Yawei Zhang,Xiaojun Ye,Feng Xie,Yong Peng

DOI: https://doi.org/10.1109/CIT.2009.69

2009-01-01

Abstract:Security mechanisms within DBMSs are far from effective to detect and prevent anomalous behavior of applications and intrusions from attackers. In fact, intrusions executed by unauthorized users to explore system vulnerabilities, and malicious database transactions executed by authorized users, both cannot be detected and prevented by typical security mechanisms. In this paper we proposed a database intrusion detection system architecture based on the database communication content detection mechanism. Implementation strategies for main components are detailed. Besides, we investigate several critical intrusion detection approaches used in the practice.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

胡敏,潘雪增,平玲娣

DOI: https://doi.org/10.3969/j.issn.1001-3695.2004.01.033

2004-01-01

Abstract:This paper focuses on issures related to deploying a data mining-based IDS (Intrusion Detection System) in a real time environment To overcome the limitations of traditional IDS, the corresponding solutions to accurracy, efficiency and usability is presented.These solutions impove efficiency of traditional DOS and maintain a desired accuracy level. This paper also proposed an architecture consisting of sensors, detectors, a data warehouse and model generation components. This architecture facilitates the sharing and storage of audit data and the distribution of new or updated models. Also, it improves the efficiency and scalability of the traditional IDS.

Yue Shen,Fei Yu,Ling-Fen Zhang,Ji-Yao An,Miao-Liang Zhu

DOI: https://doi.org/10.1109/CANET.2005.1598184

2005-01-01

Abstract:Intrusion detection is an efficient way to protect information system. This paper puts forward a new method of anomalous intrusion detection based on system call. It uses system calls regarded as input, and creates a FSA for the functions in the program. Then the FSA is used to detect the attack. Moreover, It can find the place of the vulnerability which exists in the program. This can help to alter the source program. Results are shown that this method is effective for some intrusion events.

Julie Greensmith,Uwe Aickelin,Jamie Twycross

DOI: https://doi.org/10.48550/arXiv.1002.0696

IF: 14.4

2010-02-03

Artificial Intelligence

Abstract:In recent years computer systems have become increasingly complex and consequently the challenge of protecting these systems has become increasingly difficult. Various techniques have been implemented to counteract the misuse of computer systems in the form of firewalls, anti-virus software and intrusion detection systems. The complexity of networks and dynamic nature of computer systems leaves current methods with significant room for improvement. Computer scientists have recently drawn inspiration from mechanisms found in biological systems and, in the context of computer security, have focused on the human immune system (HIS). The human immune system provides a high level of protection from constant attacks. By examining the precise mechanisms of the human immune system, it is hoped the paradigm will improve the performance of real intrusion detection systems. This paper presents an introduction to recent developments in the field of immunology. It discusses the incorporation of a novel immunological paradigm, Danger Theory, and how this concept is inspiring artificial immune systems (AIS). Applications within the context of computer security are outlined drawing direct reference to the underlying principles of Danger Theory and finally, the current state of intrusion detection systems is discussed and improvements suggested.

Uwe Aickelin,Julie Greensmith

DOI: https://doi.org/10.48550/arXiv.0802.4002

2008-02-27

Neural and Evolutionary Computing

Abstract:The immune system provides an ideal metaphor for anomaly detection in general and computer security in particular. Based on this idea, artificial immune systems have been used for a number of years for intrusion detection, unfortunately so far with little success. However, these previous systems were largely based on immunological theory from the 1970s and 1980s and over the last decade our understanding of immunological processes has vastly improved. In this paper we present two new immune inspired algorithms based on the latest immunological discoveries, such as the behaviour of Dendritic Cells. The resultant algorithms are applied to real world intrusion problems and show encouraging results. Overall, we believe there is a bright future for these next generation artificial immune algorithms.

Gianni Tedesco,Jamie Twycross,Uwe Aickelin

DOI: https://doi.org/10.1007/11823940_15

2010-01-01

Abstract:Network Intrusion Detection Systems (NIDS) monitor a network with the aim of discerning malicious from benign activity on that network. While a wide range of approaches have met varying levels of success, most IDS's rely on having access to a database of known attack signatures which are written by security experts. Nowadays, in order to solve problems with false positive alerts, correlation algorithms are used to add additional structure to sequences of IDS alerts. However, such techniques are of no help in discovering novel attacks or variations of known attacks, something the human immune system (HIS) is capable of doing in its own specialised domain. This paper presents a novel immune algorithm for application to an intrusion detection problem. The goal is to discover packets containing novel variations of attacks covered by an existing signature base.

