Intelligent Intrusion Detection System Snort and SVM

Abstract

Despite significant advances in IT security, current solutions fail to guarantee protection against malicious threats, often consisting of subtle and potentially damaging variants. To counter these risks, it remains essential to adopt robust security policies and devices such as firewalls and intrusion detection systems. However, these systems have their drawbacks, not least the propensity to generate false positives, leading to erroneous alerts and compromising the overall effectiveness of the security system. Faced with these challenges, an innovative approach was adopted, making use of machine learning, in particular support vector machines (SVM) written in Python programming language, in conjunction with the Snort IDS. This approach exploits the Snort IDS traffic training dataset, identifying attacks such as denial of service using alarm-generating rules. The data is then converted to a usable format and used as input for the machine learning model. This model separates the data into training and test sets in order to evaluate performance, using metrics such as F1 score, precision and recall. The results of this study demonstrate exceptional performance, with a precision rate of 99%, a true positive rate of 162, a false positive rate of 1, a true negative rate of 160 and a false negative rate of zero. These results highlight the robustness of the proposed approach, positioning it favorably in relation compared to other intrusion detection techniques.