Popis: |
Until recently, researchers have utilized and applied various techniques for intrusion detection system (IDS), including DNA encoding and clustering that are widely used for this purpose. In addition to the other two major techniques for detection are anomaly and misuse detection, where anomaly detection is done based on user behavior, while misuse detection is done based on known attacks signatures. However, both techniques have some drawbacks, such as a high false alarm rate. Therefore, hybrid IDS takes advantage of combining the strength of both techniques to overcome their limitations. In this paper, a hybrid IDS is proposed based on the DNA encoding and clustering method. The proposed DNA encoding is done based on the UNSW-NB15 database by dividing the record's attributes into four groups, including State, Protocol, Service, and the rest of the features is Digits. Four DNA characters were used to represent each protocol attribute values. While two DNA characters are used to represent State, Service and Digits attributes values. Then, the clustering method is applied to classify the records into two clusters, either attack or normal. The current experiment results showed that the proposed system has achieved a good detection rate and accuracy results equal to 81.22% and 82.05% respectively. Also, the system achieved fast encoding and clustering time that equal 0.385 seconds and 0.00325 seconds respectively for each record. |