Performance Evaluation of Signature Based and Anomaly Based Techniques for Intrusion Detection

Abstract

In the age of information technology everything is derived using information systems and allows us to communicate with each other. Internet acts as a medium to communicate among various devices from our wrist watch to our personal computers, TVs, refrigerators, etc. all are connected. But with all this luxury of comforts comes with the cost of security threats. Hence, it becomes very important to address issues related to security. We propose a hybrid intrusion detection system that is based on signature based and anomaly based Intrusion Detection System to address the need of today. While signature based approaches are designed to classify previously known attacks, anomaly detection learn traffic profiles and detect which network packets are normal traffic and which are not. With this ability, this technique helps to identify zero day attacks also. Our approach suggests the process from dataset preprocessing to model training and testing, this will provide proper guidance for building any type of Intrusion Detection System (IDS). Our proposed model achieves a accuracy of 99.67 % for signature based approach and 96.833 % for anomaly based approach on the CICIDS2017 dataset. Results show substantial scope for real world applications. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.