Novel Pattern Matching based Alert Classification Approach For Intrusion Detection System

S. Sandosh, Dr.V. Govindasamy and Dr.G. Akila

Detecting intrusions from the network traffic dataset is one of the demanding and critical task in recent days. Intrusion-detection products have become extensively presented in recent years, andare started to gain recognition in initiatives as a valuableenhancementon security. They observ accesses and data streams in data systems toregulate whether malicious actions arehappening, whichever from external or internal, and create this information accessible to the operators of the informationsystem. Furthermore, they can also respond to malicious actions and take some necessary countermeasures.The aim of this research is to shrink the false positive alarmrate, false negative alarm rateand to increase the detection rate.In this paper, a novel pattern matching based alert classification methodology is proposed to reduce the false alert rates. From these alert log files, the data are processed and the alert data records are defined. From each of Snort alert data, the most relevant and appropriate details selected using a Sparse Selection technique. Then these alert data are classified as per their importance using a Random forest Classification approach. The signature or the patterns of the classified alert data are examined by means of a Pattern Matching Algorithm. Besides the matching process is recurrent till the patterns are matched. At last, the risk assessment for IDS alerts are conceded out by means of Hidden Markov Model. Finally, the performance analysis was made and the results are compared in terms of accuracy, precision, recall, F1 measure, False negative and false positive rate, which shows that our proposed technique provides better result on comparing the existing one.

Volume 11 | 11-Special Issue

Pages: 279-289

DOI: 10.5373/JARDCS/V11SP11/20193032