Implementation and Comparison of a Rules-Based Approach and a Statistical Approach Intrusion Detection Systems

This paper presents an analysis of a rules-based approach and a statistical anomaly approach to Intrusion Detection Systems (IDS). Two IDS systems are implemented. Analysis and comparisons of the systems are presented, as well as conclusions regarding the two approaches

Kernel Memory Leakage Detection for Intrusion Detection Systems (IDS)

Data leakage from kernel memory occurs when the memory block is not released back to the kernel after the memory block is unoccupied. The data leaked is arbitrary and confidential data such as, encryption key and password may leak out. Meltdown and Spectre are methods from side channel attacks that takes advantage of this data leakage to gain confidential data (Graz University of Technology, 2018). This study is on how kernel memory leakage can be read as kernel memory is a protected memory area that even the root account of an operating system is unable to access (Ning, Qing, & Li, 2006). Reading kernel memory leakage is only a part of the solution to mitigate Meltdown and Spectre. To provide a solution, the leaked data from kernel memory must be of use to an Intruder Detection System (IDS) for alerts to determine if there is a possible attack on kernel memory to attain confidential data. As a result, kmemleak is used as a module created to provide a way to detect possible kernel memory leaks that is similar to a tracing garbage collector(gc) (The kernel development community, n.d.)

Intrusion Detection Systems Using Adaptive Regression Splines

Past few years have witnessed a growing recognition of intelligent techniques for the construction of efficient and reliable intrusion detection systems. Due to increasing incidents of cyber attacks, building effective intrusion detection systems (IDS) are essential for protecting information systems security, and yet it remains an elusive goal and a great challenge. In this paper, we report a performance analysis between Multivariate Adaptive Regression Splines (MARS), neural networks and support vector machines. The MARS procedure builds flexible regression models by fitting separate splines to distinct intervals of the predictor variables. A brief comparison of different neural network learning algorithms is also given

A survey of intrusion detection techniques in Cloud

Cloud computing provides scalable, virtualized on-demand services to the end users with greater flexibility and lesser infrastructural investment. These services are provided over the Internet using known networking protocols, standards and formats under the supervision of different managements. Existing bugs and vulnerabilities in underlying technologies and legacy protocols tend to open doors for intrusion. This paper, surveys different intrusions affecting availability, confidentiality and integrity of Cloud resources and services. It examines proposals incorporating Intrusion Detection Systems (IDS) in Cloud and discusses various types and techniques of IDS and Intrusion Prevention Systems (IPS), and recommends IDS/IPS positioning in Cloud architecture to achieve desired security in the next generation networks

Detecting attacks to computer networks using a multi-layer perceptron artificial neural network

In this paper, we present concepts in artificial neural networks (ANN) to help detect intrusion attacks against network computers, and introduce and compare a multi-layer perceptron ANN (MLPANN) with Snort, an open-source tool for intrusion detection systems (IDS). To conduct these comparison experiments, we inserted malicious traffic into the MLPANN to train our ANN, with results indicating that our ANN detected 99% of these input attacks

Novel attack resilience by fusing events related to objectives

Research in intrusion detection systems (IDS) is mainly restricted to the misuse and anomaly detection dichotomy, and therefore to their limitations. Web attack detectors are a case in point, where ones that perform misuse detection are prone to miss novel attacks, whilst those performing anomaly detection produce impractical amounts of daily false alerts. Detectors inspired from the workings of the human immune system (HIS) have proposed new effective detection approaches, however without tackling the issue of novel attack resilience separately from anomaly detection.peer-reviewe

Intrusion detection effectiveness improvement by a multiagent system

Recent studies about Intrusion Detection Systems (IDS) performance reveal that the value of an IDS and its optimal operation point depend not only on the Hit and False alarm rates but also on costs (such as those associated with making incorrect decisions about detection) and the hostility of the operating environment. An adaptive multiagent IDS is proposed in this paper and it is evaluated according to a promising metric that take into account all these parameters. This paper shows results of a prototype that clearly point out how multiagent technology can improve IDS effectiveness.Publicad

P4ID:P4 Enhanced Intrusion Detection

The growth in scale and capacity of networks in recent years leads to challenges of positioning and scalability of Intrusion Detection Systems (IDS). With the flexibility afforded by programmable dataplanes, it is now possible to perform a new level of intrusion detection in switches themselves. We present P4ID, combining a rule parser, stateless and stateful packet processing using P4, and evaluate it using publicly available datasets. We show that using this technique, we can achieve a significant reduction in traffic being processed by an IDS