Kishu Gupta,Ashwani Kush

2023-12-21

Abstract:Data is the key asset for organizations and data sharing is lifeline for organization growth; which may lead to data loss. Data leakage is the most critical issue being faced by organizations. In order to mitigate the data leakage issues data leakage prevention systems (DLPSs) are deployed at various levels by the organizations. DLPSs are capable to protect all kind of data i.e. DAR, DIM/DIT, DIU. Statistical analysis, regular expression, data fingerprinting are common approaches exercised in DLP system. Out of these techniques; statistical analysis approach is most appropriate for proposed DLP model of data security. This paper defines a statistical DLP model for document classification. Model uses various statistical approaches like TF-IDF (Term Frequency- Inverse Document Frequency) a renowned term count/weighing function, Vectorization, Gradient boosting document classification etc. to classify the documents before allowing any access to it. Machine learning is used to test and train the model. Proposed model also introduces an extremely efficient and more accurate approach; IGBCA (Improvised Gradient Boosting Classification Algorithm); for document classification, to prevent them from possible data leakage. Results depicts that proposed model can classify documents with high accuracy and on basis of which data can be prevented from being loss.

Machine Learning,Cryptography and Security,Information Retrieval

Kishu Gupta,Ashwani Kush

2023-12-21

Abstract:Sensitive data leakage is the major growing problem being faced by enterprises in this technical era. Data leakage causes severe threats for organization of data safety which badly affects the reputation of organizations. Data leakage is the flow of sensitive data/information from any data holder to an unauthorized destination. Data leak prevention (DLP) is set of techniques that try to alleviate the threats which may hinder data security. DLP unveils guilty user responsible for data leakage and ensures that user without appropriate permission cannot access sensitive data and also provides protection to sensitive data if sensitive data is shared accidentally. In this paper, data leakage prevention (DLP) model is used to restrict/grant data access permission to user, based on the forecast of their access to data. This study provides a DLP solution using data statistical analysis to forecast the data access possibilities of any user in future based on the access to data in the past. The proposed approach makes use of renowned simple piecewise linear function for learning/training to model. The results show that the proposed DLP approach with high level of precision can correctly classify between users even in cases of extreme data access.

Cryptography and Security,Machine Learning

Alneyadi,Elankayer Sithirasenan,Vallipuram Muthukkumarasamy,Sultan Alneyadi

DOI: https://doi.org/10.1016/j.jnca.2016.01.008

IF: 7.574

2016-02-01

Journal of Network and Computer Applications

Abstract:Protection of confidential data from being leaked to the public is a growing concern among organisations and individuals. Traditionally, confidentiality of data has been preserved using security procedures such as information security policies along with conventional security mechanisms such as firewalls, virtual private networks and intrusion detection systems. Unfortunately, these mechanisms lack pro-activeness and dedication towards protecting confidential data, and in most cases, they require predefined rules by which protection actions are taken. This can result in serious consequences, as confidential data can appear in different forms in different leaking channels. Therefore, there has been an urge to mitigate these drawbacks using more efficient mechanisms. Recently, data leakage prevention systems (DLPSs) have been introduced as dedicated mechanisms to detect and prevent the leakage of confidential data in use, in transit and at rest. DLPSs use different techniques to analyse the content and the context of confidential data to detect or prevent the leakage. Although DLPSs are increasingly being designed and developed as standalone products by IT security vendors and researchers, the term still ambiguous. In this study, we have carried out a comprehensive survey on the current DLPS mechanisms. We explicitly define DLPS and categorise active research directions in this field. In addition, we suggest future directions towards developing more consistent DLPSs that can overcome some of the weaknesses of the current ones. This survey is an updated reference on DLPSs, that can benefit both academics and professionals.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Mir Hassan,Chen Jincai,Adnan Iftekhar,Adnan Shehzad,Xiaohui Cui

DOI: https://doi.org/10.48550/arXiv.2012.14111

2020-12-28

Cryptography and Security

Abstract:Data Loss/Leakage Prevention (DLP) continues to be the main issue for many large organizations. There are multiple numbers of emerging security attach scenarios and a limitless number of overcoming solutions. Today's enterprises' major concern is to protect confidential information because a leakage that compromises confidential data means that sensitive information is in competitors' hands. Different data types need to be protected. However, our research is focused only on data in motion (DIM) i-e data transferred through the network. The research and scenarios in this paper demonstrate a recent survey on information and data leakage incidents, which reveals its importance and also proposed a model solution that will offer the combination of previous methodologies with a new way of pattern matching by advanced content checker based on the use of machine learning to protect data within an organization and then take actions accordingly. This paper also proposed a DLP deployment design on the gateway level that shows how data is moving through intermediate channels before reaching the final destination using the squid proxy server and ICAP server.

