E Biermann,E Cloete,L.M Venter

DOI: https://doi.org/10.1016/s0167-4048(01)00806-9

2001-12-01

Abstract:A computer system intrusion is seen as any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource.1 The introduction of networks and the Internet caused great concern about the protection of sensitive information and have resulted in many computer security research efforts during the past few years. Although preventative techniques such as access control and authentication attempt to prevent intruders, these can fail, and as a second line of defence, intrusion detection has been introduced. Intrusion detection systems (IDS) are implemented to detect an intrusion as it occurs, and to execute countermeasures when detected.Usually, a security administrator has difficulty in selecting an IDS approach for his unique set-up. In this Report, different approaches to intrusion detection systems are compared, to supply a norm for the best-fit system. The results would assist in the selection of a single appropriate intrusion detection system or combine approaches that best fit any unique computer system.

computer science, information systems

Ansam Khraisat,Iqbal Gondal,Peter Vamplew,Joarder Kamruzzaman

DOI: https://doi.org/10.1186/s42400-019-0038-7

2019-07-17

Abstract:Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). This survey paper presents a taxonomy of contemporary IDS, a comprehensive review of notable recent works, and an overview of the datasets commonly used for evaluation purposes. It also presents evasion techniques used by attackers to avoid detection and discusses future research challenges to counter such techniques so as to make computer systems more secure.

computer science, information systems, interdisciplinary applications, software engineering

Keturahlee Coulibaly

DOI: https://doi.org/10.48550/arXiv.2004.08967

2020-04-20

Abstract:Cyber threats are increasing not only in their volume but also in their sophistication and difficulty to detect. Attacks have become a national/global threat as they have targeted private and public, as well as government sectors over the years. This is a growing issue and organisations are taking steps to reduce, detect and prevent threats. To do this they need to use systems that are equipped with the capabilities to do either of those steps and develop them for the type of networks they use, for instance wired or wireless. One of these systems are Intrusion Detection Systems (IDS), which can be used as the first defence mechanism or a secondary defence mechanism of a threat or an attack. There are different types of attacks that can occur in a network, such as Denial of service (DoS)/Distributed Denial of Service (DDoS), port scanning, malware or ransomware and so forth that IDSs have a capability of detecting. Assisting in the mitigation of such attacks, there are also Intrusion Prevention Systems (IPS) whose role has a different purpose than that of IDSs. Unlike IDSs they not only detect threats but prevent them from disrupting the network, IPSs can be used in conjunction with IDSs to double the defences. This paper provides an overview of IDS and their classifications and IPS. It will detail typical benefits and limitations to using IDSs, IPSs and the hybrids (such as Intrusions Detection Prevention Systems (IDPSs and more)) which will be discussed further. It will also outline developments in the making using ML and how it is used to improve these systems and the dilemmas they produce and possible ways to counter act them.

Cryptography and Security

Liu Hua Yeo,Xiangdong Che,Shalini Lakkaraju

DOI: https://doi.org/10.48550/arXiv.1708.07174

2017-08-23

Cryptography and Security

Abstract:Intrusion detection systems (IDS) help detect unauthorized activities or intrusions that may compromise the confidentiality, integrity or availability of a resource. This paper presents a general overview of IDSs, the way they are classified, and the different algorithms used to detect anomalous activities. It attempts to compare the various methods of intrusion techniques. It also describes the various approaches and the importance of IDSs in information security.

Amod Pandit,R Joe Stanley,Bruce McMillin

Abstract:Intrusion detection systems (IDS) attempt to address the vulnerability of computer-based systems for abuse by insiders and to penetration by outsiders. An IDS is required to examine an enormous amount of data generated by computer networks to assist in the abuse detection process. Thus, there is a need to develop automated tools that address these requirements to assist system operators in the detection of violations of existing security policies. In this research, an automated IDS is proposed for insider threats in a distributed system. The proposed IDS functions as an anomaly detector for insider system operations based on the analysis of the system's log files. The approach integrates dynamic programming and adaptive resonance theory (ART1) clustering. The integrated approach aligns sequences of log events with prototypical sequences of events for performing tasks and classifies the aligned sequences for intrusion detection. The system examined for this research is a Boots System for controlling the movement of boots from one place to another under specific security restrictions related to the boot orders. We present the proposed model, the results achieved and the analysis of an implemented prototype.

