Strengthening intrusion detection techniques through emerging patterns

In todays world where nearly every company is dependent on the Internet to survive, it is not surprising that the role of intrusion detection has become extremely important within the last decade. Intrusion detection involves determining whether some entity has attempted to gain, or worse, it has gained unauthorized access to the system. The task of current intrusion detection systems is detect possible threats not only from insiders but also from outsiders. Based on our current knowledge, there are two things the system administrator could do in order to keep secure his system. First, use preventive measures. Second, make use of the audit logs. Due to the sheer volume of the logs, it is required that this task be performed automat- ically. Data Mining eld of study has help to partially automatize this process. However, the current state of art has still left too much to the administrator and sometimes it distract the administrator raising false alarms. This work propose to apply a new technique, successfully used in others elds of knowledge as Bioinformatics and Classi cation Systems, in order to de ne more accurately user's pro les and to detect more intruders, raising a lower number of false alarms and having a precision higher than other techniques.Eje: Redes y arquitecturasRed de Universidades con Carreras en Informática (RedUNCI

Improving Data Transmission Rate with Self Healing Activation Model for Intrusion Detection with Enhanced Quality of Service

Several types of attacks can easily compromise a Wireless Sensor Network (WSN). Although not all intrusions can be predicted, they may cause significant damage to the network and its nodes before being discovered. Due to its explosive growth and the infinite scope in terms of applications and processing brought about by 5G, WSN is becoming more and more deeply embedded in daily life. Security breaches, downed services, faulty hardware, and buggy software can all cripple these enormous systems. As a result, the platform becomes unmaintainable when there are a million or more interconnected devices. When it comes to network security, intrusion detection technology plays a crucial role, with its primary function being to constantly monitor the health of a network and, if any aberrant behavior is detected, to issue a timely warning to network administrators. The current network's availability and dependability are directly tied to the efficacy and timeliness of the Intrusion Detection System (IDS). An Intrusion-Tolerant system would incorporate self-healing mechanisms to restore compromised data. System attributes such as readiness for accurate service, supply identical and correct data, confidentiality, and availability are necessary for a system to merit trust. In this research, self-healing methods are considered that can detect intrusions and can remove with intellectual strategies that can make a system fully autonomous and fix any problems it encounters. In this study, a new architecture for an Intrusion Tolerant Self Healing Activation Model for Improved Data Transmission Rate (ITSHAM-IDTR) is proposed for accurate detection of intrusions and self repairing the network for better performance, which boosts the server's performance quality and enables it to mend itself without any intervention from the administrator. When compared to the existing paradigm, the proposed model performs in both self-healing and increased data transmission rates.

Threshold Verification Technique for Network Intrusion Detection System

Internet has played a vital role in this modern world, the possibilities and opportunities offered are limitless. Despite all the hype, Internet services are liable to intrusion attack that could tamper the confidentiality and integrity of important information. An attack started with gathering the information of the attack target, this gathering of information activity can be done as either fast or slow attack. The defensive measure network administrator can take to overcome this liability is by introducing Intrusion Detection Systems (IDSs) in their network. IDS have the capabilities to analyze the network traffic and recognize incoming and on-going intrusion. Unfortunately the combination of both modules in real time network traffic slowed down the detection process. In real time network, early detection of fast attack can prevent any further attack and reduce the unauthorized access on the targeted machine. The suitable set of feature selection and the correct threshold value, add an extra advantage for IDS to detect anomalies in the network. Therefore this paper discusses a new technique for selecting static threshold value from a minimum standard features in detecting fast attack from the victim perspective. In order to increase the confidence of the threshold value the result is verified using Statistical Process Control (SPC). The implementation of this approach shows that the threshold selected is suitable for identifying the fast attack in real time.Comment: 8 Pages, International Journal of Computer Science and Information Securit

Automatic Dataset Labelling and Feature Selection for Intrusion Detection Systems

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Correctly labelled datasets are commonly required. Three particular scenarios are highlighted, which showcase this need. When using supervised Intrusion Detection Systems (IDSs), these systems need labelled datasets to be trained. Also, the real nature of the analysed datasets must be known when evaluating the efficiency of the IDSs when detecting intrusions. Another scenario is the use of feature selection that works only if the processed datasets are labelled. In normal conditions, collecting labelled datasets from real networks is impossible. Currently, datasets are mainly labelled by implementing off-line forensic analysis, which is impractical because it does not allow real-time implementation. We have developed a novel approach to automatically generate labelled network traffic datasets using an unsupervised anomaly based IDS. The resulting labelled datasets are subsets of the original unlabelled datasets. The labelled dataset is then processed using a Genetic Algorithm (GA) based approach, which performs the task of feature selection. The GA has been implemented to automatically provide the set of metrics that generate the most appropriate intrusion detection results