Yuri Shapira,Bracha Shapira,Asaf Shabtai

DOI: https://doi.org/10.48550/arXiv.1302.2028

2013-02-08

Cryptography and Security

Abstract:Protecting sensitive information from unauthorized disclosure is a major concern of every organization. As an organizations employees need to access such information in order to carry out their daily work, data leakage detection is both an essential and challenging task. Whether caused by malicious intent or an inadvertent mistake, data loss can result in significant damage to the organization. Fingerprinting is a content-based method used for detecting data leakage. In fingerprinting, signatures of known confidential content are extracted and matched with outgoing content in order to detect leakage of sensitive content. Existing fingerprinting methods, however, suffer from two major limitations. First, fingerprinting can be bypassed by rephrasing (or minor modification) of the confidential content, and second, usually the whole content of document is fingerprinted (including non-confidential parts), resulting in false alarms. In this paper we propose an extension to the fingerprinting approach that is based on sorted k-skip-n-grams. The proposed method is able to produce a fingerprint of the core confidential content which ignores non-relevant (non-confidential) sections. In addition, the proposed fingerprint method is more robust to rephrasing and can also be used to detect a previously unseen confidential document and therefore provide better detection of intentional leakage incidents.

Sneha K. Thombre

DOI: https://doi.org/10.1109/ComPE49325.2020.9200160

2020-07-01

Abstract:Every organisation has some crucial data that holds the reason for its competitive advantage over others. This data includes intellectual property, trade secrets, salary details etc. Non-ethical disclosure of such data can have fatal impacts. Recent incidents of data leaks cannot be overlooked, therefore every organisation should preferably use Data Loss Prevention(DLP) system to avoid the risk of data leakage. The aim of this work is to develop a freeware DLP that will help small and medium scale organizations to protect their covert data. There are numerous channels of data exfiltration such as Bluetooth, E-mail, Universal Serial Bus(USB) etc. The USB channel being portable and fast to use, it is favoured for data transfer. This DLP system is developed to work on windows framework. It targets to block transfer of confidential files through a USB port, according to the policies set by an administrator. This solution uses emerging technologies and integrates kernel space modules and machine learning approach to deliver a novel solution. It intercepts file transfer actions through a USB port and checks the contents of the file. In case, contents of the file are found to be confidential, the copy action will be blocked. This solution is implemented in a way that makes it effective and simplistic to use. It will definitely help the organizations to protect their data. There is a plethora of research going on in this area to secure sensitive information from being leaked. Incorporating Machine learning to accurately detect leaks is a new challenge in this field.

Computer Science

Yu -tong Guo,Yang Gao,Yan Wang,Meng-yuan Qin,Yu-jie Pu,Zeng Wang,Dan-dan Liu,Xiang-jun Chen,Tian-fng Gao,Ting-ting Lv,Zhong-chuan Fu

DOI: https://doi.org/10.1016/j.proeng.2017.01.276

2017-01-01

Procedia Engineering

Abstract:A malicious behavior detection approach which combines both the DPI (Deep Packet Inspection) and DFI (Deep Flow Inspection) is proposed, namely DPI & DFI. For the DPI & DFI method an outlier data mining method is employed. The fine-grained DPI is suitable for plaintext traffic, while DFI is a complementary for encrypted or emerging traffic. The collaborative detection approach includes three phases: DPI detection, DFI detection & comparison, and feedback. In present work, the C4.5 data-mining decision tree is adopted as classifier. The KDD Cup’99 benchmark is used and representative attack categories such as Probing, DOS, R2L (Remote to User) and U2R (User to Root) are evaluated. In-depth analysis demonstrates that the U2R and R2L attack categories lead to lower detection rate, and in particular the attack types contribute most are put forward. In future work, some other types of classifiers suitable to R2L and U2R attack categories should be investigated.

