Network Intrusion Detection System (NIDS) is a hardware or software application that allows computer networks to detect, recognize and avoid the harmful activities, which attempt to compromise the integrity, privacy or accessibility of computer network. Two detection techniques are used by the NIDSs, namely, the signature-based and anomaly-based. Signature-based intrusion detection depends on the detection of the signature of the known attacks. On the other hand, the anomaly-based intrusion detection depends on the detection of anomalous behaviours in the networks. Snort is an open source signature-based NIDS and can be used effectively to detect and prevent the known network attacks. It uses a set of predefined signatures (rules) to trigger an alert if any network packet matches one of its rules. However, it fails to detect new attacks that do not have signatures in its predefined rules. Thus, it requires constant update of its rules to detect new attacks. To overcome this deficiency, the present paper recommends using Danger Theory concepts inspired from biological immune system with a machine learning algorithm to automatically create new Snort rules, which can detect new attacks. Snort NIDS as a software as a Service (NIDSaaS) in cloud computing has been suggested. Experimental results showed that the proposed modifications of the Snort improved its ability to detect the new attacks.
Digital Object Identifier (DOI)
M. Elshafie, Hussein; M. Mahmoud, Tarek; and A. Ali, Abdelmgeid
"An Efficient Snort NIDSaaS based on Danger Theory and Machine Learning,"
Applied Mathematics & Information Sciences: Vol. 14
, Article 16.
Available at: https://dc.naturalspublishing.com/amis/vol14/iss5/16