1,454 research outputs found
Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network
In recent years, wireless ad hoc sensor network becomes popular both in civil
and military jobs. However, security is one of the significant challenges for
sensor network because of their deployment in open and unprotected environment.
As cryptographic mechanism is not enough to protect sensor network from
external attacks, intrusion detection system needs to be introduced. Though
intrusion prevention mechanism is one of the major and efficient methods
against attacks, but there might be some attacks for which prevention method is
not known. Besides preventing the system from some known attacks, intrusion
detection system gather necessary information related to attack technique and
help in the development of intrusion prevention system. In addition to
reviewing the present attacks available in wireless sensor network this paper
examines the current efforts to intrusion detection system against wireless
sensor network. In this paper we propose a hierarchical architectural design
based intrusion detection system that fits the current demands and restrictions
of wireless ad hoc sensor network. In this proposed intrusion detection system
architecture we followed clustering mechanism to build a four level
hierarchical network which enhances network scalability to large geographical
area and use both anomaly and misuse detection techniques for intrusion
detection. We introduce policy based detection mechanism as well as intrusion
response together with GSM cell concept for intrusion detection architecture.Comment: 16 pages, International Journal of Network Security & Its
Applications (IJNSA), Vol.2, No.3, July 2010. arXiv admin note: text overlap
with arXiv:1111.1933 by other author
Introduction on intrusion detection systems : focus on hierarchical analysis
In today\u27s fast paced computing world security is a main concern. Intrusion detection systems are an important component of defensive measures protecting computer systems and networks from abuse. This paper will examine various intrusion detection systems. The task of intrusion detection is to monitor usage of a system and detect and malicious activity, therefore, the architecture is a key component when studying intrusion detection systems. This thesis will also analyze various neural networks for statistical anomaly intrusion detection systems. The thesis will focus on the Hierarchical Intrusion Detection system (HIDE) architecture. The HIDE system detects network based attack as anomalies using statistical preprocessing and neural network classification. The thesis will conclude with studies conducted on the HIDE architecture. The studies conducted on the HIDE architecture indicate how the hierarchical multi-tier anomaly intrusion detection system is an effective one
A Correlation Framework for Continuous User Authentication Using Data Mining
Merged with duplicate records: 10026.1/572, 10026.1/334 and 10026.1/724 on 01.02.2017 by CS (TIS)The increasing security breaches revealed in recent surveys and security threats reported in the media reaffirms the lack of current security measures in IT systems. While most reported work in this area has focussed on enhancing the initial login stage in order to counteract against unauthorised access, there is still a problem detecting when an intruder has compromised the front line controls. This could pose a senous threat since any subsequent indicator of an intrusion in progress could be quite subtle and may remain hidden to the casual observer. Having passed the frontline controls and having the appropriate access privileges, the intruder may be in the position to do virtually anything without further challenge. This has caused interest'in the concept of continuous authentication, which inevitably involves the analysis of vast amounts of data. The primary objective of the research is to develop and evaluate a suitable correlation engine in order to automate the processes involved in authenticating and monitoring users in a networked system environment. The aim is to further develop the Anoinaly Detection module previously illustrated in a PhD thesis [I] as part of the conceptual architecture of an Intrusion Monitoring System (IMS) framework
Intrusion detection and response model for mobile ad hoc networks.
