InECCE2019 pp 591-603 | Cite as

Campus Hybrid Intrusion Detection System Using SNORT and C4.5 Algorithm

  • SlametEmail author
  • Izzeldin I. Mohamed
  • Fahmi Samsuri
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 632)


The rapid development of the internet greatly helps human work. However, the number of information system security incidents has risen sharply, so that in fact the sides of human life are threatened. Detection techniques against attacks on computer networks must be continuously developed so that integrity, availability, and confidentiality on a computer network become more secure. In general, intrusion detection systems currently use two detection methods, namely anomaly detection, and misuse detection, which both have their own deficiencies. In this paper, the authors built a Hybrid Intrusion Detecting System combines anomaly detection system with the misuse detection system. Snort is used as the basis of misused detection module and Algorithm C4.5 detector is used to construct an anomaly detection module. This system works by creating alerts built from an engine that reads the parameters in the attacker’s IP address. Webmin is used to simplify rule management. Whereas for analyzing logs (attack history), an ACID (Analysis Console for Intrusion Databases) is used. Attack and detection testing are carried out in the campus network of Institut Bisnis dan Informatika Stikom Surabaya. The system implementation uses a PC Router with the Ubuntu 18.04 Linux as the operating system. As a result of implementing this system: the signature of attacks as misuses detection module uses to detection the known attacks; unknown attacks can be detected by the anomaly detection module; signature of attacks that are detected by Anomaly Detection System module extracted by signature generation module, and maps the signatures into snort rules.


Intrusion detection Attack Snort C4.5 



The research is funded by University Malaysia Pahang, UMP Lab2Market Research Fund (UIC170901). This acknowledgment also goes to the Faculty of Electrical and Electronic Engineering for providing us with facilities to conduct this research.


  1. 1.
    Öğütçü G, Testik ÖM, Chouseinoglou O (2016) Analysis of personal information security behavior and awareness. Comput Secur 56:83–93 CrossRefGoogle Scholar
  2. 2.
    Huang L, Wang X (2016) On the construction of university campus culture under the network environment. In: 3rd international conference on education, management and computing technology (ICEMCT 2016)Google Scholar
  3. 3.
    Chun G, Ping Y, Liu N, Luo S-S (2016) A two-level hybrid approach for intrusion detection. Neuro Comput 214:391–400Google Scholar
  4. 4.
    Gisung K, Seungmin L, Sehun K (2014) A novel hybrid intrusion detection method integrating anomaly detection with misuse detection. Expert Syst Appl 41(4 Part 2):1690–1700Google Scholar
  5. 5.
    Peng J et al (2006) A hybrid intrusion detection and visualization system. In: Proceedings of the 13th annual IEEE international symposium and workshop on engineering of computer based systems, p 2Google Scholar
  6. 6.
    Peddabachigari S et al (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30(1):114–132CrossRefGoogle Scholar
  7. 7.
    Wang X, Kordas A, Hu L, Gaedke M, Smith D (2013) Administrative evaluation of intrusion detection system. In: Proceedings of the 2nd annual conference on research in information technology, RIIT’13. ACM, NY, USA, pp 47–52Google Scholar
  8. 8.
    Bulajoul W, James A, Pannu M (2013) Network intrusion detection systems in high-speed traffic in computer networks. In: 2013 IEEE 10th international conference on e-Business engineering (ICEBE), pp 168–175Google Scholar
  9. 9.
    Trabelsi Z, Zeidan S (2014) IDS performance enhancement technique based on dynamic traffic awareness histograms. In: IEEE international conference on communications (ICC), pp 975–980Google Scholar
  10. 10.
    Vishnu Balan E, Priyan MK, Gokulnath C, Usha Devi G (2015) Hybrid architecture with misuse and anomaly detection techniques for wireless networks. In: International conference on communications and signal processing (ICCSP)Google Scholar
  11. 11.
    Snapp SR, Brentano J, Dias G, Goan TL, Heberlein LT (2017) DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype. Scholar
  12. 12.
    Tuyikeze T, Pottas D (2010) An information security policy development life cycle. In: Proceedings of the South African information security multi-conference (SAISMC)Google Scholar
  13. 13.
    Kosamkar V, Chaudhari SS (2014) Improved intrusion detection system using C4.5 decision tree and support vector machine. Int J Comput Sci Info Technol 5(2):1463–1467Google Scholar
  14. 14.
    SnortTM Users Manual (2019) The Snort Project
  15. 15.
    Snort FAQ (2019) The Snort Project
  16. 16.
  17. 17.
    Wu S-Y, Yen E (2009) Data mining-based intrusion detectors. Expert Syst Appl 36(3):5605–5612CrossRefGoogle Scholar
  18. 18.
    Caulkins BD, Lee J, Wang M (2005) A dynamic data mining technique for intrusion detection systems. In: Proceedings of the 43rd annual southeast regional conference, vol 2, ACM, pp 148–153Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.Faculty of Technology and Information, Department of Information SystemsInstitut Bisnis and Informatika Stikom SurabayaSurabayaIndonesia
  2. 2.Faculty of Electrical and Electronic EngineeringUniversity Malaysia PahangKuantanMalaysia

Personalised recommendations