Na Xing,Shuai Zhao,Yuehai Wang,Keqing Ning,Xiufeng Liu

DOI: https://doi.org/10.14569/ijacsa.2023.0140743

2023-01-01

Abstract:recent years, deep learning-based network intrusion detection systems (IDS) have shown impressive results in detecting attacks. However, most existing IDS can only recognize known attacks that were included in their training data. When faced with unknown attacks, these systems are often unable to take appropriate actions and incorrectly classify them into known categories, leading to reduced detection performance. Furthermore, as the number and types of network attacks continue to increase, it becomes challenging for these IDS to update their model parameters promptly and adapt to new attack scenarios. To address these issues, this paper introduces a dynamic intrusion detection system, Dynamic Unknown Attack Intrusion Detection System (DUA-IDS). This system aims to learn and detect unknown attacks effectively. DUA-IDS comprises three components: Feature Extractor: This component employs CNN and Transformer models to extract data features from various perspectives. Threshold-Based Classifier: The second part utilizes the nearest mean rule of samples to classify known and unknown attacks, enabling the distinction between them. Dynamic Learning Module: The third part incorporates data playback and knowledge distillation techniques to retain existing category knowledge while continuously learning new attack categories. To assess the effectiveness of DUA-IDS, this paper conducted experiments using the UNSW-NB15 public dataset. The experimental results show that DUA-IDS improves the classification accuracy of flow network data with unknown traffic attacks. Can accurately distinguish unknown traffic and correctly classify known traffic. When dynamically learning unknown traffic, the classification accuracy of previously learned known traffic is less affected. This indicates the advantages of DUA-IDS in detecting unknown attacks and learning new attack categories.

Abdullah H Alqahtani

2024-04-01

Abstract:Network attacks have became increasingly more sophisticated and stealthy due to the advances in technologies and the growing sophistication of attackers. Advanced Persistent Threats (APTs) are a type of attack that implement a wide range of strategies to evade detection and be under the defence radar. Software Defined Network (SDN) is a network paradigm that implements dynamic configuration by separating the control plane from the network plane. This approach improves security aspects by facilitating the employment of network intrusion detection systems. Implementing Machine Learning (ML) techniques in Intrusion Detection Systems (IDSs) is widely used to detect such attacks but has a challenge when the data distribution changes. Concept drift is a term that describes the change in the relationship between the input data and the target value (label or class). The model is expected to degrade as certain forms of change occur. In this paper, the primary form of change will be in user behaviour (particularly changes in attacker behaviour). It is essential for a model to adapt itself to deviations in data distribution. SDN can help in monitoring changes in data distribution. This paper discusses changes in stealth attacker behaviour. The work described here investigates various concept drift detection algorithms. An incremental hybrid adaptive Network Intrusion Detection System (NIDS) is proposed to tackle the issue of concept drift in SDN. It can detect known and unknown attacks. The model is evaluated over different datasets showing promising results.

Cryptography and Security,Artificial Intelligence

Cynthia Anthony,Walid Elgenaidi,Muzaffar Rao

DOI: https://doi.org/10.3390/electronics13050809

IF: 2.9

2024-02-20

Electronics

Abstract:This research work highlights significant achievements in the domain of intrusion detection systems (IDSs) for autonomous vehicles, which are crucial in enhancing their safety, reliability, and cybersecurity. This study introduces an approach that leverages non-tree-based machine learning algorithms, such as K-nearest neighbors and ensemble learning, to develop an IDS tailored for autonomous vehicles. These algorithms were employed because of their ability to process complex and large datasets with less likeliness for overfitting, their scalability, and their ability to adapt to changing conditions in real time. These algorithms effectively handle imbalanced data, enhancing the detection accuracy of both normal and intrusive instances. The IDS's performance was validated through the utilization of three real-world datasets, CAN intrusion, CICIDS2017, and NSL-KDD, where the proposed non-tree-based IDS (NTB-MTH-IDS) was measured with the standard measurement metrics: accuracy, precision, F1-score, and recall, including specificity and sensitivity. Notably, the results indicate that K-nearest neighbors and stacking, as part of NTB-MTH-IDS, has an accuracy of 99.00%, 98.57%, and 97.57%, and F1-scores of 99.00%, 98.79%, and 97.54% in the CICIDS2017, NSL-KDD, and CAN datasets, respectively. The results of this research can lead to establishing a robust intrusion detection framework, thereby ensuring the safety and reliability of autonomous vehicles. Through this achievement, road users, passengers, and pedestrians are safeguarded against the consequences of potential cyber threats.