This dissertation presents a research whose objective is to design and develop an intrusion detection and response model for Mobile Ad hoc NETworks (MANET). Mobile ad hoc networks are infrastructure-free, pervasive and ubiquitous in nature, without any centralized authority. These unique MANET characteristics present several changes to secure them. The proposed security model is called the Intrusion Detection and Response for Mobile Ad hoc Networks (IDRMAN). The goal of the proposed model is to provide a security framework that will detect various attacks and take appropriate measures to control the attack automatically. This model is based on identifying critical system parameters of a MANET that are affected by various types of attacks, and continuously monitoring the values of these parameters to detect and respond to attacks. This dissertation explains the design and development of the detection framework and the response framework of the IDRMAN. The main aspects of the detection framework are data mining using CART to identify attack sensitive network parameters from the wealth of raw network data, statistical processing using six sigma to identify the thresholds for the attack sensitive parameters and quantification of the MANET node state through a measure called the Threat Index (TI) using fuzzy logic methodology. The main aspects of the response framework are intruder identification and intruder isolation through response action plans. The effectiveness of the detection and response framework is mathematically analyzed using probability techniques. The detection framework is also evaluated by performance comparison experiments with related models, and through performance evaluation experiments from scalability perspective. Performance metrics used for assessing the detection aspect of the proposed model are detection rate and false positive rate at different node mobility speed. Performance evaluation experiments for scalability are with respect to the size of the MANET, where more and more mobile nodes are added into the MANET at varied mobility speed. The results of both the mathematical analysis and the performance evaluation experiments demonstrate that the IDRMAN model is an effective and viable security model for MANET
Analysis And Evaluation Snort, Bro, and Suricata as Intrusion Detection System Based on Linux Server
Security and confidentiality of data on computer networks is currently a
problem that continues to grow. Installation of firewalls, antivirus, IDS (Intrusion
Detection System) / IPS (Intrusion Prevention System) and various other security
applications often require the best available installation cost is not small. Open
source is the best solution to address the security issues that expensive. Intrusion
Detection System is a system designed to collect information about the activities
in the network, analyzing information, and give a warning. Snort, Bro and
Suricata is an open source Intrusion Detection System. By comparing how the
installation, configuration, warnings are displayed, and the resulting information
can to know the advantages and disadvantages of snort Snort, Bro and Suricata as
Intrusion Detection System.
There are two stages of testing, such as scanning and penetration. Phase
scanning is a scan of all ports, scanning is done by using NMAP application
which is found on Armitage. Stage penetration is done by using the menu hail
mary which is contained in Attack tab, hail mary is used to try all the exploits
against computer target.
Based on Scanning and penetration process, Snort detects 926 alert,
Suricata detects 1218 alerts and Bro detects 128 low alerts. Snort and Suricata
ease to install and update rule, Bro requires the least amount of resources
Building a truster environment for e-business : a Malaysian perspective
Internet identify ‘security’ as a major concern for businesses. In general, the level of security in any network environment is closely linked to the level of trust assigned to a particular individual or organization within that environment. It is the trust element that is crucial in ensuring a secure environment. Besides physical security, security technology needs to be utilised to
provide a trusted environment for e-business. Network security components for perimeter defense, i.e., Virtual Private Networks, firewalls and Intrusion Detection Systems, need to be complemented by security components at the applications and user level, e.g., authentication of user. ID or password security solution may be an option but now with the availability of legally binding digital certificates, security in e-business transactions can be further improved. Time and date stamping of e-business transactions are also of concern to prove at a later
