This paper is discussed about an intrusion detection system which helps to detect malicious activities in a network. By using Conditional Random Fields and Layered Approach, there will be issues with ‘Accuracy’ and ‘Efficiency’ and these two issues are addressed in this paper. Conditional Random Fields helps to achieve high attack detection accuracy and Layered Approach helps to achieve high efficiency.
Conditional random fields – Intrusion detection:
Conditional models do not create any unwarranted assumptions on the observations and also helps to model rich overlapping features. As Conditional random fields do not create any unwarranted assumptions on the observations, there are no problems in machine learning, natural language processing, and bioinformatics. In order to balance the trade-off, we can use CRFs for accurate results in attack detection but it is expensive.
Layered approach – Intrusion detection:
Layer-based Intrusion Detection System represents a ordered Layered Approach. Availability, confidentiality, and integrity of data, services over a network can be ensured by this approach. The time required for computation and to detect anomalous events will be reduced by using the layered model. This model helps to remove the communication overhead among different layers and in turn reduces the time to detect a significant intrusive event. This model also helps to improve system operation speed. During testing and training of the system the performance will be improved significantly.
The advantage of used layered approach is increasing system efficiency but its affects the accuracy severely. In order to balance the trade-off, we can use Layered Approach to improve overall system performance
Integrating layered approach with conditional random fields:
CRFs will be helpful in improving the attack detection accuracy and Layered approach helps to improve the overall system efficiency. Hence, there is a need to integrate both to build a single system that is efficient in operation and accurate in detecting attacks.
Conclusions:
Intrusion detection is one of the challenging tasks to security professionals and network administrators. In order to protect the networks from various vulnerabilities there is a need of developing efficient intrusion detection system. An intrusion detection system can be effective only if it can handle huge amount of network traffic and fast in decision making during attacks.