Intrusion Detection System Based on a Behavioral Approach

Abstract

Intrusion Detection System (IDS) can be defined as a group of tools, methods and resources that help us to predict or identify any unauthorized activity in a network. Current IDSs are mainly based on techniques constructed on heuristic rules, named signatures, in order to detect intrusions in a network environment. The drawbacks of these approach is that it could only detect a known attacks and referenced above. Contrastively, Intrusion Detection behavioral, or anomaly, assume that attacks causes an abnormal use of resources or manifest a strange behavior on the part of the user, by studying the behavior of the different types of network traffic it can identify the known and unknown attacks using the artificial learning algorithm. This study proposes a new behavioral approach of intrusion detection based on combination APSO (Accelerated Particle Swarm Optimization)-SVM (Support Vector Machine) to develop a model for IDS. The simulation results show a significant amelioration in performances, all tests were realized with the NSL-KDD data set. In comparison with other methods based on the same dataset, the proposed model shows a high detection performance.