engineering, electrical & electronic,computer science, information systems,physics, applied

Zhang Zhao,Zhang Yong,Guo Da,Song Mei

DOI: https://doi.org/10.1007/s13042-020-01264-7

2021-01-01

International Journal of Machine Learning and Cybernetics

Abstract:Network intrusion detection systems (IDSs) based on deep learning have reached fairly accurate attack detection rates. But these deep learning approaches usually have been performed in a closed-set protocol that only known classes appear in training are considered during classification, the existing IDSs will fail to detect the unknown attacks and misclassify them as the training known classes, hence are not scalable. Furthermore, these IDSs are not efficient for updating the deep detection model once new attacks are discovered. To address those problems, we propose a scalable IDS towards detecting, discovering, and learning unknown attacks, it has three components. Firstly, we propose the open-set classification network (OCN) to detect unknown attacks, OCN based on the convolutional neural network adopts the nearest class mean (NCM) classifier, two new loss are designed to jointly optimize it, including Fisher loss and maximum mean discrepancy (MMD) loss. Subsequently, the semantic embedding clustering method is proposed to discover the hidden unknown attacks from all unknown instances detected by OCN. Then we propose the incremental nearest cluster centroid (INCC) method for learning the discovered unknown attacks through updating the NCM classifier. Extensive experiments on KDDCUP'99 dataset and CICIDS2017 dataset indicate that our OCN outperforms the state-of-the-art comparison methods in detecting multiple types of unknown attacks. Our experiments also verify the feasibility of the semantic embedding clustering method and INCC in discovering and learning unknown attacks.

Aboul Ella Hassanien,Tai-Hoon Kim,Janusz Kacprzyk,Ali Ismail Awad

DOI: https://doi.org/10.1007/978-3-662-43616-5_9

2014-01-01

Abstract:Almost daily we hear news about a security breach somewhere, as hackers are constantly finding new ways to get around even the most complex firewalls and security systems. This turned the security into one of the top research areas. Artificial Immune Systems are techniques inspired by biological immune system-specifically the human immune system-which basic function is to protect the body (system) and defend against attacks of different types. For this reason, many have applied the artificial immune system in the field of network security and intrusion detection. In this chapter, a basic model of a multi-layer system is discussed, along with the basics of artificial immune systems and network intrusion detection. An actual experiment is included, which involved a layer for data preprocessing and feature selection (using Principal Component Analysis), a layer for detectors generation and anomaly detection (Using Genetic Algorithm with Negative Selection Approach), and finally a layer for detected anomalies classification (using decision tree classifiers). The principle interest of this work is to benchmark the performance of the proposed multi-layer IDS system by using NSL-KDD benchmark data set used by IDS researchers. The obtained results of the anomaly detection layer shows that up to 81% of the attacks were successfully detected as attacks. The results of the classification layer demonstrated that naive bayes classifier has better classification accuracy in the case of lower presented attacks such as U2R and R2L, while the J48 decision tree classifier gives high accuracy up to 82% for DoS attacks and 65.4% for probe attacks in the anomaly traffic.

Yuhang Wang,Yingxu Lai,Ye Chen,Jingwen Wei,Zhaoyi Zhang

DOI: https://doi.org/10.1007/s00521-023-08233-5

2023-04-25

Neural Computing and Applications

Abstract:Controller area networks (CANs) are the de-facto standard for in-vehicle networks and enable real-time data communication between the electronic control units in a vehicle. However, owing to inadequate security mechanisms, CANs are vulnerable to cyberattacks. The sophistication of these attacks evolves constantly and new types of attacks emerge over time. Most existing intrusion detection systems (IDSs) can handle known attacks, but their ability to detect unknown attacks requires urgent improvements. Although IDSs can be updated via the Internet of Vehicles cloud to improve their detection performance, an unacceptable amount of time is required to collect enough labeled data and the updates are slow. Considering these problems, we propose a transfer learning-based self-learning IDS (TLSIDS) for CANs. The proposed TLSIDS uses a cascade detection approach that is capable of detecting both known and unknown attacks with high performance, and the self-learning function can solve the problem of slow updates, thus improving the speed and performance of the TLSIDS in detecting unknown attacks. The TLSIDS consists of four modules, namely the basic detection module (BDM), the advanced detection module (ADM), the unknown attacks classification module (UACM), and the self-learning module (SLM). The efficacy of the TLSIDS was evaluated using a public dataset provided by the Hacking and Countermeasure Research Lab (HCRL). The results revealed that our proposed TLSIDS has effectiveness and robustness in distinct scenarios.

