Modified Apriori Approach for Evade Network Intrusion Detection System (1411.6777v1)

Abstract: Intrusion Detection System or IDS is a software or hardware tool that repeatedly scans and monitors events that took place in a computer or a network. A set of rules are used by Signature based Network Intrusion Detection Systems or NIDS to detect hostile traffic in network segments or packets, which are so important in detecting malicious and anomalous behaviour over the network like known attacks that hackers look for new techniques to go unseen. Sometime, a single failure at any layer will cause the NIDS to miss that attack. To overcome this problem, a technique is used that will trigger a failure in that layer. Such technique is known as Evasive technique. An Evasion can be defined as any technique that modifies a visible attack into any other form in order to stay away from being detect. The proposed system is used for detecting attacks which are going on the network and also gives actual categorization of attacks. The proposed system has advantage of getting low false alarm rate and high detection rate. So that leads into decrease in complexity and overhead on the system. The paper presents the Evasion technique for customized apriori algorithm. The paper aims to make a new functional structure to evade NIDS. This framework can be used to audit NIDS. This framework shows that a proof of concept showing how to evade a self built NIDS considering two publicly available datasets.