A Parallelism Technique to Improve Signature Based Intrusion Detection System

  • Prof. Menka Patel
  • Prof. Hitesh Rajput
  • Prof. Himansu Patel
Keywords: Intrusion Detection System; Snort; Data Parallelism; Signature-based

Abstract

nowadays, it is vital for organization to protect their valuable information and internal resources from malicious access. Firewall is one of solution to prevent from unauthorized access, but it cannot monitor network traffic. To monitor and detect threats network monitoring tool like Intrusion Detection System (IDS) is required. Different IDS uses several techniques for Intrusion Detection. Signature based detection techniques are widely used in networks for fast response to detect threats. Because of the high-speed a large volume of data should be analysed and processed with high-speed infrastructure. It is time consuming process because signature based IDS scan all the network traffic and detect malicious packets. Snort is the best tool for signature based intrusion detection system can monitor the network traffic and generate alert for malicious packet. A parallel technique is a best alternative to reduce processing time and improve the performance of network intrusion detection system. In this paper, we have proposed data parallelism technique for signature based intrusion detection system using Snort in which detection rate is increased, the time to analyse packets and dropped packets are decreased. Our system is horizontally scalable that means we can increase or decrease hosts as per requirement

References

[1] A. Almutairi and N. Abdelmajeed, "Innovative signature based intrusion detection system: Parallel processing and minimized database Sign In or Purchase", in the Frontiers and Advances in Data Science (FADS), 2017 International Conference on, Xi'an, China, 2018. ISBN: 978-1-5386-3149-2
[2] Symantec Internet Security Threat Report, Vol. 21, Apr 2016.
[3] M. Garnaeva, F. Sinitsyn, Y. Namestnikov, D. Makrushin and A. Liskin, "Kaspersky Security Bulletin Overall Statistics", 2016.
[4] F. Gong, "Deciphering Detection Techniques: Part II Anomaly-Based Intrusion Detection", White Paper from McAfee Network Security Technologies Group 2003.
[5] F. Shiri, B. Shanmugam and N. Idris, "A parallel technique for improving the performance of signature-based network intrusion detection system", in 3rd International Conference on Communication Software and Networks, Xi'an, China, 2011, pp. 692 - 696.
[6] H. Umar, C. Li and Z. Ahmad, "Parallel Component Agent Architecture to Improve the Efficiency of Signature Based NIDS", Journal of Advances in Computer Networks, vol. 2, no. 4, pp. 269-273, 2014.
[7] N. Khamphakdee, N. Benjamas and S. Saiyod, "Improving Intrusion Detection System based on Snort rules for network probe attack detection", in Information and Communication Technology (ICoICT), 2014 2nd International Conference on, Bandung, Indonesia, 2014.
[8] F. Alserhani, Monis Akhlaq, I. U. Awan, A. J. Cullen, J. Mellor ,P. Mirchandani, “Snort Performance Evaluation”, Informatics Research Institute, University of Bradford, Bradford, BD7 1DP, United Kingdom.
[9] A. Jadhav, A. Jadhav, P. Jadhav and P. Kulkarni, "A Novel Approach for the Design of Network Intrusion Detection System(NIDS)", in Sensor Network Security Technology and Privacy Communication System (SNS & PCS), 2013 International Conference on, Nangang, China, 2013.
[10] S. Shah, P. Singh , “Signature-Based Network Intrusion Detection System Using SNORT And WINPCAP”, International Journal of Engineering Research & Technology (IJERT),vol. 1, Issue 10, December- 2012 ISSN: 2278-0181
[11] M. Uddin, K. Khowaja and A. Abdul Rehman, "Dynamic Multi-Layer Signature Based Intrusion Detection System Using Mobile Agents", International Journal of Network Security & Its Applications, vol. 2, no. 4, pp. 129-141, 2010.
[12] R. Wasniowski, “Multisensor Agent Based Intrusion Detection”, World Academy of Science, Engineering and Technology, International Journal of Computer, Electrical, Automation, Control and Information Engineering, vol.1, no. 5, pp 1465- 1468, 2007.
[13] D.Gaikwad, P. Pabshettiwar, P. Musale, P. Paranjape, A. S. Pawar, “A Proposal for Implementation of Signature Based Intrusion Detection System Using Multithreading Technique”, International Journal Of Computational Engineering Research, vol. 2, Issue. 7, pp. 59- 65, 2012
[14] P. Wheeler and E. Fulp, "A taxonomy of parallel techniques for intrusion detection", in ACM-SE 45 Proceedings of the 45th annual southeast regional conference, 2007, pp. 278-282.
[15] C. Kopek, E. Fulp and P. Wheeler, "Distributed Data Parallel Techniques for Content-Matching Intrusion Detection Systems", in Military Communications Conference, 2007. MILCOM 2007. IEEE, Orlando, FL, USA, USA, 2007.
Published
2018-11-05
How to Cite
Patel, P. M., Rajput, P. H., & Patel, P. H. (2018, November 5). A Parallelism Technique to Improve Signature Based Intrusion Detection System. ASIAN JOURNAL FOR CONVERGENCE IN TECHNOLOGY (AJCT ) -UGC LISTED, 4(II). https://doi.org/https://doi.org/10.33130/asian%20journals.v4iII.607
Section
Article