An Efficient Hybrid Intrusion Detection System Combines Signature-Based and Anomaly-Based Techniques

Asamene, Kelelom (2018) An Efficient Hybrid Intrusion Detection System Combines Signature-Based and Anomaly-Based Techniques. Masters thesis, Mekelle University.

[img] Text (Hybrid Intrusion Detection System Combines Signature- Based and Anomaly-Based Techniques)
Asamene_Thesiss_Final.pdf - Submitted Version
Restricted to Repository staff only

Download (3MB) | Request a copy

Abstract

An Intrusion Detection System (IDS) is employed to detect many types of malicious behaviors which will compromise the safety and trust of a computer system. Its basic aim is to protect the system against malware and unauthorized access of a network or a system. Wireless Sensor Networks (WSN) security issues are getting more attention by researchers due to deployment circumstances. They are usually deployed in unattended and harsh environments that make them susceptible for many kinds of attacks. Different security mechanisms have been proposed for WSN. Detection-based mechanisms are considered to be the second defense line against attacks when the traditional prevention based mechanisms failed to Handel them. In the proposed system, most of the unknown anomalies or intrusions can be able to recognize and detect suspected intrusion. The system aims to effectively for Network Intrusion Detection and to decrease misclassification of attacks. The prime goal of this thesis research work was therefore to develop an efficient hybrid intrusion detection system for WSNs. The approach uses the clustering algorithm to reduce the amount of information and decrease the consumption of energy. In addition, we have used a class of machine learning algorithm called support vector machine (SVM), that separates data into normal and anomalous (binary classification) in order to detect anomalies. We have also applied a misuse detection technique to determine known attack patterns (signatures). Therefore, the combination of both techniques can achieve a high detection rate with low false positive and false negative rate (accuracy rate over 98%). Finally, we have developed a mechanism of cooperation among IDS agents that work with each other, that mechanism can make a better decision in order to verify if a node is compromised or not which might determine a novel sign of intrusion. The evaluation of the proposed approaches for IDS was examined based on the following metrics, a detection rate of attacks, false alarm rate of attacks and accuracy. The proposed methods produced high accuracy rate and hence, it can be concluded that these models can be considered as high strength system in terms of network intrusion detection.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Hybrid Intrusion Detection, Wireless Sensor Network, Support vector machine, Signature attacks, false alarm, detection rate
Subjects: Q Science > Q Science (General)
Q Science > QA Mathematics
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Q Science > QA Mathematics > QA76 Computer software
Divisions: Africana
Depositing User: Asamene Kelelom
Date Deposited: 18 Aug 2021 07:32
Last Modified: 18 Aug 2021 07:32
URI: http://thesisbank.jhia.ac.ke/id/eprint/9652

Actions (login required)

View Item View Item