An overview to Software Architecture in Intrusion Detection System

Today by growing network systems, security is a key feature of each network infrastructure. Network Intrusion Detection Systems (IDS) provide defense model for all security threats which are harmful to any network. The IDS could detect and block attack-related network traffic. The network control is a complex model. Implementation of an IDS could make delay in the network. Several software-based network intrusion detection systems are developed. However, the model has a problem with high speed traffic. This paper reviews of many type of software architecture in intrusion detection systems and describes the design and implementation of a high-performance network intrusion detection system that combines the use of software-based network intrusion detection sensors and a network processor board. The network processor which is a hardware-based model could acts as a customized load balancing splitter. This model cooperates with a set of modified content-based network intrusion detection sensors rather than IDS in processing network traffic and controls the high-speed.Comment: 8 Pages, International Journal of Soft Computing and Software Engineering [JSCSE]. arXiv admin note: text overlap with arXiv:1101.0241 by other author

Notifikasi Network Intrusion Detection System Menggunakan Media Aplikasi Telegram (Studi Kasus: Kantor Imigrasi Tasikmalaya)

Pada jaringan local area network sering terdapat keluhan seperti sering terjadinya gangguan pada server dimana gangguan tersebut bisa berasal dari pihak-pihak yang tidak bertanggungjawab / penyusup (intruder) dengan memanfaatkan kelemahan sistem keamanan jaringan local area network yang terhubung dengan server baik itu melalui media kabel maupun nirkabel. Untuk menanggulangi hal tersebut diperlukan Intrusion Detection System untuk mendeteksi adanya aktivitas jaringan yang mencurigakan dan mengirimkan notifikasi peringatan kepada administrator dengan cepat dan efektif melalui media yang popular saat ini seperti aplikasi Telegram Messenger yang digunakan pada smartphone. Oleh karena itu dibangun suatu sistem deteksi dan notifikasi dengan menggunakan metode Network Development Life Cycle (NDLC). Penelitian dilakukan dengan tahapan-tahapan analysis, design, simulation prototyping, implementation, monitoring dan management. Sistem ini menggunakan Snort sebagai sensor IDS dengan database MySQL, Acidbase sebagai web front-end untuk mengelola data alerting yang dideteksi oleh snort, kemudian menggunakan account Bot API Telegram sebagai media notifikasi kepada administrator. Dengan diimplementasikannya telegram sebagai media notifikasi Intrusion Detection System ini, diharapkan administrator dapat mengetahui ada atau tidak adanya aktivitas mencurigakan yang mengancam keamanan jaringan, sehingga administrator dapat melakukan pemulihan sistem jaringan dengan cepa

Stochastic Tools for Network Intrusion Detection

With the rapid development of Internet and the sharp increase of network crime, network security has become very important and received a lot of attention. We model security issues as stochastic systems. This allows us to find weaknesses in existing security systems and propose new solutions. Exploring the vulnerabilities of existing security tools can prevent cyber-attacks from taking advantages of the system weaknesses. We propose a hybrid network security scheme including intrusion detection systems (IDSs) and honeypots scattered throughout the network. This combines the advantages of two security technologies. A honeypot is an activity-based network security system, which could be the logical supplement of the passive detection policies used by IDSs. This integration forces us to balance security performance versus cost by scheduling device activities for the proposed system. By formulating the scheduling problem as a decentralized partially observable Markov decision process (DEC-POMDP), decisions are made in a distributed manner at each device without requiring centralized control. The partially observable Markov decision process (POMDP) is a useful choice for controlling stochastic systems. As a combination of two Markov models, POMDPs combine the strength of hidden Markov Model (HMM) (capturing dynamics that depend on unobserved states) and that of Markov decision process (MDP) (taking the decision aspect into account). Decision making under uncertainty is used in many parts of business and science.We use here for security tools.We adopt a high-quality approximation solution for finite-space POMDPs with the average cost criterion, and their extension to DEC-POMDPs. We show how this tool could be used to design a network security framework.Comment: Accepted by International Symposium on Sensor Networks, Systems and Security (2017

A consensus based network intrusion detection system

Network intrusion detection is the process of identifying malicious behaviors that target a network and its resources. Current systems implementing intrusion detection processes observe traffic at several data collecting points in the network but analysis is often centralized or partly centralized. These systems are not scalable and suffer from the single point of failure, i.e. attackers only need to target the central node to compromise the whole system. This paper proposes an anomaly-based fully distributed network intrusion detection system where analysis is run at each data collecting point using a naive Bayes classifier. Probability values computed by each classifier are shared among nodes using an iterative average consensus protocol. The final analysis is performed redundantly and in parallel at the level of each data collecting point, thus avoiding the single point of failure issue. We run simulations focusing on DDoS attacks with several network configurations, comparing the accuracy of our fully distributed system with a hierarchical one. We also analyze communication costs and convergence speed during consensus phases.Comment: Presented at THE 5TH INTERNATIONAL CONFERENCE ON IT CONVERGENCE AND SECURITY 2015 IN KUALA LUMPUR, MALAYSI

Network intrusion detection

Attacks against computers and the internet are in the news every week. These primarily take the form of malicious code such as viruses and worms, or denial of service attacks. Less commonly reported are attacs with gain access to computers, either for the purpose of producing damage (such as defacing web sites or deleting data) or for the opportunities such as access provides to the attacker, such as accessto bank accounts or controlsystems of power stations. This chapter will discuss some of the areas in which computational statistics can be applied to these and related problems. --