Institute of Electrical & Electronic Engineers
In this paper, the authors report the design principles and evaluation results of a new experimental Hybrid Intrusion Detection System (HIDS). This hybrid system combines the advantages of low false-positive rate of signature-based Intrusion Detection System (IDS) and the ability of Anomaly Detection System (ADS) to detect novel unknown attacks. By mining anomalous traffic episodes from Internet connections, they build an ADS that detects anomalies beyond the capabilities of signature-based SNORT or Bro systems. A weighted signature generation scheme is developed to integrate ADS with SNORT by extracting signatures from anomalies detected. HIDS extracts signatures from the output of ADS and adds them into the SNORT signature database for fast and accurate intrusion detection.