14,440 research outputs found
DCDIDP: A distributed, collaborative, and data-driven intrusion detection and prevention framework for cloud computing environments
With the growing popularity of cloud computing, the exploitation of possible vulnerabilities grows at the same pace; the distributed nature of the cloud makes it an attractive target for potential intruders. Despite security issues delaying its adoption, cloud computing has already become an unstoppable force; thus, security mechanisms to ensure its secure adoption are an immediate need. Here, we focus on intrusion detection and prevention systems (IDPSs) to defend against the intruders. In this paper, we propose a Distributed, Collaborative, and Data-driven Intrusion Detection and Prevention system (DCDIDP). Its goal is to make use of the resources in the cloud and provide a holistic IDPS for all cloud service providers which collaborate with other peers in a distributed manner at different architectural levels to respond to attacks. We present the DCDIDP framework, whose infrastructure level is composed of three logical layers: network, host, and global as well as platform and software levels. Then, we review its components and discuss some existing approaches to be used for the modules in our proposed framework. Furthermore, we discuss developing a comprehensive trust management framework to support the establishment and evolution of trust among different cloud service providers. © 2011 ICST
An overview to Software Architecture in Intrusion Detection System
Today by growing network systems, security is a key feature of each network
infrastructure. Network Intrusion Detection Systems (IDS) provide defense model
for all security threats which are harmful to any network. The IDS could detect
and block attack-related network traffic. The network control is a complex
model. Implementation of an IDS could make delay in the network. Several
software-based network intrusion detection systems are developed. However, the
model has a problem with high speed traffic. This paper reviews of many type of
software architecture in intrusion detection systems and describes the design
and implementation of a high-performance network intrusion detection system
that combines the use of software-based network intrusion detection sensors and
a network processor board. The network processor which is a hardware-based
model could acts as a customized load balancing splitter. This model cooperates
with a set of modified content-based network intrusion detection sensors rather
than IDS in processing network traffic and controls the high-speed.Comment: 8 Pages, International Journal of Soft Computing and Software
Engineering [JSCSE]. arXiv admin note: text overlap with arXiv:1101.0241 by
other author
Data analytics for modeling and visualizing attack behaviors: A case study on SSH brute force attacks
In this research, we explore a data analytics based approach for modeling and visualizing attack behaviors. To this end, we employ Self-Organizing Map and Association Rule Mining algorithms to analyze and interpret the behaviors of SSH brute force attacks and SSH normal traffic as a case study. The experimental results based on four different data sets show that the patterns extracted and interpreted from the SSH brute force attack data sets are similar to each other but significantly different from those extracted from the SSH normal traffic data sets. The analysis of the attack traffic provides insight into behavior modeling for brute force SSH attacks. Furthermore, this sheds light into how data analytics could help in modeling and visualizing attack behaviors in general in terms of data acquisition and feature extraction
Markov Decision Processes with Applications in Wireless Sensor Networks: A Survey
Wireless sensor networks (WSNs) consist of autonomous and resource-limited
devices. The devices cooperate to monitor one or more physical phenomena within
an area of interest. WSNs operate as stochastic systems because of randomness
in the monitored environments. For long service time and low maintenance cost,
WSNs require adaptive and robust methods to address data exchange, topology
formulation, resource and power optimization, sensing coverage and object
detection, and security challenges. In these problems, sensor nodes are to make
optimized decisions from a set of accessible strategies to achieve design
goals. This survey reviews numerous applications of the Markov decision process
(MDP) framework, a powerful decision-making tool to develop adaptive algorithms
and protocols for WSNs. Furthermore, various solution methods are discussed and
compared to serve as a guide for using MDPs in WSNs
- …