Stefano Braghin,Marco Simioni,Mathieu Sinn

DOI: https://doi.org/10.48550/arXiv.2108.13785

2021-08-31

Abstract:Shared folders are still a common practice for granting third parties access to data files, regardless of the advances in data sharing technologies. Services like Google Drive, Dropbox, Box, and others, provide infrastructures and interfaces to manage file sharing. The human factor is the weakest link and data leaks caused by human error are regrettable common news. This takes place as both mishandled data, for example stored to the wrong directory, or via misconfigured or failing applications dumping data incorrectly. We present Data Leakage Prevention FileSystem (DLPFS), a first attempt to systematically protect against data leakage caused by misconfigured application or human error. This filesystem interface provides a privacy protection layer on top of the POSIX filesystem interface, allowing for seamless integration with existing infrastructures and applications, simply augmenting existing security controls. At the same time, DLPFS allows data administrators to protect files shared within an organisation by preventing unauthorised parties to access potentially sensitive content. DLPFS achieves this by transparently integrating with existing access control mechanisms. We empirically evaluate the impact of DLPFS on system's performances to demonstrate the feasibility of the proposed solution.

Cryptography and Security,Computers and Society

Prabhat Kumar,Rakesh Tripathi,Govind P. Gupta

DOI: https://doi.org/10.1145/3427477.3429989

2020-12-30

Abstract:The Software Defined Internet of Things-Fog (SDIoT-Fog) has provided a new connectivity paradigm for effective service provisioning. SDIoT-Fog uses network resource virtualization to provide services to heterogeneous IoT devices. However, data privacy, and security are the two major challenges that prevents faster realization of SDIoT-based frameworks. Motivated from the aforementioned challenges, we present a Privacy-Preserving based Intrusion Detection Framework (P2IDF) for protecting confidential data and to detect malicious instances in SDIoT-Fog network traffic. This framework has two key engines. Firstly, a Sparse AutoEncoder (SAE)-based privacy-preservation engine is suggested that transforms original data into a new encoded form that avoids inference attacks. Secondly, an intrusion detection engine is suggested that uses Artificial Neural Network (ANN) to train and evaluate the outcomes of the proposed privacy-preservation engine using an IoT-based dataset named ToN-IoT. Finally, experimental results showed that the proposed P2IDF framework outperforms with some recent state-of-the-art frameworks in terms of detection rate, accuracy and precision score.

Jingwei Li,Chuan Qin,Patrick P. C. Lee,Xiaosong Zhang

DOI: https://doi.org/10.1109/dsn.2017.28

2020-01-01

ACM Transactions on Storage

Abstract:Encrypted deduplication seamlessly combines encryption and deduplication to simultaneously achieve both data security and storage efficiency. State-of-the-art encrypted deduplication systems mostly adopt a deterministic encryption approach that encrypts each plaintext chunk with a key derived from the content of the chunk itself, so that identical plaintext chunks are always encrypted into identical ciphertext chunks for deduplication. However, such deterministic encryption inherently reveals the underlying frequency distribution of the original plaintext chunks. This allows an adversary to launch frequency analysis against the resulting ciphertext chunks, and ultimately infer the content of the original plaintext chunks. In this paper, we study how frequency analysis practically affects information leakage in encrypted deduplication storage, from both attack and defense perspectives. We first propose a new inference attack that exploits chunk locality to increase the coverage of inferred chunks. We conduct trace-driven evaluation on both real-world and synthetic datasets, and show that the new inference attack can infer a significant fraction of plaintext chunks under backup workloads. To protect against frequency analysis, we borrow the idea of existing performance-driven deduplication approaches and consider an encryption scheme called MinHash encryption, which disturbs the frequency rank of ciphertext chunks by encrypting some identical plaintext chunks into multiple distinct ciphertext chunks. Our trace-driven evaluation shows that MinHash encryption effectively mitigates the inference attack, while maintaining high storage efficiency.

Isabel Herrera Montano,José Javier García Aranda,Juan Ramos Diaz,Sergio Molina Cardín,Isabel de la Torre Díez,Joel J. P. C. Rodrigues

DOI: https://doi.org/10.1007/s10586-022-03668-2

2022-07-14

Cluster Computing

Abstract:Abstract Data leakage is a problem that companies and organizations face every day around the world. Mainly the data leak caused by the internal threat posed by authorized personnel to manipulate confidential information. The main objective of this work is to survey the literature to detect the existing techniques to protect against data leakage and to identify the methods used to address the insider threat. For this, a literature review of scientific databases was carried out in the period from 2011 to 2022, which resulted in 42 relevant papers. It was obtained that from 2017 to date, 60% of the studies found are concentrated and that 90% come from conferences and publications in journals. Significant advances were detected in protection systems against data leakage with the incorporation of new techniques and technologies, such as machine learning, blockchain, and digital rights management policies. In 40% of the relevant studies, significant interest was shown in avoiding internal threats. The most used techniques in the analyzed DLP tools were encryption and machine learning.