Simon T. Powers,Jun He

DOI: https://doi.org/10.1016/j.ins.2007.11.028

2012-08-03

Abstract:Network intrusion detection is the problem of detecting unauthorised use of, or access to, computer systems over a network. Two broad approaches exist to tackle this problem: anomaly detection and misuse detection. An anomaly detection system is trained only on examples of normal connections, and thus has the potential to detect novel attacks. However, many anomaly detection systems simply report the anomalous activity, rather than analysing it further in order to report higher-level information that is of more use to a security officer. On the other hand, misuse detection systems recognise known attack patterns, thereby allowing them to provide more detailed information about an intrusion. However, such systems cannot detect novel attacks. A hybrid system is presented in this paper with the aim of combining the advantages of both approaches. Specifically, anomalous network connections are initially detected using an artificial immune system. Connections that are flagged as anomalous are then categorised using a Kohonen Self Organising Map, allowing higher-level information, in the form of cluster membership, to be extracted. Experimental results on the KDD 1999 Cup dataset show a low false positive rate and a detection and classification rate for Denial-of-Service and User-to-Root attacks that is higher than those in a sample of other works.

Neural and Evolutionary Computing,Cryptography and Security

Hongbin Han

2006-01-01

Abstract:Facing the fast developing Internet,the ability of traditional intrusion detection system becomes weaker.This paper focuses on introducing computer immunity and multi-agent technology into the traditional intrusion detection system to design a computer's immunity-based multi-agent intrusion detection system.Compared with the traditional system,this system is flexible,distributed,intelligent and so on.It can finish the intrusion detection and defence completely.

LI Fang-tao,ZHU Xiao-yan,MENG Li-rong

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.22.037

2006-01-01

Abstract:An integrated database security architecture is proposed.The encryption/authentication component,making use of cryp-tographic knowledge,not only makes the database integrity and confidentiality,but also have the function of detecting and correcting the single error.The single error correction tolerate the transfer's intrusion,and this enables the outer-level intrusion-tolerance.Inner intrusion-tolerant component provides an intrusion-tolerance based database security structure.The flexibility and the ability of protecting from attacks are improved.This system has the functions of not only intrusion-tolerance,but also encryption and authe-ntication.So it can apply to fields where the higher security level is needed.

HUANG Jun-cai,WANG Feng-bi,LUO Xun,SHE Kun,ZHOU Ming-tian

DOI: https://doi.org/10.3969/j.issn.1001-0548.2006.01.025

2006-01-01

Abstract:The feasibility of applying artificial immune theory in intrusion detection system is Analyzed, establishes a model combining artificial immune theory and data mining technique is estoblished. Based on the statistical theory, the amount of information that is lost by splitting a data stream into unordered strings can be estimated, and this estimate can be used to guide the choice of string length. Based on information-theory, a lower bound on the size of the detector set is derived. Detector Generating algorithm is described. The performance of Artificial Immune Intrusion Detection System (AIIDS) is better than the normal intrusion detection system based on knowledge engineering.

Liang Cai,Xiaohu Yang,Jinxiang Dong

2001-01-01

Abstract:We briefly introduce the special characteristics of database security in information warfare and related researches, then emphasis the importance of antagonizing, malicious DBMS in information warfare. This paper suggests a threat model for malicious DBMS by carefully analyzing the possible security threats by malicious DBMS, then a database security architecture capable of antagonizing the malicious DBMS is proposed based on this threat model and the special requirements of critical applications in China. It can greatly improve the critical application's capability to antagonize malicious DBMS by incorporating, self-controlled authentication, principal / object mapping, transparent attribute encryption / decryption, attribute / tuple level mandatory access control, and parallel structure of multiple DBMSs.

Sugata Sanyal,Manoj Rameshchandra Thakur

DOI: https://doi.org/10.48550/arXiv.1205.4457

2012-05-20

Cryptography and Security

Abstract:A number of works in the field of intrusion detection have been based on Artificial Immune System and Soft Computing. Artificial Immune System based approaches attempt to leverage the adaptability, error tolerance, self- monitoring and distributed nature of Human Immune Systems. Whereas Soft Computing based approaches are instrumental in developing fuzzy rule based systems for detecting intrusions. They are computationally intensive and apply machine learning (both supervised and unsupervised) techniques to detect intrusions in a given system. A combination of these two approaches could provide significant advantages for intrusion detection. In this paper we attempt to leverage the adaptability of Artificial Immune System and the computation intensive nature of Soft Computing to develop a system that can effectively detect intrusions in a given network.

梁文,曹先彬,张四海,王煦法

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.01.005

2005-01-01

Abstract:Immune network intrusion system is a new approach of anomaly detection and it detects relatively infinite foreign antigens using finite detectors. Cur rent work recognizes unknown antigens by traditional evolution methods but the e xperiment result is not satisfying. This paper points that particularity of NIDS requires many detectors rather than several best ones. Inspired by affinity mut ation mechanism in the biological immune system this paper proposes an immune re cognition method, in which polymorphism is introduced. Experiments results show that this model suits NID well and has excellent ability of recognizing unknown intrusion patterns.

Wenjian Luo,Xianbin Cao,Xufa Wang

DOI: https://doi.org/10.1007/3-540-45600-7_40

2001-01-01

Abstract:Current network intrusion detection systems are of low intelligence level and have the main deficiency as being unable to detect new intrusive behaviors of unknown signatures.The protection mechanism of natural immune system has brought us inspirations to design a novel network intrusion detection system. The research on modeling a NIDS with natural immune system just started, including the negative selection algorithm proposed by S. Forrest and the basic system model proposed by J. Kim. Based on their works, this paper proposed a novel system structure including affinity mutation, which was used to improve the performance of anomaly detection, and established an basic system based on artificial immunology. This paper stressed on the novel construction and testing experiments. Result of the experiments proved that the application of the protection mechanism of natural immune system to network intrusion detection system has an exciting perspective.

Chen Zhongmin,Wang Yu,Xu Baowen

DOI: https://doi.org/10.1109/wicom.2007.446

2007-01-01

Abstract:Mobile agent technology could be used to solve the problems on intrusion detection in network security area, while immune principle could supply reference to algorithm design of agent for detecting and analyzing data. In this paper, the detecting algorithm based on the immune principle, including the definition of problem domain, computation of affinity between the antibody and antigen,as well as between antibody, the generation of the detectors, has been elaborated. The algorithm of negative selection used in the agent has been improved The experimental result indicates that the algorithm is more adaptive than the original one.

Haipeng Yao,Qiyi Wang,Luyao Wang,Peiying Zhang,Maozhen Li,Yunjie Liu

DOI: https://doi.org/10.1007/s10766-017-0537-7

2017-01-01

International Journal of Parallel Programming

Abstract:With the dramatic opening-up of network, network security becomes a severe social problem with the rapid development of network technology. Intrusion Detection System (IDS) is an innovative and proactive network security technology, which becomes a hot topic in both industry and academia in recent years. There are four main characteristics of intrusion data that affect the performance of IDS including multicomponent, data imbalance, time-varying and unknown attacks. We propose a novel IDS framework called HMLD to address these issues, which is an exquisite designed framework based on Hybrid Multi-Level Data Mining. In this paper, we use KDDCUP99 dataset to evaluate the performance of HMLD. The experimental results show that HMLD can reach 96.70% accuracy which is nearly 1% higher than the recent proposed optimal algorithm SVM+ELM+Modified K-Means. In details, HMLD greatly increased the detection accuracy of DoS attacks and R2L attacks.

Jianping Zeng,Donghui Guo

2009-01-01

Abstract:Now days, difierent kinds of IDS systems are availablefor serving in the network distributed system, but thesesystems mainly concentrate on network-based and host-based detection. It is inconvenient to integrate these sys-tems into distributed application servers for application-based intrusion detection. An agent-based IDS that canbe smoothly integrated into the applications of enterpriseinformation systems is proposed in this paper and we dis-cuss the system architecture, agent structure, and integra-tion mechanism. Our IDS system consists of three kindsof agents, namely, client agent, server agent and commu-nication agent. This paper also explains how to integrateagents with an access control model for getting better se-curity performance. By introducing standard protocolssuch as KQML, IDMEF into the design of agent, ouragent-based IDS shows how to build more °exible soft-ware applications. Keywords: Agent-based, IDMEF, intrusion detection,KQML 1 Introduction Many application services, such as e-business, remote ed-ucation and Internet-based design, etc, are necessary tobe distributed over the Internet. However, because theInternet is an open society so that anyone can access theresource on it, then the application system may confrontwith all kinds of attacks or intrusions, such as Denial ofService (DoS), port scan, illegal intrusion by hacking userinformation, etc.Of all these security events, illegal intrusion is a moreserious issue. But standard security deployments such asflrewalls are limited in their efiectiveness because of sim-ple access control mode and also the intrusion methodsare evolving fast. Once an attacker has breached the flre-wall, he can roam at will through the network [13]. Thismakes intrusion detection system (IDS) very importantand necessary. Traditionally, there are two main classesof IDSs: host-based and network-based systems. A host-based IDS monitors the detailed activity of a particularhost, while network-based IDS monitors networks of com-puters and other devices such as, routers, gateways, andprimarily detects intrusion by sni–ng and analyzing datafrom network tra–c. Network and host-based IDSs, canbe further classifled based on two methods of detection[17]: anomaly detection and misuse detection.However, Masquerading attack is a typical intrusionand it can be a more serious threat to the security ofcomputer systems and the computational infrastructure[15]. By this kind of attacks, an assailant attempts toimpersonate a legitimate user after gaining access to thislegitimate user’s account. So, the assailant can fully un-derstand the information he gets. While by other kinds ofattacks, he just gets some segment of data or encrypteddata, which is much more di–cult to be understood. Awell-known instance of masquerader activity is about aFBI mode [15]. Since masquerading attack happens ex-actly at application layer, we call the methods to detectthis kind intrusion as application-based intrusion detec-tion. Application-based intrusion is more di–cult to bedetected and the detection program is usually unable toget satisfactory performance for the following reasons:1) Data about user action on system is much more di–-cult to be collected than network-based or host-baseddetection, because of the independency of applicationsystem.2) Application-based detection can degrade the perfor-mance of corresponding application system due tothe extra work that should be done in the process ofdata collection and analysis.3) A masquerader may happen to have similar behav-ioral patterns as the legitimate user, therefore it canescape detection and successfully cause damage un-der the cover of seemingly normal behavior [4].

Israr Ali,Syed Hasan Adil,Mansoor Ebrahim

DOI: https://doi.org/10.48550/arXiv.2009.13868

2020-09-29

Abstract:In this era of internet, E-Business and e-commerce applications are using Databases as their integral part. These Databases irrespective of the technology used are vulnerable to SQL injection attacks. These Attacks are considered very dangerous as well as very easy to use for attackers and intruders. In this paper, we are proposing a new approach to detect intrusion from attackers by using SQL injection. The main idea of our proposed solution is to create trusted user profiles fetched from the Queries submitted by authorized users by using association rules. After that we will use a hybrid (anomaly + misuse) detection model which will depend on data mining techniques to detect queries that deviates from our normal behavior profile. The normal behavior profile will be created in XML format. In this way we can minimize false positive alarms.

Cryptography and Security

Cai Ming Liu,Yan Zhang,Zhihui Hu,Chunming Xie

DOI: https://doi.org/10.32604/cmc.2023.045282

2024-01-01

Abstract:Artificial immune detection can be used to detect network intrusions in an adaptive approach and proper matching methods can improve the accuracy of immune detection methods. This paper proposes an artificial immune detection model for network intrusion data based on a quantitative matching method. The proposed model defines the detection process by using network data and decimal values to express features and artificial immune mechanisms are simulated to define immune elements. Then, to improve the accuracy of similarity calculation, a quantitative matching method is proposed. The model uses mathematical methods to train and evolve immune elements, increasing the diversity of immune recognition and allowing for the successful detection of unknown intrusions. The proposed model’s objective is to accurately identify known intrusions and expand the identification of unknown intrusions through signature detection and immune detection, overcoming the disadvantages of traditional methods. The experiment results show that the proposed model can detect intrusions effectively. It has a detection rate of more than 99.6% on average and a false alarm rate of 0.0264%. It outperforms existing immune intrusion detection methods in terms of comprehensive detection performance.

computer science, information systems,materials science, multidisciplinary