WU Qing-tao,SHAO Zhi-qing

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.12.004

2005-01-01

Abstract:Intrusion detection,as one of the most active and important network security technology,can compensate the shortcomings of traditional security protection measure.Through building dynamic security cycle,it can promote the protection capacity of system and reduce the security threats as great as possible. An overview of basic issues on intrusion detection is shown in this paper,which is involved with three main aspects of intrusion detection,including Intrusion Detection System(IDS) architecture,intrusion detection methods and IDS evaluation.Firstly,three kinds of IDS architectures are analyzed.Then,current intrusion detection models are given,and their merits or shortcomings are discussed in detail.Finally,some future promi￣sing directions are presented.

ZHOU Quan,WANG Chong-jun,WANG Jun,ZHOU Xin-min,CHEN Shi-fu

DOI: https://doi.org/10.3969/j.issn.1001-3695.2007.05.045

2007-01-01

Abstract:The ability to detect intruders in computer systems increases in importance as computers were increasingly integra-ted into the systems that rely on for the correct functioning of society.A history of research in intrusion detection and several approaches based on AI technology in IDS especially some machine learning technology,and then agent-based intrusion detection systems were introduced.In the end,some possible research directions and challenges was presented in this field.

Cai Wan

2003-01-01

Computer Science

Abstract:Intrusion Detection System (IDS) is an important network security technique. It can dynamic detect the network attack behaviors. At present, great issues for IDS are incapable of detecting the unknown malicious attack behaviors. So that, some new detection techniques are presented,data mining-based detection technique is an effective method in them. In this paper, data mining-based detection method and its key techniques are discussed in detail.

Aboul Ella Hassanien,Tai-Hoon Kim,Janusz Kacprzyk,Ali Ismail Awad

DOI: https://doi.org/10.1007/978-3-662-43616-5_9

2014-01-01

Abstract:Almost daily we hear news about a security breach somewhere, as hackers are constantly finding new ways to get around even the most complex firewalls and security systems. This turned the security into one of the top research areas. Artificial Immune Systems are techniques inspired by biological immune system-specifically the human immune system-which basic function is to protect the body (system) and defend against attacks of different types. For this reason, many have applied the artificial immune system in the field of network security and intrusion detection. In this chapter, a basic model of a multi-layer system is discussed, along with the basics of artificial immune systems and network intrusion detection. An actual experiment is included, which involved a layer for data preprocessing and feature selection (using Principal Component Analysis), a layer for detectors generation and anomaly detection (Using Genetic Algorithm with Negative Selection Approach), and finally a layer for detected anomalies classification (using decision tree classifiers). The principle interest of this work is to benchmark the performance of the proposed multi-layer IDS system by using NSL-KDD benchmark data set used by IDS researchers. The obtained results of the anomaly detection layer shows that up to 81% of the attacks were successfully detected as attacks. The results of the classification layer demonstrated that naive bayes classifier has better classification accuracy in the case of lower presented attacks such as U2R and R2L, while the J48 decision tree classifier gives high accuracy up to 82% for DoS attacks and 65.4% for probe attacks in the anomaly traffic.

李健,顾国昌,张国印

DOI: https://doi.org/10.3969/j.issn.1009-671x.2004.07.012

2004-01-01

Abstract:With the development of computer technology and the explosion of Internet, computer security becomes more and more important. In this paper, related terms and related concepts were introduced, such as computer security, network security and intrusion detection, then the classification of intrusion detect was introduced in detail such as anomaly detection and signature based detection. Finally the distributed model IDS was introduced, and the technical trend of IDS was discussed.

Saloni Anand,Kshitij Patne

DOI: https://doi.org/10.22214/ijraset.2022.44761

2022-06-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Intrusion Detection systems are now increasingly significant in network security. As the number of people using the internet grows, so does the chance of a cyberattack. People are adopting signature-based intrusion detection systems. Snort is a popular open-source signature-based intrusion detection system. It is widely utilised in the intrusion detection and prevention arena across the world. The aim of this research is to provide knowledge about intrusion detection systems, application vulnerabilities, and their prevention methods and to perform a comparison of the latest tools and mechanisms used to detect these threats and vulnerabilities.