computer science, information systems, theory & methods

Xiaosong Zhang,Fei Liu,Ting Chen,Hua Li

DOI: https://doi.org/10.1109/cis.2009.107

2009-01-01

Abstract:Traditional data leakage prevention strategies encompass access control, audit logon and authority management. They have some effects on preventing sensitive information from leakage, while the system’ s availability may be degraded seriously by their limitation. To solve this problem, a novel model based on Windows file system filter driver is proposed in this paper, in which system encrypts files automatically according to encryption strategies. Leaking confidential information out of enterprise environment, intentionally or unintentionally, will be prevented effectively. Moreover, it has the characteristic of mandatory and transparent encryption, which can compromise the contradiction between data security and user flexibility.

Jan Domnik,Alexander Holland

DOI: https://doi.org/10.3390/jcp4020009

2024-03-30

Journal of Cybersecurity and Privacy

Abstract:In an evolving cybersecurity landscape marked by escalating data breaches and regulatory demands, data leakage prevention (DLP) has emerged as one of several defense mechanisms. This study underscores unresolved foundational issues within DLP, revealing that it remains a significant challenge in large organizations. This highlights the necessity for a holistic approach to DLP to effectively address these persistent challenges. By developing a DLP Maturity Model, adapted from the renowned C2M2 framework, this research provides a comprehensive tool for assessing organizational DLP capabilities and pinpointing critical gaps. Applying the DLP Maturity Model within the financial sector as demonstrated through a banking scenario showcases its relevance and added value. This application illuminates the model’s effectiveness in securing sensitive data and adhering to essential regulatory standards, highlighting its adaptability across various compliance landscapes. Implementing this DLP Maturity Model in a banking scenario showcases its applicability, highlighting its ability to formulate a strategy to secure sensitive data and comply with regulatory standards. This approach aligns with the concept of a continuous risk-based strategy, merging the holistic model to identify and address critical insider risks within organizations. The study addresses a specific gap in DLP research, notably the lack of a holistic framework for assessing and enhancing DLP strategies across organizations. It equips practitioners with a foundational tool to determine current DLP maturity and devise strategies for mitigating insider-driven data breach risks, thereby bolstering organizational cybersecurity resilience.

computer science, information systems, interdisciplinary applications, software engineering

Dinuka Sahabandu,Shana Moothedath,Joey Allen,Linda Bushnell,Wenke Lee,Radha Poovendran

DOI: https://doi.org/10.48550/arXiv.2007.00076

2021-06-29

Abstract:Advanced Persistent Threats (APTs) are stealthy attacks that threaten the security and privacy of sensitive information. Interactions of APTs with victim system introduce information flows that are recorded in the system logs. Dynamic Information Flow Tracking (DIFT) is a promising detection mechanism for detecting APTs. DIFT taints information flows originating at system entities that are susceptible to an attack, tracks the propagation of the tainted flows, and authenticates the tainted flows at certain system components according to a pre-defined security policy. Deployment of DIFT to defend against APTs in cyber systems is limited by the heavy resource and performance overhead associated with DIFT. In this paper, we propose a resource-efficient model for DIFT by incorporating the security costs, false-positives, and false-negatives associated with DIFT. Specifically, we develop a game-theoretic framework and provide an analytical model of DIFT that enables the study of trade-off between resource efficiency and the effectiveness of detection. Our game model is a nonzero-sum, infinite-horizon, average reward stochastic game. Our model incorporates the information asymmetry between players that arises from DIFT's inability to distinguish malicious flows from benign flows and APT's inability to know the locations where DIFT performs a security analysis. Additionally, the game has incomplete information as the transition probabilities (false-positive and false-negative rates) are unknown. We propose a multiple-time scale stochastic approximation algorithm to learn an equilibrium solution of the game. We prove that our algorithm converges to an average reward Nash equilibrium. We evaluate our proposed model and algorithm on a real-world ransomware dataset and validate the effectiveness of the proposed approach.

