Novel Algorithm For Intrusion Detection System

Abstract: Intrusion detection system is device or software applications that monitor network or system activities for malicious activities or policy violation. Two types of Intrusion detection systems are network based and host based. This paper is only discussed about network based intrusion system. Snort and Sax2 are network based intrusion detection system. These systems monitor the network and capture packets in promiscuous mode, analyze these packets and give report. Three methodologies are used for detect intrusion on the Network, signature based, anomaly based and stateful protocol analysis. This paper is based on the signature based intrusion detection system methodology. Intrusion can be possible on the header part or payload part .Different pattern matching algorithms are used for detection intrusion. Brute force and Knuth-Morris-Pratt are two single keyword pattern matching algorithms detect the payload part intrusion. String matching consists in finding one or more occurrences of a pattern in a text (input) if Pattern is present in the text send intrusion alarm. False alarm is very high in intrusion detection. I proposed a string matching algorithm to reduce false alarming percentage.

Keywords: Intrusion detection system (IDS), network behavior analysis system (NBAS), network based intrusion detection system (NIDS), TCP, UDP, intruders, attacks, signature, stateful, anomaly, false alarm.