Abstract
There were many reports about incidents of network attacks and security treats. Damages caused by network attacks and malwares can be extremely expensive or unaffordable. In this paper, we present a web-based management system for network-based intrusion detection and prevention. Users can get access from any mobile devices to see current network status, if there is an incident of network attack in the network environment. Our intrusion detection and prevention systems (IDPS) can be applied with different well-known detection algorithms which are C4.5 Decision Tree, Random Forest, Ripple Rule, Bayesian Network, Back-Propagation Neural Network. These algorithms can give very high detection accuracy for known attacks, where the attack type was previously trained/ learnt by the system. However, when new or unfamiliar/unknown attacks are encountered, the algorithms do not perform well. So, we develop a new detection technique based on Fuzzy Genetic Algorithm (Fuzzy GA) to handle the problem. Our IDPS can work in real-time, where detection results will be reported within 2–3 s. The IDPS will automatically protect the network by dropping the malicious network packets or block the network ports that are abused by the attackers. In addition, the proposed IDPS can detect network attacks at different locations inside the network by using several client machines to capture data packets and then send information to the server in order to classify types of network attacks. The proposed IDPS also allows system administrator to update existing detection rule sets or learn new training datasets with a friendly graphic user interface. In our experiments, we can correctly detect and prevent network attacks with high accuracy, more than 97 %.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Amini M, Jalili A, Shahriari HR (2005) RT-UNNID: a practical solution to real-time network-based intrusion detection using unsupervised neural networks. Comput Secur 25:459–468
Bard H (2005) Code Red II analysis. Global Information Assurance Certificated (GIAC) paper, SANS Institute
Ferrie P, Perriot F (2004) Virus analysis 2 mostly harmless. Virus Bulletin, August, 5–8
Fries TP (2008) A fuzzy-genetic approach to network intrusion detection. The 10th Annual Conference on Genetic and Evolutionary Computation (GECCO), 2141–2146
Gómez J, León E (2006) A fuzzy set/rule distance for evolving fuzzy anomaly detectors. IEEE International Conference on Fuzzy Systems, 2286–2292
Hoogstraten JV (2003) Blasting windows: an analysis of the W32/Blaster worm. CGIH Practical Assignment Version 2.1a, SANS Institute
Iptables, The netfilter “iptable” project [online]. Available: http://www.netfilter.org/projects/iptables/index.html
Jongsuebsook P, Wattanapongsakorn N, Charnsripinyo C (2013) Real-time intrusion detection with fuzzy genetic algorithm. ECTI-CON IEEE Conference
Jpcap, a network packet capture library. [Online]. Available: http://www.jpcap.sourceforge.net/
Levy E, Arce I (2004) The spread of the Witty worm. IEEE Secur Priv 2:46–50
Li P, Salour M, Su X (2008) A survey of internet worm detection and containment. IEEE Communication Survey & Tutorials, 1st Quarter, 20–35
McDowell M, US-CERT, Denial of Service Attacks or DoS. [Online]. Available: http://www.thaicert.nectec.or.th/paper/DoS/DoS.php
Port scan techniques. [Online]. Available: http://nmap.org/book/man-port-scanning-techniques.html
Puttini RS, Marrakchi Z, Me L (2003) A Bayesian classification model for real-time intrusion detection. API Conference, 150–162
Sangkatsanee P, Charnsripinyo C, Wattanapongsakorn N (2011) Practical real-time intrusion detection using machine learning approaches. Elsevier Comput Commun 34(18):2227–2235
Sarnsuwan N, Charnsripinyo C, Wattanapongsakorn N (2010) A new approach for internet worm detection and classification, networked computing (INC). 2010 6th International Conference, 1–4
Snort [Online]. Available: http://www.snort.org/Cisco Intrusion Prevention System [Online]. Available: http://www.cisco.com/en/US/products/ps5729/Products_Sub_Category_Home.html
Unix/Linux: Netstat Command example. [Online]. Available: http://www.thegeekstuff.com/2010/03/netstat-command-examples/
Wattanapongsakorn N et al (2012) A practical network-based intrusion detection and prevention system. The 11th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications (TrustCom), 209–214
Weka library, Data Mining Software in Java. [Online]. Available: http://www.cs.waikato.ac.nz/ml/weka/
Acknowledgements
This work was supported by King Mongkut’s University ofTechnology Thonburi, National Research University Project of Thailand and Office ofthe Higher Education Commission. The authors would like to thank the following members of the network security and optimization group at CPE, KMUTT; P. Jongsuebsuk, E. Wonghirunsombat, T. Assawaniwed and V. Hanchana for their assistance in software programming and running some experiments.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wattanapongsakorn, N., Charnsripinyo, C. Web-based monitoring approach for network-based intrusion detection and prevention. Multimed Tools Appl 74, 6391–6411 (2015). https://doi.org/10.1007/s11042-014-2097-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-014-2097-9