Enhancement of intrusion detection Techniques in distributed environment

Abstract

Intrusion detection systems (IDS) have been used in all types of newlinenetworking environments such as wired, wireless, ad-hoc networks etc. While it newlineis used in distributed networking environment such as grid or cloud computing, newlineperformance of IDS is degraded due to its dynamic nature, sharing of resources newlineand scalability features. Over recent years, researchers have been employing newlinevarious soft computing techniques for intrusion detection in distributed systems. newlineHowever, there exists a tradeoff between network performance and IDS newlineperformance, due to the massive amount of data for analyzing. Traditional IDS newlinehave to be tuned up to cope up with the features of distributed environment. This newlineresearch work focuses on upgrading the IDS methods to classify normal newlinebehavior and attacks. This proposed work aims to balance both IDS and network newlineperformance. IDS performance is enhanced in two modes and three phases. newlineSignature based and anomaly-based detection are the two modes. Integration, newlinepredictor selection and detection method are the three phases. newlineAll computing resources in the distributed system are cooperatively newlinemonitored by host based and network-based IDS models. Integration of IDS newlinemodels and methods (signature and anomaly based) strengthen intrusion newlineviii newlinedetection mechanism. Summarized intrusion report is generated from integrated newlinedesign. This report is used to update the existing signature database and prevents newlinefurther intrusion. Signature based detection is improved through selected rule set newlineconstruction and rules updation. Moreover, while detecting anomalies, predictor newlineselection phase highly influences detection accuracy. So predictors needed for newlineintrusion detection are selected using metrics, accuracy and Gini impurity . newlineDifferent classifiers such as SVM, C5.0 and random forest (RF) are tested to newlinefind the best classifier. RF yields better results than the other two classifiers.