Intrusion Detection and Security Assessment in a University Network

This thesis first explores how intrusion detection (ID) techniques can be used to provide an extra security layer for today‟s typically security-unaware Internet user. A review of the ever-growing network security threat is presented along with an analysis of the suitability of existing ID systems (IDS) for protecting users of varying security expertise. In light of the impracticality of many IDS for today‟s users, a web-enabled, agent-based, hybrid IDS is proposed. The motivations for the system are presented along with details of its design and implementation. As a test case, the system is deployed on the DCU network and results analysed. One of the aims of an IDS is to uncover security-related issues in its host network. The issues revealed by our IDS demonstrate that a full DCU network security assessment is warranted. This thesis describes how such an assessment should be carried out and presents corresponding results. A set of security-enhancing recommendations for the DCU network are presented

Surveying port scans and their detection methodologies

Scanning of ports on a computer occurs frequently on the Internet. An attacker performs port scans of IP addresses to find vulnerable hosts to compromise. However, it is also useful for system administrators and other network defenders to detect port scans as possible preliminaries to more serious attacks. It is a very difficult task to recognize instances of malicious port scanning. In general, a port scan may be an instance of a scan by attackers or an instance of a scan by network defenders. In this survey, we present research and development trends in this area. Our presentation includes a discussion of common port scan attacks. We provide a comparison of port scan methods based on type, mode of detection, mechanism used for detection, and other characteristics. This survey also reports on the available datasets and evaluation criteria for port scan detection approaches

A Flow Based Horizontal Scan Detection Using Genetic Algorithm Approach

Abstract: An attacker has to "scan" susceptible points of a network before attacking. There are several methods of detection of such behavior which are mostly based on thresholding. As the performance of these methods is highly dependent on the value of threshold, it is crucial to adjust this value appropriately. This adjustment is not always trivial. In this study we proposed a new method to optimize the parameters of the system using genetic algorithms (GA) based on network flows. Subsequently we compared our method with Snort. The results showed a superior performance as measured by the sensitivity index of d"

Formulating Generalize Malware Attack Pattern Using Features Selection

Malicious software or malware activity is increasingly threatened the network security as the malicious codes can be easily obtained and can be used as a weapon to gain illegal objectives. Hence, network traffic gathered from a control experiment are explored and features selection method is used to identify the features involved in formulating the malware attack pattern. This paper proposes generalize malware attack pattern in two perspectives which is attacker and victim using traditional worm. This research shall facilitate the authorities in detecting the malware intrusion activities in cyber space while protecting the Critical National Information Infrastructure (CNII) in the country. These generalized malware attack pattern can be extended into research areas in alert correlation and computer forensic investigation

INTRUSION DETECTION SYSTEM USING DYNAMIC AGENT SELECTION AND CONFIGURATION

Intrusion detection is the process of monitoring the events occurring in a computer system or network and analysing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. An intrusion detection system (IDS) monitors network traffic and monitors for suspicious activity and alerts the system or network administrator. It identifies unauthorized use, misuse, and abuse of computer systems by both system insiders and external penetrators. Intrusion detection systems (IDS) are essential components in a secure network environment, allowing for early detection of malicious activities and attacks. By employing information provided by IDS, it is possible to apply appropriate countermeasures and mitigate attacks that would otherwise seriously undermine network security. However, Increasing traffic and the necessity of stateful analysis impose strong computational requirements on network intrusion detection systems (NIDS), and motivate the need of architectures with multiple dynamic sensors. In a context of high traffic with heavy tailed characteristics, static rules for dispatching traffic slices among sensors cause severe imbalance. The current high volumes of network traffic overwhelm most IDS techniques requiring new approaches that are able to handle huge volume of log and packet analysis while still maintaining high throughput. This paper shows that the use of dynamic agents has practical advantages for intrusion detection. Our approach features unsupervised adjustment of its configuration and dynamic adaptation to the changing environment, which improvises the performance of IDS significantly. KEYWORDS—Intrusion Detection System, Agent Based IDS, Dynamic Sensor Selection. I

Future benefits and applications of intelligent on-board processing to VSAT services

The trends and roles of VSAT services in the year 2010 time frame are examined based on an overall network and service model for that period. An estimate of the VSAT traffic is then made and the service and general network requirements are identified. In order to accommodate these traffic needs, four satellite VSAT architectures based on the use of fixed or scanning multibeam antennas in conjunction with IF switching or onboard regeneration and baseband processing are suggested. The performance of each of these architectures is assessed and the key enabling technologies are identified