A Suricata and Machine Learning Based Hybrid Network Intrusion Detection System

7Citations
Citations of this article
29Readers
Mendeley users who have this article in their library.
Get full text

Abstract

The objective of this paper is to propose a hybrid model of Network Intrusion Detection System (NIDS) based on the use of two types of IDS: Signature-based NIDS (SNIDS) and Anomaly Detection-based NIDS (ADNIDS). Indeed, modern computer networks have become the backbone for all the most critical business sectors. In parallel with the evolution and expansion of computer networks, cyber threats keep improving day after day to become more and more sophisticated and capable of bypassing all security policies implemented by information security managers. Knowing that cyberattacks can cause irreparable damage, costing the victim entity a lot of money, following a leak of critical and sensitive information. In addition, traditional prevention mechanisms such as network firewalls are no longer sufficient to counter cybercrime as they can only stop known attacks from the outside but not those coming from the inside or 0-day attacks. Therefore, intrusion detection systems are important devices to deploy in IT infrastructures to protect them from suspicious activities. However, SNIDS alone only provides detection of intrusions with known signatures but not unknown 0-day attacks. ADNIDS, on the other hand, can detect unknown intrusions but generate very high false alarm rates. Another approach is to use both types of NIDS to form a hybrid system and it is the most effective solution to counter any kind of attack, including unknown cyber threats. The use of both SNIDS and ADNIDS at the same time forms what is called a hybrid NIDS. Our hybrid NIDS model is based on Suricata as the SNIDS and ADNIDS based on the Machine Learning Decision Tree algorithm. The network baseline included the set of benign traffic patterns and was designed after balancing and optimizing the CICIDS2017 dataset. The classification of the benign traffic via Decision Tree yielded very conclusive results in accuracy, F-Measure, Recall, and precision.

References Powered by Scopus

A feature selection algorithm for intrusion detection system based on Pigeon Inspired Optimizer

330Citations
N/AReaders
Get full text

A deep learning method with wrapper based feature extraction for wireless intrusion detection system

283Citations
N/AReaders
Get full text

RDTIDS: Rules and decision tree-based intrusion detection system for internet-of-things networks

192Citations
N/AReaders
Get full text

Cited by Powered by Scopus

A Zero-Trust Model for Intrusion Detection in Drone Networks

3Citations
N/AReaders
Get full text

A Comparison of Neural-Network-Based Intrusion Detection against Signature-Based Detection in IoT Networks

2Citations
N/AReaders
Get full text

DEVELOPMENT OF HYBRID INTRUSION DETECTION SYSTEM BASED ON SURICATA WITH PFSENSE METHOD FOR HIGH REDUCTION OF DDOS ATTACKS ON IPV6 NETWORKS

2Citations
N/AReaders
Get full text

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Ouiazzane, S., Addou, M., & Barramou, F. (2022). A Suricata and Machine Learning Based Hybrid Network Intrusion Detection System. In Lecture Notes in Networks and Systems (Vol. 357 LNNS, pp. 474–485). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-91738-8_43

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 2

50%

Professor / Associate Prof. 1

25%

Lecturer / Post doc 1

25%

Readers' Discipline

Tooltip

Computer Science 6

86%

Linguistics 1

14%

Save time finding and organizing research with Mendeley

Sign up for free