Network instrusion prevention system ( NIPS) based on network intrusion detection system (NIDS) and ID3 algorithm

摘要

Network security has gained significant attention in research and industrial communities.Due to the increasing threat of the network intrusion,firewalls have become important elements of the security policy.Firewall performance highly depends toward number of rules,because the large more rules the consequence makes downhill performance progressively.Firewall can be allow or deny access network packets incoming and outgoing into Local Area Network(LAN),but firewall can not detect intrusion.To distinguishing an intrusion network packet or normal is very difficult and takes a lot of time.An analyst must review all the network traffics previously.In this study,a new way to make the rules that can determine network packet is intrusion or normal automatically.These rules implemented into firewall as prevention,which if there is a network packet that match these rules then network packet will be dropped.This is called Network Intrusion Prevention System(NIPS).These rules are generated based on Network Intrusion Detection System(NIDS)and Iterative Dichotomiser 3 (ID3)Algorithm Decision Tree Classifier,which as data training is intrusion network packet and normal network packets from previous network traffics.The experiment is successful,which can generate the rules then implemented into a firewall and drop the intrusion network packet automatically.Moreover,this way can minimize number of rules in firewall.