date that the transactions took place at the stipulated date and time. Digital certificates are part of a Public Key Infrastructure (PKI) scheme, which is an enabling technology for building a trusted epvironment. PIU comprise policies and procedures for establishing a secure method for exchanging information over a network environment. The Digital Signature Act 1997 (DSA 1997) facilitates the PKI implementation in Malaysia. Following the DSA 1997, Certification Authorities (CAs) were set up in Malaysia. This paper describes a trusted platform for spurring ebusiness and provides a Malaysian perspective of it
On Cyber Attacks and Signature Based Intrusion Detection for Modbus Based Industrial Control Systems
Industrial control system communication networks are vulnerable to reconnaissance, response injection, command injection, and denial of service attacks. Such attacks can lead to an inability to monitor and control industrial control systems and can ultimately lead to system failure. This can result in financial loss for control system operators and economic and safety issues for the citizens who use these services. This paper describes a set of 28 cyber attacks against industrial control systems which use the MODBUS application layer network protocol. The paper also describes a set of standalone and state based intrusion detection system rules which can be used to detect cyber attacks and to store evidence of attacks for post incident analysis. All attacks described in this paper were validated in a laboratory environment. The detection rate of the intrusion detection system rules presented by attack class is also presented
Interior Visual Intruders Detection Module Based on Multi-Connect Architecture MCA Associative Memory
ركزت معظم الدراسات الحديثة على استخدام التقنيات الذكية الحديثة مكانيًا ، مثل تلك التي تم تطويرها في وحدة اكتشاف الدخلاء (IDS). تم بناء هذه التقنيات اعتمادًا على وحدات حديثة قائمة على الذكاء الاصطناعي. هذه الوحدات تعمل مثل الدماغ البشري. وبالتالي ، كان ينبغي أن تكون لديهم القدرة على التعلم والتعرف على ما تعلموه. وجاءت أهمية تطوير مثل هذه الأنظمة بعد مطالب العملاء والمنشآت بالحفاظ على ممتلكاتهم وتجنب الإضرار بالمتطفلين. سيتم توفير ذلك من خلال وحدة ذكية تضمن الإنذار الصحيح. وبالتالي ، تم اقتراح وحدة كشف دخيل بصرية داخلية تعتمد على الذاكرة الترابطية متعددة التوصيلات (MCA). من خلال استخدام الذاكرة الترابطية MCA كإتجاه جديد ، تمر الوحدة المقترحة بمرحلتين: الأولى هي مرحلة التدريب (التي يتم تنفيذها مرة واحدة أثناء عملية تثبيت الوحدة) والثانية هي مرحلة التحليل. سيتم تطوير كلتا المرحلتين من خلال استخدام MCA ، كل حسب عمليتها. ستتم مرحلة التدريب خلال مرحلة التعلم في MCA ، بينما ستتم مرحلة التحليل من خلال مرحلة التقارب في MCA. يزيد استخدام MCA من كفاءة عملية التدريب للنظام المقترح باستخدام حد أدنى من صور التدريب لا يتجاوز 10 صور تدريبية من إجمالي عدد الإطارات بتنسيق JPG. تم تقييم الوحدة المقترحة باستخدام 11825 صورة تم استخلاصها من 11 مقطع فيديو تم اختباره. نتيجة لذلك ، يمكن للوحدة الكشف عن الدخيل بنسبة دقة تتراوح من 97٪ إلى 100٪. كان متوسط وقت عملية التدريب لمقاطع الفيديو التدريبية في حدود 10.2 ثانية إلى 23.2 ثانية.Most recent studies have focused on using modern intelligent techniques spatially, such as those developed in the Intruder Detection Module (IDS). Such techniques have been built based on modern artificial intelligence-based modules. Those modules act like a human brain. Thus, they should have had the ability to learn and recognize what they had learned. The importance of developing such systems came after the requests of customers and establishments to preserve their properties and avoid intruders’ damage. This would be provided by an intelligent module that ensures the correct alarm. Thus, an interior visual intruder detection module depending on Multi-Connect Architecture Associative Memory (MCA) has been proposed. Via using the MCA associative memory as a new trend, the proposed module goes through two phases: the first is the training phase (which is executed once during the module installation process) and the second is the analysis phase. Both phases will be developed through the use of MCA, each according to its process. The training phase will take place through the learning phase of MCA, while the analysis phase will take place through the convergence phase of MCA. The use of MCA increases the efficiency of the training process for the proposed system by using a minimum number of training images that do not exceed 10 training images of the total number of frames in JPG format. The proposed module has been evaluated using 11,825 images that have been extracted from 11 tested videos. As a result, the module can detect the intruder with an accuracy ratio in the range of 97%–100%. The average training process time for the training videos was in the range of 10.2 s to 23.2 s
A Cluster-Based Distributed Hierarchical IDS for MANETs
Many attempts were made to secure wireless ad hoc
networks, but due to special ad-hoc nature, which is lack of a
fixed infrastructure and central management, finding an
optimal and comprehensive security solution is still a
research challenge
- …