International Journal of Computer Science Engineering and Information Technology Research (IJCSEITR) ISSN(P): 2249-6831; ISSN(E): 2249-7943 Vol. 3, Issue 5, Dec 2013, 171-176 © TJPRC Pvt. Ltd. AN EFFICIENT STRUCTURE TO FIND NEW EVASION TECHNIQUES ON NETWORK INTRUSION DETECTION SYSTEM RUTUJA R. PATIL 1 & P. R. DEVALE 2 1 Research Scholar, Department of Information Technology, Bharati Vidyapeeth Deemed, University College of Engineering, Pune, Maharashtra, India 2 Professor, Department of Information, Technology, Bharati Vidyapeeth Deemed, Pune, Maharashtra, India ABSTRACT These days, Signature based Network Intrusion Detection Systems (NIDS), which apply a set of rules to identify hostile traffic in network segments are quickly updated in order to prevent systems against new attacks. The objective of an attacker is to find out new evasion techniques to stay unseen. Unfortunately, majority of the existing techniques are based on the ambiguities of the network protocols. As a result of the emergence of the new evasion techniques, NIDS system may fail to give the correct results. The central idea of our paper is to develop a network based intrusion detection system based on Apriori algorithm and other approaches for attack detection and test the input thus produced by the Apriori algorithm with the well known snort intrusion detection system, once candidate sets for detecting different attacks are generated. These candidates in turn will be passed as inputs to the snort intrusion detection system for detecting different attacks. KEYWORDS: NIDS, Evasion, Apriori Algorithm, Adaboost Algorithm, Snort INTRODUCTION Information Technology systems have become a critical component in organizations that manage a huge personal and critical data. Guarding those systems from hostile actions should be the main goal when applying security measures. Intrusion Detection System (IDS) are becoming more and more widely deployed to supplement the security provided by firewalls. IDS function in the digital world much the same way as a burglar alarm does in the physical world. Like all alarms, IDS also have certain flaws that can be exploited by an attacker to get around the system. The conflict between the attackers and IDS developers is never ending. Attackers continually try to find new exploits to intrude a system, while system developers attempt to analyse and detect attacks. Intrusion Detection System To understand what is a network intrusion detection system one should first know what intrusion is. When a hacker tries to make way into your system, it is known as intrusion. An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. Intrusion Detection System can be classified in different ways. The major classifications are Network based (NIDS) and host based (HIDS) intrusion detection systems. Network Based Intrusion Detection System The word network is used for this system, because it keeps an eye on packets on a network wire and its main objective is to find out whether a cracker or a hacker is breaking into your system. It analyzes the traffic on your network to monitor signs of different malicious activity.