computer science, artificial intelligence

Dule Shu,Nandi O. Leslie,Charles A. Kamhoua,Conrad S. Tucker

DOI: https://doi.org/10.1145/3395352.3402618

2020-07-13

Abstract:Intrusion Detection Systems (IDS) are increasingly adopting machine learning (ML)-based approaches to detect threats in computer networks due to their ability to learn underlying threat patterns/features. However, ML-based models are susceptible to adversarial attacks, attacks wherein slight perturbations of the input features, cause misclassifications. We propose a method that uses active learning and generative adversarial networks to evaluate the threat of adversarial attacks on ML-based IDS. Existing adversarial attack methods require a large amount of training data or assume knowledge of the IDS model itself (e.g., loss function), which may not be possible in real-world settings. Our method overcomes these limitations by demonstrating the ability to compromise an IDS using limited training data and assuming no prior knowledge of the IDS model other than its binary classification (i.e., benign or malicious). Experimental results demonstrate the ability of our proposed model to achieve a 98.86% success rate in bypassing the IDS model using only 25 labeled data points during model training. The knowledge gained by compromising the ML-based IDS, can be integrated into the IDS in order to enhance its robustness against similar ML-based adversarial attacks.

Amjad Amjad,Nizar Alhafez,Iyad Al Al-khayat,,,

DOI: https://doi.org/10.54216/jisiot.120110

2024-01-01

Journal of Intelligent Systems and Internet of Things

Abstract:In the realm of cybersecurity, the incessant evolution of network attacks necessitates advanced and robust intrusion detection systems (IDS). The major issues with these systems are numerous: false positivenegative alarms, delayed response and detection time, size of processed data, adaptability to future threats, scalability of the system, difficulty in detecting distributed attacks, and downtime (fault tolerance). We propose a system that introduces a distributed framework aimed at enhancing network security by effectively identifying subtle deviations from normal network behavior. This is achieved through transfer learning based on artificial neural networks, and support vector machine (SVM), capitalizing on their complementary strengths in recognizing complex patterns and addressing high-dimensional datasets. To validate the efficacy of the proposed approach, the NSL-KDD dataset is utilized within a distributed IDS architecture. It consists of several intrusion detection nodes representing subnetworks. A node consists of two agents that work collaboratively. A way is proposed to avoid interference between analysis agents: the network agents manager monitors the functioning of the nodes and displays the results of each vulnerability-detecting node in each subnet separately. Such communication between agents should reduce FPAS (false positive alarms) significantly. The Detection engine extracts relevant features of network attacks to solve the problem of SVM in processing huge sizes of data and detect adaptive future threats to detect famous distributed denial of services (DDOS) attacks in real-time. The system is highly scalable by increasing the number of intrusion detection system nodes if necessary. Central processing is avoided to circumvent a system failure situation, where processing and decision-making take place at the detection node level within each subnet.

Christos Constantinides,Stavros Shiaeles,Bogdan Ghita,Nicholas Kolokotronis

DOI: https://doi.org/10.1109/NTMS.2019.8763842

2021-09-20

Abstract:Attack vectors are continuously evolving in order to evade Intrusion Detection systems. Internet of Things (IoT) environments, while beneficial for the IT ecosystem, suffer from inherent hardware limitations, which restrict their ability to implement comprehensive security measures and increase their exposure to vulnerability attacks. This paper proposes a novel Network Intrusion Prevention System that utilises a SelfOrganizing Incremental Neural Network along with a Support Vector Machine. Due to its structure, the proposed system provides a security solution that does not rely on signatures or rules and is capable to mitigate known and unknown attacks in real-time with high accuracy. Based on our experimental results with the NSL KDD dataset, the proposed framework can achieve on-line updated incremental learning, making it suitable for efficient and scalable industrial applications.

Cryptography and Security,Artificial Intelligence

Yuxin Zhao,Zixiang Bi,Guosheng Xu,Chenyu Wang,Guoai Xu

DOI: https://doi.org/10.1109/lcn58197.2023.10223397

2023-01-01

Abstract:The rapid development of Internet of Vehicles technology has led to the continuous upgrading of the functions of connected vehicles. While connected vehicles bring convenience to people’s life, there are also many security threats. Connected vehicles not only have intra-vehicle networks communication, but also communicate with the external network. The diversity of communication methods makes the attack surface wider, and some new attacks are constantly emerging. In order to ensure vehicle security, This paper focuses on the attacks that are vulnerable to vehicles, and proposes an incremental intrusion detection system, which can not only detect attacks, but also incrementally learn new types of attacks. Experimental results illustrate that the proposed system can incrementally learn new attacks and avoid catastrophic forgetting problems, and can detect various types of known attacks with 99.99% accuracy on the Car-Hacking Dataset and 99.37% accuracy on the CICIDS2017.

Dong Jin,Shuangwu Chen,Huasen He,Xiaofeng Jiang,Siyu Cheng,Jian Yang

DOI: https://doi.org/10.1109/mnet.018.2200349

IF: 10.294

2023-01-01

IEEE Network

Abstract:Smart community networks bring great comfort and convenience for people, but also increase security risks of exposing system vulnerabilities and private data to network intruders. This problem has become more prominent as the ever-increasing zero-day attacks which may escape the existing intrusion detection system (IDS) through unknown vulnerabilities. In this article, to keep up with the continuous change of attacks, we conceive an evolvable IDS (EIDS), where the detection model is incrementally updated to turn newfound “unknown” attacks into “known” attacks. In order to discover zero-day attacks, we develop an open-set intrusion detection model based on discriminative auto-encoder. Since the geographically dispersed detectors may suffer from different attack variants, we propose a federated incremental learning based model update method to aggregate the knowledge from different detectors and update the detection model incrementally, which avoids the cumbersome model retraining. To the best of our knowledge, there are rarely few studies considering the federated incremental update of the distributed intrusion detection models. In this way, the “detecting-learning-updating” process forms an evolution cycle, which enables the EIDS to evolve in an autonomous manner. Finally, the experiments conducted on three public datasets demonstrate that EIDS can conduct open-set intrusion detection with an accuracy over 0.86 and significantly reduce over 90 percent of the model update time compared to the centralized model retraining.

Faten Louati,Farah Barika Ktata,Ikram Amous

DOI: https://doi.org/10.1093/comjnl/bxae008

2024-02-11

The Computer Journal

Abstract:Abstract Ensuring the security of computer networks is of utmost importance, and intrusion detection plays a vital role in safeguarding these systems. Traditional intrusion detection systems (IDSs) often suffer from drawbacks like reliance on outdated rules and centralized architectures, limiting their performance in the face of evolving threats and large-scale data networks. To address these challenges, we present an advanced anomaly detection-based IDS that utilizes a decentralized communicative multi-agent reinforcement learning (MARL). In our approach, multiple reinforcement learning agents collaborate in intrusion detection, effectively mitigating the non-stationarity problem and introducing a specialized secure communication method. We further enhance the learning process by incorporating external knowledge. Our approach is evaluated through extensive experiments conducted on the benchmark NSL Knowledge Discovery and Data Mining dataset. These experiments encompass diverse scenarios, involving varying numbers of agents to prove scalability feature. The results underscore the effectiveness of our method, which surpasses the performance of existing state-of-the-art solutions based on MARL, achieving a high accuracy rate of 97.80%.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Sabrine Ennaji,Nabil El Akkad,Khalid Haddouch

DOI: https://doi.org/10.4018/ijisp.317113

2023-02-03

International Journal of Information Security and Privacy

Abstract:The potential of machine learning mechanisms played a key role in improving the intrusion detection task. However, other factors such as quality of data, overfitting, imbalanced problems, etc. may greatly affect the performance of an intelligent intrusion detection system (IDS). To tackle these issues, this paper proposes a novel machine learning-based IDS called i-2NIDS. The novelty of this approach lies in the application of the nested cross-validation method, which necessitates using two loops: the outer loop is for hyper-parameter selection that costs least error during the run of a small amount of training set and the inner loop for the error estimation in the test set. The experiments showed significant improvements within NSL-KDD dataset with a test accuracy rate of 99.97%, 99.79%, 99.72%, 99.96%, and 99.98% in detecting normal activities, DDoS/DoS, Probing, R2L and U2R attacks, respectively. The obtained results approve the efficiency and superiority of the approach over other recent existing experiments.

