With the rapid growth of the Internet, people's daily activities are closely tied to it. While technology brings convenience, it also leads to a significant increase in cybersecurity incidents. To effectively prevent malicious cyber-attacks, this paper presents an Integrated Network Intrusion Detection and Alarm System (Network-based Intrusion Detection and Alarm System) that combines Convolutional Neural Networks (CNN) and signature-based feature mechanisms. In this system, we employ the open-source software Snort as the foundation for a signature-based intrusion detection system. However, such feature-based detection techniques often struggle to identify attack packets due to the diversity of evolving attack methods. To address this limitation, we utilize Convolutional Neural Networks to train a network traffic classifier, enhancing Snort's capability to detect previously unknown attacks.
In typical scenarios, Snort performs well at detecting known attacks, whereas the CNN classifier excels at identifying unknown attacks. By integrating these two intrusion detection mechanisms based on different principles, we enhance network security. The two mechanisms are integrated and managed using the Elastic Stack (ELK) for log management. Experimental results using the benchmark CICIDS-2017 Dataset for training and testing demonstrate a predictive accuracy of 99.04% using the proposed research approach. Furthermore, we leverage the classifier's predictions to modify and add Snort rules, thereby increasing detection rates and reducing false positives. The experimental results substantiate that this paper's methodology enables the establishment of a more reliable intrusion detection system.