Chen Guanlin,Feng Yan,Wang Zebing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2010.10.014

2010-01-01

Abstract:Nowadays wireless intrusion prevention systems have become the research hotspot with the fast development of WLAN.In this paper,we first introduce the common attack methods for WLAN,and then present the framework of the wireless IPS with a distributed pre-decision engine,which can predict the future actions and direct active responses to these actions.We implement an improved model with extended detection rules for conducting intrusion plan and making pre-decision,by gathering wireless device information and importing supporting degree of intrusion plan in plan recognition.Experimental results showed that the distributed pre-decision engine can not only improve wireless intrusion detection and prevention performance,also reduce false negatives and false positives evidently.

Junchi Xing,Haifeng Zhou,Jinfan Shen,Kai Zhu,Yansong Wang,Chunming Wu,Wei Ruan

DOI: https://doi.org/10.1109/ICT.2018.8464855

2018-01-01

Abstract:Distributed Denial-of-Service (DDoS) attack has been a "nightmare" for cloud. A countermeasure is to establish an Intrusion Detection and Prevention System (IDPS) for cloud. Nevertheless, current IDPSes fail to achieve the detection and prevention in a flexible and lightweight way. In this paper, we propose a novel scheme of IDPS for overcoming the above problem, termed as Auto-scaling IDPS (AsIDPS). AsIDPS is based on Software-Defined Networking (SDN) and Docker container technologies. It first detects abnormal traffic based on the flow statistics collected in SDN switches in real-time. By the SDN controller, the abnormal traffic will be directed to the created Docker containers with Snort running on them for further detection and clean-up. Particularly, the Docker containers can be automatically scaled out or scaled down on demand. The Snort will also deliver an alert to the SDN controller if it detects attack traffic so as to perform a countermeasure if necessary. Benefitting from the flexible network management offered by SDN and the lightweight Docker container, AsIDPS is able to build a flexible and lightweight defense against DDoS attack in cloud. Based on our prototype implementation, we validate the effectiveness of AsIDPS in defending DDoS attack, and also verify its flexibility and lightweight.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

Baojun Zhang,Xuezeng Pan,Jiebing Wang

DOI: https://doi.org/10.1109/fskd.2007.348

2007-01-01

Abstract:The current network is complicated due to the high- throughput and the multiformity of actions. A hybrid intru- sion detection system (HIDSFCN) is proposed in this study to satisfy the current network. It combines the advantages of all kinds of IDS and put forwards our own solvents to those key problems in current research. Experiment results demonstrate that our HIDSFCN is of high performance and good practicability.

Keturahlee Coulibaly

DOI: https://doi.org/10.48550/arXiv.2004.08967

2020-04-20

Abstract:Cyber threats are increasing not only in their volume but also in their sophistication and difficulty to detect. Attacks have become a national/global threat as they have targeted private and public, as well as government sectors over the years. This is a growing issue and organisations are taking steps to reduce, detect and prevent threats. To do this they need to use systems that are equipped with the capabilities to do either of those steps and develop them for the type of networks they use, for instance wired or wireless. One of these systems are Intrusion Detection Systems (IDS), which can be used as the first defence mechanism or a secondary defence mechanism of a threat or an attack. There are different types of attacks that can occur in a network, such as Denial of service (DoS)/Distributed Denial of Service (DDoS), port scanning, malware or ransomware and so forth that IDSs have a capability of detecting. Assisting in the mitigation of such attacks, there are also Intrusion Prevention Systems (IPS) whose role has a different purpose than that of IDSs. Unlike IDSs they not only detect threats but prevent them from disrupting the network, IPSs can be used in conjunction with IDSs to double the defences. This paper provides an overview of IDS and their classifications and IPS. It will detail typical benefits and limitations to using IDSs, IPSs and the hybrids (such as Intrusions Detection Prevention Systems (IDPSs and more)) which will be discussed further. It will also outline developments in the making using ML and how it is used to improve these systems and the dilemmas they produce and possible ways to counter act them.

