Performance comparison of intrusion detection systems and application of machine learning to Snort system

Shah, Syed Ali Raza and Issac, Biju (2018) Performance comparison of intrusion detection systems and application of machine learning to Snort system. Future Generation Computer Systems, 80. pp. 157-170. ISSN 0167-739X

[img]
Preview
Text (Full text)
Shah, Issac - Performance comparison of intrusion detection systems and application of machine learning to Snort system AAM.pdf - Accepted Version

Download (877kB) | Preview
Official URL: http://dx.doi.org/10.1016/j.future.2017.10.016

Abstract

This study investigates the performance of two open source intrusion detection systems (IDSs) namely Snort and Suricata for accurately detecting the malicious traffic on computer networks. Snort and Suricata were installed on two different but identical computers and the performance was evaluated at 10 Gbps network speed. It was noted that Suricata could process a higher speed of network traffic than Snort with lower packet drop rate but it consumed higher computational resources. Snort had higher detection accuracy and was thus selected for further experiments. It was observed that the Snort triggered a high rate of false positive alarms. To solve this problem a Snort adaptive plug-in was developed. To select the best performing algorithm for Snort adaptive plug-in, an empirical study was carried out with different learning algorithms and Support Vector Machine (SVM) was selected. A hybrid version of SVM and Fuzzy logic produced a better detection accuracy. But the best result was achieved using an optimised SVM with firefly algorithm with FPR (false positive rate) as 8.6% and FNR (false negative rate) as 2.2%, which is a good result. The novelty of this work is the performance comparison of two IDSs at 10 Gbps and the application of hybrid and optimised machine learning algorithms to Snort.

Item Type: Article
Uncontrolled Keywords: Intrusion detection, Snort and Suricata, Performance comparison, Machine learning, Support Vector Machine, Fuzzy Logic
Subjects: G400 Computer Science
Department: Faculties > Engineering and Environment > Computer and Information Sciences
Depositing User: Becky Skoyles
Date Deposited: 21 Sep 2018 08:57
Last Modified: 11 Oct 2019 18:01
URI: http://nrl.northumbria.ac.uk/id/eprint/35851

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics