Despite the rapid progress of the information technology, protecting computers and networks remain a major problem for most authors. In this paper, two grains levels intrusion detection system (IDS) is suggested ( fine-grained and coarse-grained ). In normal case, where intrusions are not detected, the most suitable IDS level is the coarse-grained to increase IDS performance. As soon as any intrusion is detected by coarse-grained IDS, the fine-grained is activated to detect the possible attack details. Very fast decision tree algorithm is used in both of these detection levels. In order to ensure efficiency of the proposed model, it has been tested on KDD CUP 99 offline dataset and a real traffic dataset. Experimental results demonstrate that the proposed model is highly successful in detecting known and unknown attacks, and can be successfully adapted with packets' flow to increase IDS performance. This article explains how we got a detection rate greater than 93% with an average processing time equals to 3?×?10 ?6 ?s per example.
展开▼
机译:尽管信息技术发展迅速,但是对于大多数作者而言,保护计算机和网络仍然是一个主要问题。本文提出了两种颗粒级入侵检测系统(IDS)(细粒度和粗粒度)。在正常情况下,如果未检测到入侵,则最合适的IDS级别是粗粒度以提高IDS性能。粗粒度IDS一旦检测到任何入侵,就会激活细粒度IDS以检测可能的攻击详细信息。在这两个检测级别中都使用了非常快速的决策树算法。为了确保所提出模型的效率,已在KDD CUP 99离线数据集和真实交通数据集上进行了测试。实验结果表明,该模型在检测已知和未知攻击方面非常成功,并且可以成功地与数据包流进行匹配以提高IDS性能。本文介绍了每个示例的平均处理时间等于3?×?10?6?s的情况下,如何获得大于93%的检测率。
展开▼