Cryptography and Security

Hassen Mohammed Alsafi,Wafaa Mustafa Abduallah,Al-Sakib Khan Pathan

DOI: https://doi.org/10.48550/arXiv.1203.3323

2012-03-15

Abstract:Today, many organizations are moving their computing services towards the Cloud. This makes their computer processing available much more conveniently to users. However, it also brings new security threats and challenges about safety and reliability. In fact, Cloud Computing is an attractive and cost-saving service for buyers as it provides accessibility and reliability options for users and scalable sales for providers. In spite of being attractive, Cloud feature poses various new security threats and challenges when it comes to deploying Intrusion Detection System (IDS) in Cloud environments. Most Intrusion Detection Systems (IDSs) are designed to handle specific types of attacks. It is evident that no single technique can guarantee protection against future attacks. Hence, there is a need for an integrated scheme which can provide robust protection against a complete spectrum of threats. On the other hand, there is great need for technology that enables the network and its hosts to defend themselves with some level of intelligence in order to accurately identify and block malicious traffic and activities. In this case, it is called Intrusion prevention system (IPS). Therefore, in this paper, we emphasize on recent implementations of IDS on Cloud Computing environments in terms of security and privacy. We propose an effective and efficient model termed as the Integrated Intrusion Detection and Prevention System (IDPS) which combines both IDS and IPS in a single mechanism. Our mechanism also integrates two techniques namely, Anomaly Detection (AD) and Signature Detection (SD) that can work in cooperation to detect various numbers of attacks and stop them through the capability of IPS.

Networking and Internet Architecture,Cryptography and Security

Amilia Anggraeni,Jafaruddin Gusti Amri Ginting,Syariful Ikhwan

DOI: https://doi.org/10.20895/infotel.v14i4.813

2022-11-01

JURNAL INFOTEL

Abstract:Computer networks are built to achieve the main goal of communicating with each other . During the transmission process, it is expected that information can be conveyed quickly, efficiently and safely. Network security serves to avoid damage or even data loss caused by attacker activities during the communication process. Security aspects that need to be maintained in data information are Confidentiality, Integrity and Availability. Intrusion Prevention System is a solution that can maintain network security from various attacks. The Intrusion Prevention System will act as a protector on the network by detecting and preventing suspicious traffic on nodes in a network. The Intrusion Prevention System in its implementation has several tools which are used in this study, namely Snort and IPTables. Testing is done by performing attacks on the Web Server. The attacks carried out are Port Scanning, DDoS attacks and Brute Force. The results of this study are based on the CIA Triad with the three attacks having different characteristics in terms of cause and effect. On the defense side, Port Scanning and Brute Force can be easily prevented by IPS, but in DDoS attacks there are differences in results between drop and reject rule. In a DDoS attack with an action drop rule, it can recover the web server in 160 seconds while the action reject rule can be restored at 145 seconds which normally can be recovered in a DDoS attack in 165 seconds. The IPS server can also reduce resources when there is a DDoS attack by 9.2% .

Navya Iyengar

DOI: https://doi.org/10.48550/arXiv.2007.11654

2020-07-22

Networking and Internet Architecture

Abstract:Cloud-based and network-based technology has witnessed an exponential rise in development. Adaptation of these latest technologies has opened flood gates for data breaches, an increase in sophistication of cyber threats, and, a multitude of new attack vectors. Numerous tools and solutions are currently available for detection of these threats. Network-based Intrusion Detection Systems is one of the most effective tools implemented to maintain confidentiality, integrity, and, availability of networks. While there are several open source tools in the offing, this paper evaluates two open-source NIDS Snort and Suricata, along with strategic placement of multi sensor IDS in a WAN environment, in combination with NIDS, for in time threat detection and protection of systems.

