“A Study on the System Architecture of Hybrid Intrusion Detection System” |
Intrusionsdetection systems (IDSs) are systems that try to detect attacks as they occuror after the attacks took place. IDSs collect network traffic information fromsome point on the network or computer system and then use this information tosecure the network. Intrusion detection systems can be misuse-detection oranomaly detection based. Misuse-detection based IDSs can only detect knownattacks whereas anomaly detection based IDSs can also detect new attacks byusing heuristic methods. In this paper we propose a hybrid IDS by combining thetwo approaches in one system. The hybrid IDS is obtained by combining packetheader anomaly detection (PHAD) and network traffic anomaly detection (NETAD)which are anomaly-based IDSs with the misuse-based IDS Snort which is anopen-source project.