“Hybrid Intrusion Detection System and Its Architecture” |
Thehybrid IDS is obtained by combining packet header anomaly detection (PHAD) andnetwork traffic anomaly detection (NETAD) which are anomaly-based IDSs with themisuse-based IDS Snort which is an open-source project. Intrusions detectionsystems (IDSs) are systems that try to detect attacks as they occur or afterthe attacks took place. IDSs collect network traffic information from somepoint on the network or computer system and then use this information to securethe network. Intrusion detection systems can be misuse-detection or anomalydetection based. Misuse-detection based IDSs can only detect known attackswhereas anomaly detection based IDSs can also detect new attacks by usingheuristic methods. In this paper we propose a hybrid IDS by combining the twoapproaches in one system.