I. G Olasege,

DOI: https://doi.org/10.22624/aims/maths/v12n1p8

2024-03-01

Abstract:Intrusion detection systems (IDS) are an important security tool that protects networks by monitoring policy breaches and possible threat activities Over the years, IDS technology has advanced significantly to combat cybercrime a it goes forward. The purpose of this paper is to provide a comprehensive review of IDS technology, addressing implementation challenges, research limitations, and future directions. By exploring the various research sub-categories in IDS, readers will gain insight into industry needs and the importance of ongoing research efforts Keywords: Intrusion Detection System (IDS), Threat Detection, Attackers, Network Security, Cybersecurity Systems AIMS-MATHS JOURNAL REFERENCE FORMAT Olasegi, I.G. (2024 Closing Disparities in Intrusion Detection: An In-Depth Analysis of IDPS Systems. Journal of Advances in Mathematical & Computational Science. Vol. 12, No. 1. Pp 100-108. Available online at www.isteams.net/mathematics-computationaljournal. dx.doi.org/10.22624/AIMS/MATHS/V12N1P8

P. M. N. V. V. Sarveswara Gupta,B. Venkateswarlu,S. Karthikeya,Mohan Kumar Chandol,V. G. Sai Sumanth

DOI: https://doi.org/10.38124/ijisrt/ijisrt24jun2043

2024-07-20

Abstract:It is crucial to secure digital assets and networks against harmful activity in the linked world of today. Through the detection and mitigation of unauthorized access, malicious activity, and possible security threats, Intrusion Detection and Prevention Systems (IDPS) are essential to the protection of systems and networks. The development, approaches, technologies, difficulties, and future directions of intrusion detection and prevention systems are all covered in detail in this research paper. The study examines the advantages and disadvantages of several IDPS methodologies, such as hybrid, anomaly-based, and signature-based techniques. It also addresses how to improve the efficacy and efficiency of IDPS using cutting- edge methods like big data analytics, artificial intelligence, and machine learning. In addition, the study discusses and suggests possible solutions for the problems that IDPS faces, including false positives, evasion strategies, and scalability concerns. In order to assist academics, researchers, and practitioners with insights, it concludes by outlining future directions for study and development in the field of intrusion detection and prevention systems.

Saloni Anand,Kshitij Patne

DOI: https://doi.org/10.22214/ijraset.2022.44761

2022-06-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Intrusion Detection systems are now increasingly significant in network security. As the number of people using the internet grows, so does the chance of a cyberattack. People are adopting signature-based intrusion detection systems. Snort is a popular open-source signature-based intrusion detection system. It is widely utilised in the intrusion detection and prevention arena across the world. The aim of this research is to provide knowledge about intrusion detection systems, application vulnerabilities, and their prevention methods and to perform a comparison of the latest tools and mechanisms used to detect these threats and vulnerabilities.

Yash Sharma,Jyoti Chaudhary,Vimmi Malhotra

DOI: https://doi.org/10.48175/ijarsct-9492

2023-04-26

Abstract:Personal computers and computer networks have become increasingly vulnerable to numerous types of attacks since the introduction of the Internet. Information has evolved into a valuable asset that must be pro- tected from cyber-attacks. Privacy may be violated, and vital data may be destroyed as a result of the attack. Typically, the attacks are brought on by a failure to put security rules in place and to use easily available security tools Firewall, Intrusion Detection System, and Intrusion Prevention Systems are some of the security solutions that are accessible. Each tool comes with its own set of features. its characteristics, benefits, and drawbacks

K. Sundaramoorthy,K E Purushothaman,Jeba Sonia J,N Kanthimathi

DOI: https://doi.org/10.1016/j.cose.2024.104081

IF: 5.105

2024-09-01

Computers & Security

Abstract:The evolution of cloud computing has revolutionized how users access services, simplifying the development and deployment of applications across various industries. With its pervasive adoption, robust security measures become imperative. Integrating Intrusion Detection Systems (IDSs) into cloud computing and Wireless Sensor Networks (WSNs) addresses these challenges. IDSs serve as attentive protectors, monitoring network traffic and responding to breaches promptly, enhancing security across industries reliant on cloud services. Similarly, IDS integration in WSNs ensures the security of mission-critical operations, despite resource constraints and dynamic topologies, facilitated by cloud computing. This research proposes a hybrid IDS approach, leveraging the NSL-KDD dataset and methodologies like Intrusion Support Scalar Impact Rate (ISSIR), Optimized Support Vector Machine (OSVM), Extended Long-Short-Term Memory (ELSTM), and Multilayer Perceptron Neural Network (MLPNN), enhancing intrusion detection efficacy. ISSIR aids in feature selection, OSVM mitigates localization errors, ELSTM enables precise anomaly detection, and MLPNN provides robust defense mechanisms. Each method is integrated into a collaborative framework to address specific challenges in detecting intrusions with higher accuracy and reduced false positives. The interplay between these methodologies strengthens the overall intrusion detection framework, addressing the dynamic nature of cybersecurity threats. Results demonstrate the superior performance of MLPNN across various metrics, showcasing its effectiveness in accurately predicting outcomes compared to other models. The proposed MLPNN hybrid system achieves an accuracy of 99.9%, surpassing state-of-the-art methods. This study underscores the significance of advancing IDSs in cloud computing and WSNs, offering insights into enhancing security and mitigating vulnerabilities in an interconnected digital landscape.

