A COMBINED APPROACH TO SEARCH FOR EVASION TECHNIQUES IN NETWORK INTRUSION DETECTION SYSTEM

Rutuja R. Patil, P. R. Devale

Abstract: Network Intrusion Detection Systems (NIDS) whose base is signature, works on the signature of attacks. They must be updated quickly in order to prevent the system from new attacks. The attacker finds out new evasion techniques so that he should remain undetected. As the new evasion techniques are being developed it becomes difficult for NIDS to give accurate results and NIDS may fail. The key aspect of our paper is to develop a network intrusion detection system using C4.5 algorithm where Adaboost algorithm is used to classify the packet as normal packet or attack packet and also to further classify different types of attack. Apriori algorithm is used to find real time evasion and to generate rules to find intrusion These rules are further given as input to Snort intrusion detection system for detecting different attacks.

Keywords: NIDS, Evasion, Apriori Algorithm, Adaboost Algorithm, Snort

DOI: https://doi.org/10.15623/ijret.2014.0311081