Web-based monitoring approach for network-based intrusion detection and prevention

There were many reports about incidents of network attacks and security treats. Damages caused by network attacks and malwares can be extremely expensive or unaffordable. In this paper, we present a web-based management system for network-based intrusion detection and prevention. Users can get access from any mobile devices to see current network status, if there is an incident of network attack in the network environment. Our intrusion detection and prevention systems (IDPS) can be applied with different well-known detection algorithms which are C4.5 Decision Tree, Random Forest, Ripple Rule, Bayesian Network, Back-Propagation Neural Network. These algorithms can give very high detection accuracy for known attacks, where the attack type was previously trained/ learnt by the system. However, when new or unfamiliar/unknown attacks are encountered, the algorithms do not perform well. So, we develop a new detection technique based on Fuzzy Genetic Algorithm (Fuzzy GA) to handle the problem. Our IDPS can work in real-time, where detection results will be reported within 2-3 s. The IDPS will automatically protect the network by dropping the malicious network packets or block the network ports that are abused by the attackers. In addition, the proposed IDPS can detect network attacks at different locations inside the network by using several client machines to capture data packets and then send information to the server in order to classify types of network attacks. The proposed IDPS also allows system administrator to update existing detection rule sets or learn new training datasets with a friendly graphic user interface. In our experiments, we can correctly detect and prevent network attacks with high accuracy, more than 97 %.