Generation of semantic relations for flow-based intrusion detection systems using contextual information

Any Intrusion Detection System (IDS) is considered reliable and efficient only if it can detect suspicious activities accurately with high speed. Because of the growth in internet usage and ever-increasing speed of the network connections, packet based IDSs perform inadequately due to the large amount of payload data that needs to be processed to detect malicious activities. This thesis focusses on design of a flow-based IDS which relies on statistical and temporal/location based connection data rather than payload of individual packets. As this data provided at flow level is limited, we have attempted to infuse contextual information to mitigate any false predictions. We have utilized Semantic Link Networks to achieve this infusion of contextual information in IDS on top of classification models. Metrics like Precision and Recall are used to evaluate the performance of the system. The evaluation showed us that usage of Contextual information considerably increases the effectiveness of a flow based IDS.