9,267 research outputs found
An overview to Software Architecture in Intrusion Detection System
Today by growing network systems, security is a key feature of each network
infrastructure. Network Intrusion Detection Systems (IDS) provide defense model
for all security threats which are harmful to any network. The IDS could detect
and block attack-related network traffic. The network control is a complex
model. Implementation of an IDS could make delay in the network. Several
software-based network intrusion detection systems are developed. However, the
model has a problem with high speed traffic. This paper reviews of many type of
software architecture in intrusion detection systems and describes the design
and implementation of a high-performance network intrusion detection system
that combines the use of software-based network intrusion detection sensors and
a network processor board. The network processor which is a hardware-based
model could acts as a customized load balancing splitter. This model cooperates
with a set of modified content-based network intrusion detection sensors rather
than IDS in processing network traffic and controls the high-speed.Comment: 8 Pages, International Journal of Soft Computing and Software
Engineering [JSCSE]. arXiv admin note: text overlap with arXiv:1101.0241 by
other author
Notifikasi Network Intrusion Detection System Menggunakan Media Aplikasi Telegram (Studi Kasus: Kantor Imigrasi Tasikmalaya)
Pada jaringan local area network sering terdapat keluhan seperti sering terjadinya gangguan pada server dimana gangguan tersebut bisa berasal dari pihak-pihak yang tidak bertanggungjawab / penyusup (intruder) dengan memanfaatkan kelemahan sistem keamanan jaringan local area network yang terhubung dengan server baik itu melalui media kabel maupun nirkabel. Untuk menanggulangi hal tersebut diperlukan Intrusion Detection System untuk mendeteksi adanya aktivitas jaringan yang mencurigakan dan mengirimkan notifikasi peringatan kepada administrator dengan cepat dan efektif melalui media yang popular saat ini seperti aplikasi Telegram Messenger yang digunakan pada smartphone. Oleh karena itu dibangun suatu sistem deteksi dan notifikasi dengan menggunakan metode Network Development Life Cycle (NDLC). Penelitian dilakukan dengan tahapan-tahapan analysis, design, simulation prototyping, implementation, monitoring dan management. Sistem ini menggunakan Snort sebagai sensor IDS dengan database MySQL, Acidbase sebagai web front-end untuk mengelola data alerting yang dideteksi oleh snort, kemudian menggunakan account Bot API Telegram sebagai media notifikasi kepada administrator. Dengan diimplementasikannya telegram sebagai media notifikasi Intrusion Detection System ini, diharapkan administrator dapat mengetahui ada atau tidak adanya aktivitas mencurigakan yang mengancam keamanan jaringan, sehingga administrator dapat melakukan pemulihan sistem jaringan dengan cepa
Stochastic Tools for Network Intrusion Detection
With the rapid development of Internet and the sharp increase of network
crime, network security has become very important and received a lot of
attention. We model security issues as stochastic systems. This allows us to
find weaknesses in existing security systems and propose new solutions.
Exploring the vulnerabilities of existing security tools can prevent
cyber-attacks from taking advantages of the system weaknesses. We propose a
hybrid network security scheme including intrusion detection systems (IDSs) and
honeypots scattered throughout the network. This combines the advantages of two
security technologies. A honeypot is an activity-based network security system,
which could be the logical supplement of the passive detection policies used by
IDSs. This integration forces us to balance security performance versus cost by
scheduling device activities for the proposed system. By formulating the
scheduling problem as a decentralized partially observable Markov decision
process (DEC-POMDP), decisions are made in a distributed manner at each device
without requiring centralized control. The partially observable Markov decision
process (POMDP) is a useful choice for controlling stochastic systems. As a
combination of two Markov models, POMDPs combine the strength of hidden Markov
Model (HMM) (capturing dynamics that depend on unobserved states) and that of
Markov decision process (MDP) (taking the decision aspect into account).
Decision making under uncertainty is used in many parts of business and
science.We use here for security tools.We adopt a high-quality approximation
solution for finite-space POMDPs with the average cost criterion, and their
extension to DEC-POMDPs. We show how this tool could be used to design a
network security framework.Comment: Accepted by International Symposium on Sensor Networks, Systems and
Security (2017
A consensus based network intrusion detection system
Network intrusion detection is the process of identifying malicious behaviors
that target a network and its resources. Current systems implementing intrusion
detection processes observe traffic at several data collecting points in the
network but analysis is often centralized or partly centralized. These systems
are not scalable and suffer from the single point of failure, i.e. attackers
only need to target the central node to compromise the whole system. This paper
proposes an anomaly-based fully distributed network intrusion detection system
where analysis is run at each data collecting point using a naive Bayes
classifier. Probability values computed by each classifier are shared among
nodes using an iterative average consensus protocol. The final analysis is
performed redundantly and in parallel at the level of each data collecting
point, thus avoiding the single point of failure issue. We run simulations
focusing on DDoS attacks with several network configurations, comparing the
accuracy of our fully distributed system with a hierarchical one. We also
analyze communication costs and convergence speed during consensus phases.Comment: Presented at THE 5TH INTERNATIONAL CONFERENCE ON IT CONVERGENCE AND
SECURITY 2015 IN KUALA LUMPUR, MALAYSI
Network intrusion detection
Attacks against computers and the internet are in the news every week. These primarily take the form of malicious code such as viruses and worms, or denial of service attacks. Less commonly reported are attacs with gain access to computers, either for the purpose of producing damage (such as defacing web sites or deleting data) or for the opportunities such as access provides to the attacker, such as accessto bank accounts or controlsystems of power stations. This chapter will discuss some of the areas in which computational statistics can be applied to these and related problems. --
- …