郑飞,方敏

DOI: https://doi.org/10.3969/j.issn.1006-9348.2004.08.020

2004-01-01

Abstract:In the field of Network Security, Intrusion Detection Technique is the main active protection. This paper begins with the concepts of intrusion detection, then details its classifications and development.Intrusion analysis techniques,the key methods in IDS, are analyzed and compared comprehensively; some possible approaches are provided against the main obstacles of IDS. Finally, a new intrusion detection infrastructure combined with data fusion and intrusion tolerance is presented.

Wang Zeng-quan,Wang Hui-qiang,Zhang Rui-Jie

DOI: https://doi.org/10.1109/WI-IATW.2006.46

2006-01-01

Abstract:Analysis of the properties and the quality of IDS, take a mathematical analysis of the alarm confidence level, the attack frequency, the risk assessment and the response cost of IDS. Analysis of the tactic of 1RS. Based on these, Analysis of an Intelligent Agent intrusion response system that is able to make automated response and adjust security policies according to the environmental variation dynamically. © 2006 IEEE.

MA ZHANFEI,ZHENG XUEFENG

DOI: https://doi.org/10.3969/j.issn.1008-0570.2006.36.012

2006-01-01

Abstract:With the rapid development of computer and network techniques, computer &network security has been one of the keys to the modern computer system. Intrusion detection system (IDS) is differ from the firewall and the anti- virus software, because it can monitor the dynamic behavior character of the network or the computer system, and take active recovery measure to hold back intru- sion. Research actuality of the IDS has been detailedly discussed from concept, means and algorithm of IDS, and put forward to IDS trend in the future. At the same time, it also provides essential technology and development to farther research IDS.

Maruthi Rohit Ayyagari,Nishtha Kesswani,Munish Kumar,Krishan Kumar

DOI: https://doi.org/10.1007/s11276-020-02529-3

IF: 2.701

2021-01-02

Wireless Networks

Abstract:The entire world relates to some network capabilities in some way or the other. The data transmission on the network is getting more straightforward and quicker. An intrusion detection system helps distinguish unauthorized activities or intrusions that may settle the confidentiality, integrity, or availability of a resource. Nowadays, almost all institutions are using network-related facilities like schools, banks, offices, etc. Social media has become so popular that nearly every individual belongs to a new nation called 'Netizen.' Several approaches have been implemented to incorporate security features in network-related issues. However, vulnerable attacks are continuous, so intrusion detection systems have been proposed to secure computer systems and networks. Network security is a piece of the most fundamental issues in Computer Network Management. Moreover, an intrusion is considered to be the most revealed dangers to security. With the evolution of the networks, intrusion detection has emerged as a crucial field in networks' security. The main aim of this article is to deliver a systematic review of intrusion detection approaches and systems that are used in various network environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Frans David

DOI: https://doi.org/10.3969/j.issn.1003-6199.2004.03.006

2004-01-01

Abstract:Most intrusion detection systems (IDS) today lack the ability to detect both known and unknown intrusions. Even a very slight variation from known intrusions will go undetected thus rendering the IDS ineffectiveness. This paper proposes Anomaly and Signature-based Intrusion Detection System. The combination is needed in order to increase effectiveness of the IDS. The need arouse due to the fact that individual detection systems possesses serious drawbacks which can be solved only by combining them. With this at hand gives rise to an approach known as anomaly signature-based which is more efficient than individual techniques. This is due to the fact that anomaly detection detects unknown intrusions while signature-based detection detects known intrusions. By combining both techniques in conjunction with our anomaly signature-based system approach we are assured of an intrusion detection system that does not only detect both known and unknown intrusions but also capable of updating the signature-based detection database, thus in return rendering effectiveness to intrusion detection systems.

