IMPLEMENTATION OF FIREWALL RULES FOR INTRUSION DETECTION SYSTEM

Abstract

Network security plays a pivotal role in safeguarding sensitive data from unauthorized access and malicious activities. This work addresses the challenge by proposing a Selected Features Based Intrusion Detection System (SFBIDS) that apply a firewall with an Intrusion Detection System (IDS). In the system, the firewall is a crucial part of network security and it applies especially in used software-based open source firewall that minimizes complication, time, often adaptable in their configuration, and mostly in cost. The filtering rules themselves might cause a security hole due to the complex nature of their configuration and the order of rules. If there are many firewall filtering rules, many policy anomalies can be caused in the desired network. In the SFBIDS system, twenty-seven firewall rules are manually created in the software-based firewall. An IDS typically operates using one of two primary methods: signature-based detection and anomaly-based detection. In the system employing a signature-based detection method, the approach focuses on identifying known threats by comparing network traffic or files against a database of known signatures. The SFBIDS is evaluated through the generation of a dataset comprising typical network traffic, as well as simulated Denial-of-Service (DoS) attacks and PortScan attacks. Feature selection is a critical component of intrusion detection systems, influencing their effectiveness in detecting malicious activities while minimizing false alarms. It presents a detailed analysis of two feature selection methods: Correlation-Based Feature Subset (CBFS) and Gain Ratio Feature Selection (GRFS), focusing on their efficacy in selecting the most relevant attributes for intrusion detection. Effective feature selection is critical for enhancing the performance of intrusion detection systems. The SFBIDS compare its performance with the widely used CICIDS 2017 dataset. The results demonstrate that by excluding flag features, the performance of intrusion detection algorithms improves significantly. It uses a technique for determining the minimum boundary value in the Correlation Attribute (CA) method by computing the average value from two datasets. It conducts a comparative analysis of attribute reduction in both the SFBIDS dataset and the CICIDS 2017. The SFBIDS system goal is to enhance the adequacy of performance by identifying and eliminating redundant attributes.