computer science, information systems

Ruey-Maw Chen,Kuo-Ta Hsieh

DOI: https://doi.org/10.1002/dac.1289

2011-06-01

International Journal of Communication Systems

Abstract:Dependence on the Internet is increasing dramatically. Therefore, many researchers have given great attention to the issue of how to tighten Internet security. This study proposes a new scheme for the distributed intrusion prevention system (DIPS), in which the concept of ‘union’ is presented for satisfying the increasing requirements of Internet security issues. In this proposed design, the network intrusion detection system (NIDS) applies a misuse detection technique to detect well‐known intrusion behavior on the Internet. Meanwhile, for anomaly detection technique, a tool named ‘Scent’ (a network traffic sniffer) is combined with conditional legitimate probability to reveal previously undiscovered intrusion packets that do not match the intrusion signatures in NIDS. Moreover, blocking distributed denial‐of‐service (DDoS) attacks inside the protected allied network is also covered. To increase the detection accuracy, reduction of false positives and false negatives is also accomplished. Experimental results reveal that the suggested network security system scheme is effective and efficient in resolving the intrusion activity problem of real network environments. Copyright © 2011 John Wiley & Sons, Ltd. In this work, a new system scheme of the allied distributed intrusion prevention system was implemented to meet the increasing Internet security issues. A network intrusion detection system (NIDS) applies misuse detection technique to detect well‐known intrusion behaviors on the Internet. Meanwhile, for anomaly detection technique, a designed tool named ‘Scent’ (a network traffic sniffer) is combined with conditional legitimate probability to find out new intrusion packets that do not match the intrusion signatures in NIDS. Moreover, blocking distributed denial‐of‐service attacks inside the protected allied network is also designed. To increase the detection accuracy, reducing false positive and false negative are also accomplished.

telecommunications,engineering, electrical & electronic

Sarah Alharbi,Arshiya Khan

DOI: https://doi.org/10.1109/ITNAC59571.2023.10368510

2024-01-07

Abstract:Sophisticated cyber attacks present significant challenges for organizations in detecting and preventing such threats. To address this critical need for advanced defense mechanisms, we propose an Ensemble Defense System (EDS). An EDS is a cybersecurity framework aggregating multiple security tools designed to monitor and alert an organization during cyber attacks. The proposed EDS leverages a comprehensive range of Intrusion Detection System (IDS) capabilities by introducing a hybrid of signature-based IDS and anomaly-based IDS tools. It also incorporates Elasticsearch, an open-source Security Information and Event Management (SIEM) tool, to facilitate data analysis and interactive visualization of alerts generated from IDSs. The effectiveness of the EDS is evaluated through a payload from a bash script that executes various attacks, including port scanning, privilege escalation, and Denial-of-Service (DoS). The evaluation demonstrates the EDS's ability to detect diverse cyber attacks.

