Article Preview
Top1. Introduction
The intrusion detection System (IDs) is defined as an indispensable player for protecting the system assets that are highly susceptible to attacks. The IDs can detect an aberrant action to access the assets of the system from networks and act according to the security measures provided in the security policy of the organization. The organization works in the context of security and It has also a variety of IDs to protect the network in multiple modes. (Almutairi, S., et al. 2020) analyzed that the existing IDs are inadequate for real-time protection which directs to the requirement of more research on IDs with the host and network-based data that is known as hybrid dynamic approaches for developing IDs. Numerous IDs are available for continuously analyzing and monitoring the information flowing through the network to detect malicious packets. The sequentially two database-based approaches to detect the intrusion are signature-based IDs and anomaly-based IDs.
The first database approach (Liu, H., & Lang, B. 2019) found that the Signature-based IDs attacks are identified based on a known pattern of data that analyzes attacks by analyzing the information flowing through the network and compared with existing information to detect the intrusion. The limitation of signature-based attacks is the elevated performance in the detection of attacks with less accuracy and a high false alarm rate. Hence, the signature-based IDs are unfit to detect the anonymous pattern of attacks and novel intrusions.
The second is the dominant profile-based approach (Min, E., et al. 2018) that learns detection based on the existing profile that enables the system to detect the novel attacks found to have deviated from the existed profile. The anomaly-based attack detection approach is optimized compared to the signature-based approach. The information technology with information security to bring together has become the essence of the industry to the safe and secure the networking of the organization. The discrete technique and policy-based approaches exist which is very complicated and inadequate in various contexts of security.
The objective of this paper is to propose and develop a hybrid intrusion detection system to handle series and non-series data by applying the two different concepts that are named clustering and autocorrelation function in a single architecture.
The numerous detection system is examined such as host-based intrusion detection system, network-based intrusion detection system and for a specific position based intrusion detection system. However, the authors found several limitations in them for making a safe and secure financial information system that gets the entry of only series information. There is a need to propose and build a system that can handle both types of data whether it is series or non-series. Therefore, the authors used two concepts to generate a robust approach to craft a hybrid intrusion detection system. The authors utilize an unsupervised clustering approach that is used to categorize the data based on domain similarity to handle non-series data and another approach is based on autocorrelation function to handle series data. The approach is consumed in single architecture where it carries data as input from both host-based intrusion detection systems and network-based intrusion detection systems. The framework with a hybrid approach of the IDs which is based on host and network analyzer.
The result shows that the hybrid intrusion detection system is categorizing data in two different domains which are known as normal and abnormal based on the optimal number of clusters obtained through the elbow method in clustering. The result is showing that the problem of inappropriate collection of data that doesn't traverse the absolute survey cycle is resolved by extraction of live streaming of data. The false alarm rate is increasing for time-series data which is mostly produced in the finance and health sectors. The number of benevolent traffic packets is becoming large with significant features. The small piece of packets that emerges from infected sources is providing limited information which is not sufficient to detect advanced attacks.
The intrusion detection system consists of the interaction of both host and network which are providing the benefits to the health information system in health sectors and finance information system in finance sectors which may be in a government organization or non-government organization by providing an approach of handling series and non-series data with an approach of clustering and autocorrelation function by fetching of real-time information from both host-based and network-based intrusion detection system.