Hua Yang,Tao Li,Xinlei Hu,Feng Wang,Yang Zou

DOI: https://doi.org/10.1155/2014/156790

2014-01-01

The Scientific World JOURNAL

Abstract:In the area of computer security, Intrusion Detection (ID) is a mechanism that attempts to discover abnormal access to computers by analyzing various interactions. There is a lot of literature about ID, but this study only surveys the approaches based on Artificial Immune System (AIS). The use of AIS in ID is an appealing concept in current techniques. This paper summarizes AIS based ID methods from a new view point; moreover, a framework is proposed for the design of AIS based ID Systems (IDSs). This framework is analyzed and discussed based on three core aspects: antibody/antigen encoding, generation algorithm, and evolution mode. Then we collate the commonly used algorithms, their implementation characteristics, and the development of IDSs into this framework. Finally, some of the future challenges in this area are also highlighted.

Pushpinder Kaur Chouhan,Alfie Beard,Liming Chen

DOI: https://doi.org/10.48550/arXiv.2303.03070

2023-03-06

Abstract:The rapid expansion of the Internet of Things and the emergence of edge computing-based applications has led to a new wave of cyber-attacks, with intensity and complexity that has never been seen before. Historically most research has focused on Intrusion Detection Systems (IDS), however due to the volume and speed of this new generation of cyber-attacks it is no longer sufficient to solely detect attacks and leave the response to security analysts. Consequently, research into Intrusion Response Systems (IRS) is accelerating rapidly. As such, new intrusion response approaches, methods and systems have been investigated, prototyped, and deployed. This paper is intended to provide a comprehensive review of the state of the art of IRSs. Specifically, a taxonomy to characterize the lifecycle of IRSs ranging from response selection to response deployment and response implementation is presented. A 10-phase structure to organize the core technical constituents of IRSs is also presented. Following this, an extensive review and analysis of the literature on IRSs published during the past decade is provided, and further classifies them into corresponding phases based on the proposed taxonomy and phase structure. This study provides a new way of classifying IRS research, thus offering in-depth insights into the latest discoveries and findings. In addition, through critical analysis and comparison, expert views, guidance and best practices on intrusion response approaches, system development and standardization are presented, upon which future research challenges and directions are postulated.

Cryptography and Security

Uwe Aickelin,Julie Greensmith,Jamie Twycross

DOI: https://doi.org/10.48550/arXiv.1305.7144

2013-05-30

Cryptography and Security

Abstract:The use of artificial immune systems in intrusion detection is an appealing concept for two reasons. Firstly, the human immune system provides the human body with a high level of protection from invading pathogens, in a robust, self-organised and distributed manner. Secondly, current techniques used in computer security are not able to cope with the dynamic and increasingly complex nature of computer systems and their security. It is hoped that biologically inspired approaches in this area, including the use of immune-based systems will be able to meet this challenge. Here we collate the algorithms used, the development of the systems and the outcome of their implementation. It provides an introduction and review of the key developments within this field, in addition to making suggestions for future research.

Mohamed M Abdeldayem

DOI: https://doi.org/10.1007/s13369-022-07421-0

2022-11-07

Abstract:Artificial intelligence has been developed to be able to solve difficult problems that involve huge amounts of data and that require rapid decision-making in most branches of science and business. Machine learning is one of the most prominent areas of artificial intelligence, which has been used heavily in the last two decades in the field of network security, especially in Intrusion Detection Systems (IDS). Pattern recognition is a machine learning method applied in medical applications, image processing, and video processing. In this article, two layers' IDS is proposed. The first layer classifies the network connection according to the used service. Then, a minimum number of features that optimize the detection accuracy of malicious activities on that service are identified. Using those features, the second layer classifies each network connection as an attack or normal activity based on the pattern recognition method. In the training phase, two multivariate normal statistical models are created: the normal behavior model and the attack behavior model. In the testing and running phases, a maximum likelihood estimation function is used to classify a network connection into attack or normal activity using the two multivariate normal statistical models. The experimental results prove that the proposed IDS has superiority over related IDSs for network intrusion detection. Using only four features, it successfully achieves DR of 97.5%, 0.001 FAR, MCC 95.7%, and 99.8% overall accuracy.