Call for Paper - July 2018 Edition
IJCA solicits original research papers for the July 2018 Edition. Last date of manuscript submission is June 20, 2018. Read More

A Hybrid Snort-Negative Selection Network Intrusion Detection Technique

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2016
Tarek M. Mahmoud, Abdelmgeid A. Ali, Hussein M. Elshafie

Tarek M Mahmoud, Abdelmgeid A Ali and Hussein M Elshafie. A Hybrid Snort-Negative Selection Network Intrusion Detection Technique. International Journal of Computer Applications 146(5):24-31, July 2016. BibTeX

	author = {Tarek M. Mahmoud and Abdelmgeid A. Ali and Hussein M. Elshafie},
	title = {A Hybrid Snort-Negative Selection Network Intrusion Detection Technique},
	journal = {International Journal of Computer Applications},
	issue_date = {July 2016},
	volume = {146},
	number = {5},
	month = {Jul},
	year = {2016},
	issn = {0975-8887},
	pages = {24-31},
	numpages = {8},
	url = {},
	doi = {10.5120/ijca2016910703},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}


Network Intrusion Detection Systems (NIDSs) are systems that monitor computer networks to detect, identify and prevent the malicious events, which attempt to compromise the integrity, confidentiality or availability of computer networks. The NIDS may be classified according to the detection technique into two types, the "Signature-Based" and "Anomaly-Based" NIDS. In order to increase the efficiency of the NIDS, a hybrid signature-anomaly NIDS based on both snort and negative selection algorithm is proposed. To evaluate the efficacy of the proposed system the 1999 DARPA data set is used. The experimental results show that the performance of the proposed system is more efficient than using snort on its own.


  1. Pandey, Aakanksha, and Nilay Khare. "String Matching Technique Based on Hardware: A Comparative Analysis." Advances in Computing and Information Technology. Springer Berlin Heidelberg, 2012. 339-347.‏
  2. Prabha, K., and S. Sukumaran. "Improved Single Keyword Pattern Matching Algorithm for Intrusion Detection System." International Journal of Computer Applications 90.9 (2014).‏
  3. Uddin, M., Rahman, A. A., Uddin, N., Memon, J., Alsaqour, R. A., & Kazi, S. (2013). Signature-based Multi-Layer Distributed Intrusion Detection System using Mobile Agents. IJ Network Security, 15(2), 97-105.‏
  4. Shen, J. and J. Wang. Network intrusion detection by artificial immune system. in IECON 2011-37th Annual
  5. Conference on IEEE Industrial Electronics Society. 2011. IEEE.
  6. Jinyin, C. and Y. Dongyong. A study of detector generation algorithms based on artificial immune in intrusion detection system. in Computer Research and Development (ICCRD), 2011 3rd International Conference on. 2011. IEEE.
  7. Aziz, A. S. A., Salama, M. A., Hassanien, A. E., & Hanafi, S. E. O. (2012, September). Detectors Generation using Genetic Algorithm for a Negative Selection Inspired Anomaly Network Intrusion Detection System. In FedCSIS (pp. 597-602).‏
  8. Zhou, Z., Zhongwen, C., Tiecheng, Z., & Xiaohui, G. (2010, May). The study on network intrusion detection system of Snort. In Networking and Digital Society (ICNDS), 2010 2nd International Conference on (Vol. 2, pp. 194-196). IEEE.‏
  9. Kumar, S. and R. Joshi. Design and implementation of IDS using Snort, Entropy and alert ranking system. in Signal Processing, Communication, Computing and Networking Technologies (ICSCCN), 2011 International Conference on. 2011. IEEE.
  10. Peng, Y. and H. Wang. Design and implementation of network instruction detection system based on snort and NTOP. in 2012 International Conference on Systems and Informatics (ICSAI2012). 2012.
  11. Hussein, S.M., F.H.M. Ali, and Z. Kasiran. Evaluation effectiveness of hybrid IDs using snort with naive Bayes to detect attacks. in Digital Information and Communication Technology and it's Applications (DICTAP), 2012 Second International Conference on. 2012. IEEE.
  12. Pastrana, S., Tapiador, J. E., Orfila, A., & Peris-Lopez, P. (2015). DEFIDNET: A framework for optimal allocation of cyberdefenses in Intrusion Detection Networks. Computer Networks, 80, 66-88.‏
  13. Balzarotti, D., Testing network intrusion detection systems. 2006, Politecnico di Milano.
  14. Kabiri, P. and A.A. Ghorbani, Research on Intrusion Detection and Response: A Survey. IJ Network Security, 2005. 1(2): p. 84-102.
  15. Rehman, R.U., Intrusion detection systems with Snort: advanced IDS techniques using Snort, Apache, MySQL, PHP, and ACID. 2003: Prentice Hall Professional.
  16. Chakraborty, Nilotpal. "Intrusion Detection System and Intrusion Prevention System: A Comparative Study." International Journal of Computing and Business Research (IJCBR) ISSN (Online) (2013): 2229-6166.‏
  17. Johnson, L., Security Controls Evaluation, Testing, and Assessment Handbook. 2015: Elsevier Inc.
  18. Skarfone, K. and P. Mell, Guide to intrusion detection and prevention systems. 2007, National Institute of Standards and Technology, available at: csrc. nist. gov/publications/nistpubs/800-94/SP800-94. pdf.
  19. Powers, Simon T., and Jun He. "A hybrid artificial immune system and Self Organising Map for network intrusion detection." Information Sciences 178.15 (2008): 3024-3042.‏
  20. Ma, L. and Y. Chen. An improved Algorithm of Generating Network Intrusion Detector. in 2nd International Conference on Electronic & Mechanical Engineering and Information Technology. 2012.
  21. Forrest, S., Perelson, A. S., Allen, L., & Cherukuri, R. (1994, May). Self-nonself discrimination in a computer. In null (p. 202). IEEE.‏
  22. Meghanathan, N., D. Nagamalai, and N. Chaki, Advances in Computing and Information Technology: Proceedings of the Second International Conference on Advances in Computing and Information Technology (ACITY) July 13-15, 2012, Chennai, India - Volume 1. 2012: Springer.
  23. Thomas, C., V. Sharma, and N. Balakrishnan, Usefulness of DARPA dataset for intrusion detection system evaluation, in Data Mining, Intrusion Detection, Information Assurance and Data Networks Security. 2008.


Signature Based, Anomaly Based, Snort, Negative Selection