ISSN 2249-6343 International Journal of Computer Technology and Electronics Engineering (IJCTEE) Volume 1, Issue 3 40 Abstract— Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Incidents have many causes, such as malware (e.g., worms, spyware), attackers gaining unauthorized access to systems from the Internet, and authorized users of systems who misuse their privileges or attempt to gain additional privileges for which they are not authorized. Intrusion detection faces a number of challenges; an intrusion detection system must reliably detect malicious activities in a network and must perform efficiently to cope with the large amount of network traffic. In this paper, we address these two issues of Accuracy and Efficiency using Conditional Random Fields for hybrid intrusion detection system. Index Terms— Anomalous activity, Conditional Random Fields, Signature. I. INTRODUCTION This paper is concerned with accurate and efficient hybrid intrusion detection system. In this paper we combine both the signature based system and anomaly based intrusion detection system. Here we address the two issues of Accuracy and Efficiency using Conditional Random Fields and Encrusted Approach for signature based system and acquiring volatile data once system is turn off For anomaly based system. We demonstrate that high attack detection accuracy can be achieved by using Conditional Random Fields and high efficiency by implementing the Encrusted Approach in signature based system. Intrusion detection is a necessary part of the management cycle. It is pert of knowing what is happening on your network, Intruders can cause harm to the general health of the network. The obvious reason for doing intrusion detection is to detect suspicious activity on your systems. Intrusion detection as defined by the SysAdmin, Audit, Networking, and Security (SANS) Institute is the art of detecting inappropriate, inaccurate, or anomalous activity [5]. Today, intrusion detection is one of the high priority and challenging tasks for network administrators and security professionals. More sophisticated security tools mean that the attackers come up with newer and more advanced penetration methods to defeat the installed security systems [6][7]. Thus, there is a need to safeguard the networks from known vulnerabilities and at the same time take steps to detect new and unseen, but possible, system abuses by developing more reliable and efficient intrusion detection systems. Any intrusion detection system has some inherent requirements. Its prime purpose is to detect as many attacks as possible with minimum number of false alarms, i.e., the system must be accurate in detecting attacks. However, an accurate system that cannot handle large amount of network traffic and is slow in decision making will not fulfill the purpose of an intrusion detection system. We design a system that detects most of the attacks, gives very few false alarms, copes with large amount of data, and is fast enough to make real-time decisions. With the rapid development of Internet, the problem becomes more and more serious that IDS has a low detecting speed and is less efficient in processing massive data streams. Therefore, by studying real-time detecting technology, we present a hybrid intrusion detection model using conditional random fields (CRF) [19], aiming at improving computational efficiency as well as detection accuracy. II. RELATED WORK A. History The field of intrusion detection and network security has been around since late 1980s after the influential paper from Anderson [8]. Since then, a number of methods and frameworks have been proposed and many systems have been built to detect intrusions. Various techniques such as association rules, clustering, naive Bayes classifier, support vector machines, genetic algorithms, artificial neural networks, and others have been applied to detect intrusions. B. Signature Based Systems Lee et al. introduced data mining approaches for detecting intrusions [12]. In data mining approaches for intrusion detection include association rules and frequent episodes, which are based on building classifiers by discovering relevant patterns of programmed user behavior. Association rules and frequent episodes are used to learn the record patterns that describe user behavior. These methods can deal with symbolic data, and the features can be defined in the form of packet and connection details. Hybrid Approach for Intrusion Detection Using Conditional Random Fields Sandip Ashok Shivarkar Mininath Raosaheb Bendre sandipshivarkar11@gmail.com mininath.bendre@gmail.com