Optimization and Control,Computer Science and Game Theory

Ting LIU,Zijun WANG,Yang LIU,Yadong ZHOU,Jiang WU,Yuanyi BAO,Tong WU,Xiaohong GUAN

DOI: https://doi.org/10.1360/SSI-2022-0362

2023-01-01

Abstract:With the high integration of computing units and physical objects,cyber and physical systems are gradually coupled into cyber-physical systems(CPSs).According to the laws of physical systems and operation flow in CPSs,unknown CPS data can be inferred from other known data.The inferred data leakage threat is triggered when an accurate inference path connects between low-and high-security domain data.In this paper,by analyzing CPS data leakage accidents caused by data inference,paradigms of data leakage threats are proposed from two dimensions:data theft and data inference.Data inference is classified into three problem types:state estimation,parameter identification,and blind source separation.The algorithms for data inference are categorized as model-driven,data-driven,and data-model-driven methods.In the case of an electricity market,the process of inferring key parameters of a power system from public electricity price data is demonstrated,verifying that data inference can cause severe CPS data leakage threats.Meanwhile,the challenges of existing data protection methods are investigated.Additionally,the future research of CPS data inference defense and data security governance is discussed.

Mansaf Alam,Shuchi Sethi

DOI: https://doi.org/10.48550/arXiv.1504.03539

2015-04-14

Distributed, Parallel, and Cluster Computing

Abstract:Recent research shows that colluded malware in different VMs sharing a single physical host may use a resource as a channel to leak critical information. Covert channels employ time or storage characteristics to transmit confidential information to attackers leaving no trail.These channels were not meant for communication and hence control mechanisms do not exist. This means these remain undetected by traditional security measures employed in firewalls etc in a network. The comprehensive survey to address the issue highlights that accurate methods for fast detection in cloud are very expensive in terms of storage and processing. The proposed framework builds signature by extracting features which accurately classify the regular from covert traffic in cloud and estimates difference in distribution of data under analysis by means of scores. It then adds context to the signature and finally using machine learning (Support Vector Machines),a model is built and trained for deploying in cloud. The results show that the framework proposed is high in accuracy while being low cost and robust as it is tested after adding noise which is likely to exist in public cloud environments.

Yingjiu Li,Sushil Jajodia,X. Sean Wang

2003-01-01

Abstract:This thesis reports a systematic study of data protection in three different, yet related, scenarios. The first scenario is to guard relational data against unauthorized redistribution or data piracy. In this scenario, the data is released to users who have full control over the use of data but are restricted from any redistribution. A novel technique is presented for embedding fingerprints in database relations so that the original recipient of the data can be identified. In our scheme, one secret key (with or without primary key attributes in database relations) is used to decide the way how a fingerprint is embedded. Rigorous analysis shows that, with high probability, a detected fingerprint is indeed the fingerprint originally embedded, and embedded fingerprints cannot be modified or erased by a variety of attacks, including bits flipping, tuple addition and deletion; secret key guessing, and collusion among multiple recipients of the same relation. In addition, as a special case of fingerprinting, a robust watermarking scheme is also presented for relational databases. The second scenario is to protect the privacy of individual data value against interval-based inference from aggregation queries. Different from the first scenario in which the data is released to users, this scenario is about data that are controlled by its owner. Users are allowed to access the data through aggregation queries. An individual data value is said to be compromised if an accurate enough interval, called inference interval, is obtained from aggregation results such that the actual data value must fall into the interval. Our study shows that it is intractable to audit interval-based inference for bounded integer values; while for bounded real values, the auditing problem has a polynomial time complexity involving mathematical programming with a large number of constraints and/or variables. The last scenario is to detect anomaly from usage log data. Different from the first scenario in which the data are released to users as well as the second scenario in which the data are allowed to be queried by users, this scenario is about using log data to build profiles for user normal behaviors and detect suspicious anomalies that deviate from the profiles. Experiments show that our proposed method is more flexible and precise than previous methods that do not use time information or simply use fixed partition of time intervals in profiling. (Abstract shortened by UMI.)

