Efficient Snort Rule Generation Using Evolutionary Computing for Network Intrusion Detection

Network intrusion detection (NIDS) tool has become an important tool in detecting malicious activities in a network. Snort is a free and open source network intrusion detection and prevention tool which is basically a rule driven system. Hence rule development for such NIDS tools becomes a sensitive task. Clustering techniques had been widely used to cluster the network traffic and to derive rule sets based on the resultant clusters. We propose a parallel clustering technique followed by usage of evolutionary computing comprising of genetic algorithm and Hill climbing to optimize the clusters formed. Rules are generated by analyzing each individual clusters formed. The proposed system was specifically developed with a view to generate rule set for Snort based IDS efficiently. The results show that careful selection of fitness function could improve the efficiency of rule set generated. The computing power offered by grid is used to accomplish the parallel computing task. Parallel computation requires cluster based resources which are offered by grid.