online intrusion detection system using c4.5 algorithm...

Internet

IDS and

director

Honeypot DB

Production system

Sensor andmonitor

Alerting anddirectorication

Detection andclassif

Analysis andlog module

FTP serverport (21, 20)

HTTP serverport (80)

DNS serverport (53)

Telnetport (23, 90, 40, 100)

Suspicious traf?c

Database forsave logs

Traffic Extract IP

Search list

Is IP exit in list?

Detection model

Database store

suspicious IP

Production system Honeypot system

United StatesCanadaChinaMauritiusUnited KingdomSpainGermanyFrance

Table 1: Number of connection to honeypot from specific countryCountry No. of IPsUnited States 651Canada 17China 10Mauritius 6United Kingdom 6Spain 4Germany 3France 2

Table 2: Ports with highest number of connectionsConnections Local honeypot port72 80152 1422168 43254 82471 1375920 781208 625587 5416416 4234968 1442

00.01% 0.01% 0.01% 0.00% 0.01%

5000 7400 9999 12498 24996

99.58% 99.56% 99.62% 99.54% 99.55%

00.00% 0.00% 0.00% 0.00% 0.00%

24995 37493 39992 42492 44991

99.75% 99.77% 99.77% 99.78% 99.79%

online intrusion detection system using c4.5 algorithm...

Documents

intrusion detection jie lin. outline introduction a frame...

intrusion detection

intrusion detection intrusion detection intrusion detection...

1. intrusion intrusion detection system intrusion...

statistical intrusion detection in modern...

intrusion detection • principles • models of intrusion...

intrusion detection and prevention...

intrusion detection

network intrusion detection system. network intrusion...

intrusion detection & intrusion prevention systems

09a intrusion detection sensors (2) - · pdf fileintrusion...

8. intrusion detection sensors - sandia.gov...8. intrusion...

intrusion detection · 2014-05-27 · intrusion detection...

intrusion detection -...

intrusion detection-

intrusion detection intrusion detection ––– 1.1 1.1...

comparison of intrusion detection systems/intrusion

an intrusion detection model based upon intrusion detection

z/os communications server integrated intrusion detection...

enhanced solutions for misuse network intrusion detection...