Guangrui Liu,Weizhe Zhang,Xurun Wang,Stephen King,Shui Yu

DOI: https://doi.org/10.1109/tai.2024.3357791

2024-01-01

IEEE Transactions on Artificial Intelligence

Abstract:Malicious traffic identification methods in intrusion detection systems have evolved from rule-based matching to machine learning. However, security risks such as membership inference and adversarial attacks hinder the practical deployment of machine learning-based network intrusion detection systems (ML-NIDS). In this work, we design a defense framework called HierarchicalDP to safeguard ML-NIDS against membership inference and adversarial attacks. First, we analyse the principles of membership inference and adversarial attacks to find their correlation. Based on this, we propose the Feature Distribution Security Metric (FDSM) to measure the risk of membership inference and adversarial attacks on ML-NIDS. Then, we design the Hierarchical Differential Privacy (HierarchicalDP) framework, which partitions network traffic sample features according to security levels and introduces distinct noise on each security level feature to satisfy FDSM, thus defensing against membership inference and adversarial attacks. Finally, we evaluate the defensive performance of the HierarchicalDP framework on two network traffic datasets and four machine learning models. The HierarchicalDP defense framework, based on Laplace noise, reduces the success rate of membership inference from 64.9% to 54.4% (ineffective binary classification), the evasion rate of adversarial samples from 86.1% to 23.2%, and maintains model accuracy fluctuations within 4.2%. Furthermore, the HierarchicalDP framework adjusts sample features without modifying the model, thereby not affecting the inference speed. HierarchicalDP offers efficient and convenient defenses for ML-NIDS deployed in a network.

D. Paul Joseph,P. Viswanathan

DOI: https://doi.org/10.1109/access.2023.3234434

IF: 3.9

2023-01-13

IEEE Access

Abstract:Most traditional digital forensic techniques identify irrelevant files in a corpus using keyword search, frequent hashes, frequent paths, and frequent size methods. These methods are based on Message Digest and Secure Hash Algorithm-1, which result in a hash collision. The threshold criteria of files based on frequent sizes will lead to imprecise threshold values that result in an increased evaluation of irrelevant files. The blacklisted keywords used in forensic search are based on literal and non-lexical, thus resulting in increased false-positive search results and failure to disambiguate unstructured text. Due to this, many extraneous files are also being considered for further investigations, exacerbating the time lag. Moreover, the non-availability of standardized forensic labeled data results in time complexity during the file classification process. This research proposes a three-tier Keyword Metadata Pattern framework to overcome these significant concerns. Initially, Secure Hash algorithm-256 hash for the entire corpus is constructed along with custom regex and stop-words module to overcome hash collision, imprecise threshold values, and eliminate recurrent files. Then blacklisted keywords are constructed by identifying vectorized words that have proximity to overcome traditional keyword search's drawbacks and to overcome false positive results. Dynamic forensic relevant patterns based on massive password datasets are designed to search for unique, relevant patterns to identify the significant files and overcome the time lag. Based on tier-2 results, files are preliminarily classified automatically in O(log n) complexity, and the system is trained with a machine learning model. Finally, when experimentally evaluated, the overall proposed system was found to be very effective, outperforming the existing two-tier model in terms of finding relevant files - y automated labeling and classification in O(nlog n) complexity. Our proposed model could eliminate 223K irrelevant files and reduce the corpus by 4.1% in tier-1, identify 16.06% of sensitive files in tier-2, and classify files with 91% precision, 95% sensitivity, 91% accuracy, and 0.11% Hamming loss compared to the two-tier system.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mohammed Misbahuddin,Sachin Narayanan,Bishwa Ranjan Ghosh

DOI: https://doi.org/10.48550/arXiv.1004.0594

2010-04-05

Abstract:Intrusion Detection & Prevention Systems generally aims at detecting / preventing attacks against Information systems and networks. The basic task of IDPS is to monitor network & system traffic for any malicious packets/patterns and hence to prevent any unwarranted incidents which leads the systems to insecure state. The monitoring is done by checking each packet for its validity against the signatures formulated for identified vulnerabilities. Since, signatures are the heart & soul of an Intrusion Detection and Prevention System (IDPS), we, in this paper, discuss two methodologies we adapted in our research effort to improve the current Intrusion Detection and Prevention (IDP) systems. The first methodology RUDRAA is for formulating, verifying & validating the potential signatures to be used with IDPS. The second methodology DSP-FED is aimed at processing the signatures in less time with our proposed fast elimination method using DFA. The research objectives of this project are 1) To formulate & process potential IPS signatures to be used with Intrusion prevention system. 2) To propose a DFA based approach for signature processing which, upon a pattern match, could process the signatures faster else could eliminate it efficiently if not matched

Cryptography and Security