Md. Ashraf Uddin,Sunil Aryal,Mohamed Reda Bouadjenek,Muna Al-Hawawreh,Md. Alamin Talukder

2024-03-17

Abstract:The rapid expansion of varied network systems, including the Internet of Things (IoT) and Industrial Internet of Things (IIoT), has led to an increasing range of cyber threats. Ensuring robust protection against these threats necessitates the implementation of an effective Intrusion Detection System (IDS). For more than a decade, researchers have delved into supervised machine learning techniques to develop IDS to classify normal and attack traffic. However, building effective IDS models using supervised learning requires a substantial number of benign and attack samples. To collect a sufficient number of attack samples from real-life scenarios is not possible since cyber attacks occur occasionally. Further, IDS trained and tested on known datasets fails in detecting zero-day or unknown attacks due to the swift evolution of attack patterns. To address this challenge, we put forth two strategies for semi-supervised learning based IDS where training samples of attacks are not required: 1) training a supervised machine learning model using randomly and uniformly dispersed synthetic attack samples; 2) building a One Class Classification (OCC) model that is trained exclusively on benign network traffic. We have implemented both approaches and compared their performances using 10 recent benchmark IDS datasets. Our findings demonstrate that the OCC model based on the state-of-art anomaly detection technique called usfAD significantly outperforms conventional supervised classification and other OCC based techniques when trained and tested considering real-life scenarios, particularly to detect previously unseen attacks.

Cryptography and Security,Machine Learning

Panagis Sarantos,John Violos,Aris Leivadeas

DOI: https://doi.org/10.1016/j.jpdc.2024.105010

IF: 4.542

2024-11-18

Journal of Parallel and Distributed Computing

Abstract:Intrusion Detection systems (IDS) are alerting cybersecurity tools that analyze network traffic in order to identify suspicious activity and known threats. State of the art IDS rely on supervised machine learning models which are trained to categorize the network flow with a historical labeled dataset. Nonetheless, next-generation networks are characterized as heterogeneous and dynamic. The heterogeneity can make every network environment to be significantly different and the dynamicity means that new threats are constantly emerging. These two factors raise the research question if a supervised machine learning based IDS can work efficiently in a network environment different from the one that generated its labeled training data. In this paper, we first give an answer to this research question and next try to propose a semi-supervised learning approach that can be generalized sufficiently in a different network environment using unlabeled data, taking into consideration that unlabeled data are much easier and cheap to be collected compared to labeled ones. In order to have a proof of concept we made experiments with two labeled datasets CIC-IDS2017, CIC-IDS2018 which are publicly available and one unlabeled dataset PS-Azure2023 which we constructed for this work and make it also publicly available. The results confirm our assumption and the applicability of the semi-supervised learning paradigm for the design of IDS.

computer science, theory & methods

Amine Tellache,Amdjed Mokhtari,Abdelaziz Amara Korba,Yacine Ghamri-Doudane

2024-07-08

Abstract:Intrusion Detection Systems (IDS) play a crucial role in ensuring the security of computer networks. Machine learning has emerged as a popular approach for intrusion detection due to its ability to analyze and detect patterns in large volumes of data. However, current ML-based IDS solutions often struggle to keep pace with the ever-changing nature of attack patterns and the emergence of new attack types. Additionally, these solutions face challenges related to class imbalance, where the number of instances belonging to different classes (normal and intrusions) is significantly imbalanced, which hinders their ability to effectively detect minor classes. In this paper, we propose a novel multi-agent reinforcement learning (RL) architecture, enabling automatic, efficient, and robust network intrusion detection. To enhance the capabilities of the proposed model, we have improved the DQN algorithm by implementing the weighted mean square loss function and employing cost-sensitive learning techniques. Our solution introduces a resilient architecture designed to accommodate the addition of new attacks and effectively adapt to changes in existing attack patterns. Experimental results realized using CIC-IDS-2017 dataset, demonstrate that our approach can effectively handle the class imbalance problem and provide a fine grained classification of attacks with a very low false positive rate. In comparison to the current state-of-the-art works, our solution demonstrates a significant superiority in both detection rate and false positive rate.