Cryptography and Security

Amir Javadpour,Pedro Pinto,Forough Ja’fari,Weizhe Zhang

DOI: https://doi.org/10.1007/s10586-022-03621-3

2022-05-23

Cluster Computing

Abstract:Cloud Internet of Things (CIoT) environments, as the essential basis for computing services, have been subject to abuses and cyber threats. The adversaries constantly search for vulnerable areas in such computing environments to impose their damages and create complex challenges. Hence, using intrusion detection and prevention systems (IDPSs) is almost mandatory for securing CIoT environments. However, the existing IDPSs in this area suffer from some limitations, such as incapability of detecting unknown attacks and being vulnerable to the single point of failure. In this paper, we propose a novel distributed multi-agent IDPS (DMAIDPS) that overcomes these limitations. The learning agents in DMAIDPS perform a six-step detection process to classify the network behavior as normal or under attack. We have tested the proposed DMAIDPS with the KDD Cup 99 and NSL-KDD datasets. The experimental results have been compared with other methods in the field based on Recall, Accuracy, and F-Score metrics. The proposed system has improved the Recall, Accuracy, and F-Scores metrics by an average of 16.81%, 16.05%, and 18.12%, respectively.

computer science, information systems, theory & methods

Asmaa Shaker Ashoor,Sharad Gore

DOI: https://doi.org/10.1007/978-3-642-22540-6_48

2011-01-01

Abstract:This paper discusses difference between Intrusion Detection system and intrusion Prevention System (IDS/IPS) technology in computer networks. The differences between deployment of these system in networks in which IDS are out of band in system, means it cannot sit within the network path but IPS are in-line in the system, means it can pass through in between the devices.IDS generates only alerts if anomaly traffic passes in network traffic, it would be false positive or false negative, means IDS detects only malicious activities but no action taken on those activities but IPS has feature of detection and prevention with auto or manual action taken on those detected malicious activities like drop or block or terminate the connections. Here IDS and IPS systems stability, performance and accuracy wise result are comparing in this paper.

Kashif Ishaq,Hafiz Ahsan Javed

2023-08-26

Abstract:The security trade confidentiality, integrity and availability are the main pillar of the information systems as every organization emphasize of the security. From last few decades, digital data is the main asset for every digital or non-digital organization. The proliferation of easily accessible attack software on the internet has lowered the barrier for individuals without hacking skills to engage in malicious activities. An Industrial organization operates a server that (Confluence) serves as a learning platform for newly hired employees or Management training officers, thereby making it vulnerable to potential attacks using readily available internet-based software. To mitigate this risk, it is essential to implement a security system capable of detecting and preventing attacks, as well as conducting investigations. This research project aims to develop a comprehensive security system that can detect attack attempts, initiate preventive measures, and carry out investigations by analyzing attack logs. The study adopted a survey methodology and spanned a period of four months, from March 1, 2023, to June 31, 2023. The outcome of this research is a robust security system that effectively identifies attack attempts, blocks the attacker's IP address, and employs network forensic techniques for investigation purposes. The findings indicate that deploying Snort in IPS mode on PfSense enables the detection of attacks targeting e-learning servers, triggering automatic preventive measures such as IP address blocking. The alerts generated by Snort facilitate investigative actions through network forensics, allowing for accurate reporting on the detrimental effects of the attacks.

Cryptography and Security

Shahid Anwar,Mohamad Fadli Zolkioli,Aws Naser Jabir,Jasni Muhamad Zain,Zakira Inayat,Julius Beneoluchi Odili,Mohamad Fadli Zolkipli

DOI: https://doi.org/10.1109/icsecs.2015.7333109

2015-08-01

Abstract:In past decades, we have seen that the increasing speed of the network attacks compromising computer system functionality and degrading network performance. The security of these systems has attracted a lot of research in the field of intrusion detection and response system to reduce the effect of these attacks. Response is a major part of intrusion detection system. Intrusion detection system without a timely response is not considered good even they detect threat and generate alarms. Optimum response is based on the selection of proper response option. In this paper, we categorize the attacks and propose some response option to thwart these attacks.

Xiao-ning KANG,Dong-xing JIANG,Cheng ZHANG,Qi-xin LIU,Lin ZHOU,Hai-yan WU

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.11.014

2005-01-01

Abstract:Network security is getting more important as the Internet evolves.Attacks like DoS,DDoS have become major attack methods on gigabit networks,not to mention the worms have used up network bandwidth.Traditional IDSes could not handle massive network data efficiently or block detected attacks in time.Focusing on those problems,this paper designed a distributed intrusion detection and blocking system which can run on high-speed networks efficiently,which is also known as IPS(Intrusion Prevention System).