UUM ETD | Universiti Utara Malaysian Electronic Theses and Dissertation
FAQs | Feedback | Search Tips | Sitemap

CHID : conditional hybrid intrusion detection system for reducing false positives and resource consumption on malicous datasets

Alaidaros, Hashem Mohammed (2017) CHID : conditional hybrid intrusion detection system for reducing false positives and resource consumption on malicous datasets. PhD. thesis, Universiti Utara Malaysia.

[img] Text
s93165_01.pdf
Restricted to Registered users only

Download (3MB)
[img]
Preview
Text
s93165_02.pdf

Download (1MB) | Preview

Abstract

Inspecting packets to detect intrusions faces challenges when coping with a high volume of network traffic. Packet-based detection processes every payload on the wire, which degrades the performance of network intrusion detection system (NIDS). This issue requires an introduction of a flow-based NIDS that reduces the amount of data to be processed by examining aggregated information of related packets. However, flow-based detection still suffers from the generation of the false positive alerts due to incomplete data input. This study proposed a Conditional Hybrid Intrusion Detection (CHID) by combining the flow-based with packet-based detection. In addition, it is also aimed to improve the resource consumption of the packet-based detection approach. CHID applied attribute wrapper features evaluation algorithms that marked malicious flows for further analysis by the packet-based detection. Input Framework approach was employed for triggering packet flows between the packetbased and flow-based detections. A controlled testbed experiment was conducted to evaluate the performance of detection mechanism’s CHID using datasets obtained from on different traffic rates. The result of the evaluation showed that CHID gains a significant performance improvement in terms of resource consumption and packet drop rate, compared to the default packet-based detection implementation. At a 200 Mbps, CHID in IRC-bot scenario, can reduce 50.6% of memory usage and decreases 18.1% of the CPU utilization without packets drop. CHID approach can mitigate the false positive rate of flow-based detection and reduce the resource consumption of packet-based detection while preserving detection accuracy. CHID approach can be considered as generic system to be applied for monitoring of intrusion detection systems.

Item Type: Thesis (PhD.)
Uncontrolled Keywords: Flow-based detection, Packet-based detection, Input Framework approach.
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: Awang Had Salleh Graduate School of Arts & Sciences
Depositing User: Mr. Badrulsaman Hamid
Date Deposited: 06 Jan 2019 00:59
Last Modified: 06 Jan 2019 00:59
URI: http://etd.uum.edu.my/id/eprint/6950

Actions (login required)

View Item View Item