grows over the years, it is possible to observe an increase in the amount of data that travels on computer networks around the world. In a context in which the volume of data is continuously being renewed, from the perspective of the Computer Network Security area, it becomes a great challenge to protect, in terms of effectiveness and efficiency, today's computer systems. Among the primary security mechanisms employed in these environments, the Network Intrusion Detection Systems stand out. Although the signature-based detection approach of these tools is sufficient to combat known attacks, with the eventual discovery of new vulnerabilities, it is necessary to use anomaly-based detection approaches to mitigate the damage of unknown attacks. In the academic field, several studies have explored the development of hybrid approaches to improve the accuracy of these tools, with the aid of machine learning techniques. In this same line of research, this chapter aims at the application of these techniques for intrusion detection in a real-time environment using a popular and widely utilized tool, the Snort IDS. The presented results show that in certain attack scenarios, the anomaly-based detection approach can outperform the signature-based detection approach, with emphasis on the optimum-path forest, AdaBoost, Random Forests, decision tree, and support vector machine techniques. © 2022 Copyright |
| publishDate |
2022 |
| dc.date.none.fl_str_mv |
2022-01-24 2023-03-01T20:22:14Z 2023-03-01T20:22:14Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/bookPart |
| format |
bookPart |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://dx.doi.org/10.1016/B978-0-12-822688-9.00011-6 Optimum-Path Forest: Theory, Algorithms, and Applications, p. 55-93. http://hdl.handle.net/11449/240550 10.1016/B978-0-12-822688-9.00011-6 2-s2.0-85134983394 |
| url |
http://dx.doi.org/10.1016/B978-0-12-822688-9.00011-6 http://hdl.handle.net/11449/240550 |
| identifier_str_mv |
Optimum-Path Forest: Theory, Algorithms, and Applications, p. 55-93. 10.1016/B978-0-12-822688-9.00011-6 2-s2.0-85134983394 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
Optimum-Path Forest: Theory, Algorithms, and Applications |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
55-93 |
| dc.source.none.fl_str_mv |
Scopus reponame:Repositório Institucional da UNESP instname:Universidade Estadual Paulista (UNESP) instacron:UNESP |
| instname_str |
Universidade Estadual Paulista (UNESP) |
| instacron_str |
UNESP |
| institution |
UNESP |
| reponame_str |
Repositório Institucional da UNESP |
| collection |
Repositório Institucional da UNESP |
| repository.name.fl_str_mv |
Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP) |
| repository.mail.fl_str_mv |
|
| _version_ |
1808129299488702464 |