An approach for Anomaly based Intrusion detection System using SNORT

We all know that today we are dependent on computer technologies in any manner. As the use of technology is increases, risk associated with computer technology is also increases. Network security is the big challenge among the researchers. People are working in the field of network security from 1987 when Dorothy Denning published an intrusion detection model [2]. But till now we did not get any perfect solution. There are so many network security tools available such as antivirus, firewall, etc. But they are not able to cover all security risks in the network [11]. The main work of intrusion detection system is to identify the intrusion in the network. And for that it collects important information from the network, process it and if identify attack then alert for the possible attack. This thesis focuses on analyzing the abnormal connection that has been detected by our Intrusion Detection System via Snort. IDS provide two primary benefits: Visibility and Control. It is the combination of these two benefits that makes it possible to create and enforce an enterprise security policy to make the private computer network secure. Visibility is the ability to see and understand the nature of the network and the traffic on the network while Control is the ability to affect network traffic including access to the network or parts thereof. There are two general approaches to detecting intrusions: anomaly detection (also called behaviour-based) and signature based (also named misuse or pattern based) [1]. Signature based techniques identify and store signature patterns of known intrusions, match activities in an information system with known patterns of intrusion signatures, and signal intrusions when there is a match. Pattern recognition techniques are efficient and accurate in detecting known intrusions, but cannot detect novel intrusions whose signature patterns are unknown. Anomaly detection techniques can detect both novel and known attacks if they demonstrate large differences from the norm profile. Since anomaly detection techniques signal all anomalies as intrusions, false alarms are expected when anomalies are caused by behavioural irregularity instead of intrusions. Hence, pattern recognition techniques and anomaly detection techniques are often used together to complement each other. In the research work, an Anomaly based IDS is designed and developed which is integrated with the open source signature based network IDS, called SNORT [2] to give best results.