Background and Objective: Inspecting all packets to detect intrusions faces challenges when coping with a high volume of traffic.Packet-based detection processes every payload on the wire, which degrades performance intrusion-detection systems.This issue requires introduction flow-based IDS approach that reduces amount data be processed by examining aggregated information related in form flow.However, still suffers from generation false positive alerts due lack completed input.This study proposed model improve packet-based reduce rate combining compensate for their mutual shortcomings.This is named as conditional hybrid intrusion detection.Materials Methods: In this model, only malicious flows marked must further analyzed detection.For communicate detection, input framework was used.To evaluate methods, public datasets were replayed different traffic rates into both method default Bro implementations testbed controlled environment.Results: Experimental evaluation shows able infected hosts reported corresponding datasets.At 200 Mbps rate, can save 50.6% memory 18.1% CPU usage compared detection.Experiments demonstrated handle bandwidth up 100 without drop, while approach.Conclusion: showed gains significant improvement, term resource consumption packet drop implementation.The mitigate preserving accuracy.This considered skeleton applied or monitoring systems.

Load

Load