INTRUSION DETECTION SYSTEM BASED SNORT USING HIERARCHICAL CLUSTERING

Zen , S Hadi and Entin , Martiana and Aries , Pratiarso and Ellysabeth, J.C INTRUSION DETECTION SYSTEM BASED SNORT USING HIERARCHICAL CLUSTERING. In: International Seminar on Scientific Issues and Trends (ISSIT).

Preview

PDF Download (626Kb) | Preview

Abstract

One effort to protect the network from the threats of hackers, crackers and security experts is to build the Intrusion Detection System (IDS) on the network. The problem arises when new attacks emerge in a relatively fast, so a network administrator must create their own signature and keep updated on new types of attacks that appear. In this paper, it will be made an Intelligence Intrusion Detection System (IIDS) where the Hierarchical Clustering algorithm as an artificial intelligence is used as pattern recognition and implemented on the Snort IDS. Hierarchical clustering applied to the training data to determine the number of desired clusters. Labeling cluster is then performed; there are three labels of cluster, namely Normal, High Risk and Critical. Centroid Linkage Method used for the test data of new attacks. Output system is used to update the Snort rule database. This research is expected to help the Network Administrator to monitor and learn some new types of attacks. From the result, this system is already quite good to recognize certain types of attacks like exploit, buffer overflow, DoS and IP Spoofing. Accuracy performance of this system for the mentioned above type of attacks above is 90%.

Actions (login required)