Skip to main content
Article thumbnail
Location of Repository

A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment.

By Jules F. Pagna Disso

Abstract

Recent research has indicated that although security systems are developing,\ud illegal intrusion to computers is on the rise. The research conducted here\ud illustrates that improving intrusion detection and prevention methods is\ud fundamental for improving the overall security of systems.\ud This research includes the design of a novel Intrusion Detection System (IDS)\ud which identifies four levels of visibility of attacks. Two major areas of security\ud concern were identified: speed and volume of attacks; and complexity of\ud multistage attacks. Hence, the Multistage Intrusion Detection and Prevention\ud System (MIDaPS) that is designed here is made of two fundamental elements:\ud a multistage attack engine that heavily depends on attack trees and a Denial of\ud Service Engine. MIDaPS were tested and found to improve current intrusion\ud detection and processing performances.\ud After an intensive literature review, over 25 GB of data was collected on\ud honeynets. This was then used to analyse the complexity of attacks in a series\ud of experiments. Statistical and analytic methods were used to design the novel\ud MIDaPS.\ud Key findings indicate that an attack needs to be protected at 4 different levels.\ud Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use\ud legitimate actions, MIDaPS uses a novel approach of attack trees to trace the\ud attacker¿s actions. MIDaPS was tested and results suggest an improvement to\ud current system performance by 84% whilst detecting DDOS attacks within 10\ud minutes

Topics: Intrusion Detection System (IDS), Visibility of attacks, Multistage Intrusion Detection and Prevention System (MIDaPS), Performance evaluation, Snort, Computer network security
Publisher: Computing
Year: 2010
OAI identifier: oai:bradscholars.brad.ac.uk:10454/5248
Provided by: Bradford Scholars

Suggested articles


To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.