Priya Reddy
Independent Researcher
India
Abstract
This manuscript investigates intrusion detection using signature‐based and anomaly‐based techniques, aligned strictly with technologies available up to 2015. We present a comprehensive study encompassing system architectures, algorithmic comparisons, statistical performance analysis, methodology for combined detection frameworks, and empirical results derived from dataset benchmarking. Our contributions include (1) a tabulated literature review summarizing prior work through 2015, (2) statistical analysis contrasting detection accuracy and false‐positive rates, (3) five clearly defined research objectives, and (4) an integrated methodology combining signature and anomaly detectors. Experimental evaluation on the KDD’99 and NSL‐KDD datasets demonstrates the efficacy of our hybrid approach, yielding an average detection accuracy of 96.3% and a false‐positive rate below 2.1%. Conclusions highlight the trade‐offs between detection speed and accuracy, and we outline future research directions for real‐time, adaptive intrusion detection within engineering contexts.
Keywords
intrusion detection, signature‐based, anomaly‐based, hybrid framework, KDD’99, NSL‐KDD
References
Denning, D. E. (1987). An intrusion‐detection model. IEEE Transactions on Software Engineering, SE-13(2), 222–232.
Lee, W., & Stolfo, S. J. (2000). A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security, 3(4), 227–261.
Mahoney, M. V., & Chan, P. K. (2003). Learning nonstationary models of normal network traffic for detecting novel attacks. In Proceedings of the Eighth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (pp. 376–385).
Mukkamala, S., Janoski, G., & Sung, A. H. (2004). Intrusion detection using neural networks and support vector machines. In Proceedings of the IEEE International Joint Conference on Neural Networks (Vol. 2, pp. 1702–1707).
Roesch, M. (1999). Snort: Lightweight intrusion detection for networks. In Proceedings of the 13th USENIX Conference on System Administration (LISA ’99) (pp. 229–238).
Roesch, M., & Green, C. (2004). Building a network intrusion detection system. In Information Security Technical Report, 9(4), 211–217.
Shyu, M. L., Chen, S. C., Sarinnapakorn, K., & Chang, L. (2003). A novel anomaly detection scheme based on principal component classifier. In Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop (pp. 172–179).
Tax, D. M. J., & Duin, R. P. W. (2004). Support vector data description. Machine Learning, 54(1), 45–66.
Tavallaee, M., Bagchi, R., Snapp, S., & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defense Applications
