UUM Electronic Theses and Dissertation
UUM ETD | Universiti Utara Malaysian Electronic Theses and Dissertation
FAQs | Feedback | Search Tips | Sitemap

CHID : conditional hybrid intrusion detection system for reducing false positives and resource consumption on malicous datasets

Alaidaros, Hashem Mohammed (2017) CHID : conditional hybrid intrusion detection system for reducing false positives and resource consumption on malicous datasets. Doctoral thesis, Universiti Utara Malaysia.

[thumbnail of s93165_01.pdf]
Preview
Text
s93165_01.pdf

Download (3MB) | Preview
[thumbnail of s93165_02.pdf]
Preview
Text
s93165_02.pdf

Download (1MB) | Preview

Abstract

Inspecting packets to detect intrusions faces challenges when coping with a high volume of network traffic. Packet-based detection processes every payload on the wire, which degrades the performance of network intrusion detection system (NIDS). This issue requires an introduction of a flow-based NIDS that reduces the amount of data to be processed by examining aggregated information of related packets.
However, flow-based detection still suffers from the generation of the false positive alerts due to incomplete data input. This study proposed a Conditional Hybrid Intrusion Detection (CHID) by combining the flow-based with packet-based detection. In addition, it is also aimed to improve the resource consumption of the packet-based detection approach. CHID applied attribute wrapper features evaluation algorithms that marked malicious flows for further analysis by the packet-based detection. Input Framework approach was employed for triggering packet flows between the packetbased and flow-based detections. A controlled testbed experiment was conducted to evaluate the performance of detection mechanism’s CHID using datasets obtained from on different traffic rates. The result of the evaluation showed that CHID gains a significant performance improvement in terms of resource consumption and packet drop rate, compared to the default packet-based detection implementation. At a 200 Mbps, CHID in IRC-bot scenario, can reduce 50.6% of memory usage and decreases 18.1% of the CPU utilization without packets drop. CHID approach can mitigate the
false positive rate of flow-based detection and reduce the resource consumption of packet-based detection while preserving detection accuracy. CHID approach can be considered as generic system to be applied for monitoring of intrusion detection systems.

Item Type: Thesis (Doctoral)
Supervisor : Mahmuddin, Massudi
Item ID: 6950
Uncontrolled Keywords: Flow-based detection, Packet-based detection, Input Framework approach.
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: Awang Had Salleh Graduate School of Arts & Sciences
Date Deposited: 06 Jan 2019 00:59
Last Modified: 02 May 2021 01:08
Department: Awang Had Salleh Graduate School of Arts and Sciences
Name: Mahmuddin, Massudi
URI: https://etd.uum.edu.my/id/eprint/6950

Actions (login required)

View Item
View Item