Performance Evaluation of Network Intrusion Detection System for Detecting Zero-Day Attacks: SNORT-XSS Algorithm
DOI:
https://doi.org/10.18488/76.v9i2.3082Abstract
The main objective of Intrusion Detection and Prevention Systems is to provide a method of detecting and preventing malicious behaviors in a network system to minimize the harm caused by attackers. In this article, a survey of the techniques applied for the identification and classification of attacks based on KDD Cup’99 and DARPA data set is discussed, and from the open issues a new and a proficient method called SNORT-XSS algorithm is anticipated and implemented that can recognize and classify real time intrusions including zero day attacks. For this research, the SNORT open source tool developed by CISCO Systems was used to describe rules from the existing data collected from DARPA and KDD Cup’99 dataset. Fuzzy Reasoning system is applied to organize the rules into fuzzy sets that reduces true negative and false positive rate. The advantage of Feed Forward Neural Network with Back Propagation of Errors from Artificial Neuron Networks is considered for training, validating and testing the proposed system. The experimental results achieved by preprocessing anomalous behaviors in a network and the detection rate of zero-day attacks or novel attacks were very promising and were beyond expectations. The precision values of the proposed model were 98.93% and 98.89% respectively, and detection rate of Probe and DoS attacks were greater than 98%. The false positive and true negative rate is almost negligible. It was noticed that the best categorization was acquired at epoch numbers from 50 to 55 with a mean squared error of 0.004.