Cryptography and Security,Artificial Intelligence

Ahmed Hasham Ibn E. Tariq,Moazan Basoud Ibn E. Tariq,Songfeng Lu

DOI: https://doi.org/10.1109/aiotc63215.2024.10748333

2024-01-01

Abstract:Zero-day exploits present significant risks to cybersecurity by exploiting unknown vulnerabilities, making their identification and mitigation a key problem. Conventional Intrusion Detection Systems (IDS) frequently depend on signature-based or anomaly-based methodologies, which are ineffective in identifying new and sophisticated incidents of assault. This paper provides a new hybrid AI-driven strategy to boost zeroday exploit detection by the combination of deep learning and ensemble learning approaches. We have taken the UNSW-NB15 dataset, a complete and diversified reference for network intrusion models, to train and analyze our model. The suggested system leverages a hybrid architecture integrating Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) networks to capture both spatial and sequential features of network traffic efficiently. To further increase detection accuracy and resilience, we add ensemble approaches by combining random forest, gradient boosting, and Support Vector Machine (SVM) classifiers through a weighted voting mechanism. Our ensemble model achieves a detection accuracy of 97.8%, outperforming standard anomaly-based (IDS), vision transformer (ViT) and bidirectional encoder representations from transformers (BERT) by a wide margin. The model also demonstrates a low false-positive rate of 0.022 and high detection rates across multiple types of attacks, including previously undiscovered zero-day flaws. Performance studies employing criteria like accuracy, recall, F1score, AUC-ROC, false-positive rate, and detection rate indicate the importance and reliability of our methodology.

Haiyan Xuan,Mohith Manohar

2023-12-04

Abstract:As Artificial Intelligence (AI) technologies continue to gain traction in the modern-day world, they ultimately pose an immediate threat to current cybersecurity systems via exploitative methods. Prompt engineering is a relatively new field that explores various prompt designs that can hijack large language models (LLMs). If used by an unethical attacker, it can enable an AI system to offer malicious insights and code to them. In this paper, an enhanced intrusion detection system (IDS) that utilizes machine learning (ML) and hyperparameter tuning is explored, which can improve a model's performance in terms of accuracy and efficacy. Ultimately, this improved system can be used to combat the attacks made by unethical hackers. A standard IDS is solely configured with pre-configured rules and patterns; however, with the utilization of machine learning, implicit and different patterns can be generated through the models' hyperparameter settings and parameters. In addition, the IDS will be equipped with multiple datasets so that the accuracy of the models improves. We evaluate the performance of multiple ML models and their respective hyperparameter settings through various metrics to compare their results to other models and past research work. The results of the proposed multi-dataset integration method yielded an accuracy score of 99.9% when equipped with the XGBoost and random forest classifiers and RandomizedSearchCV hyperparameter technique.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

FatimaEzzahra Laghrissi,Samira Douzi,Khadija Douzi,Badr Hssina

DOI: https://doi.org/10.1186/s40537-021-00448-4

2021-05-07

Journal Of Big Data

Abstract:Abstract An intrusion detection system (IDS) is a device or software application that monitors a network for malicious activity or policy violations. It scans a network or a system for a harmful activity or security breaching. IDS protects networks (Network-based intrusion detection system NIDS) or hosts (Host-based intrusion detection system HIDS), and work by either looking for signatures of known attacks or deviations from normal activity. Deep learning algorithms proved their effectiveness in intrusion detection compared to other machine learning methods. In this paper, we implemented deep learning solutions for detecting attacks based on Long Short-Term Memory (LSTM). PCA (principal component analysis) and Mutual information (MI) are used as dimensionality reduction and feature selection techniques. Our approach was tested on a benchmark data set, KDD99, and the experimental outcomes show that models based on PCA achieve the best accuracy for training and testing, in both binary and multiclass classification.

Theuns Verwoerd,Ray Hunt

DOI: https://doi.org/10.1016/s0140-3664(02)00037-3

IF: 5.047

2002-09-01

Computer Communications

Abstract:Recent security incidents and analysis have demonstrated that manual response to such attacks is no longer feasible. Intrusion detection systems (IDS) offer techniques for modelling and recognising normal and abusive system behaviour. Such methodologies include statistical models, immune system approaches, protocol verification, file and taint checking, neural networks, whitelisting, expression matching, state transition analysis, dedicated languages, genetic algorithms and burglar alarms. This paper describes these techniques including an IDS architectural outline and an analysis of IDS probe techniques finishing with a summary of associated technologies.

computer science, information systems,telecommunications,engineering, electrical & electronic