Multiagent Systems for Network Intrusion Detection: A Review

More and more, Intrusion Detection Systems (IDSs) are seen as an important component in comprehensive security solutions. Thus, IDSs are common elements in modern infrastructures to enforce network policies. So far, plenty of techniques have been applied for the detection of intrusions, which has been reported in many surveys. This work focuses the development of network-based IDSs from an architectural point of view, in which multiagent systems are applied for the development of IDSs, presenting an up-to-date revision of the state of the art

Active network security

Most discussions of network security focus on the tools and techniques used to fortify networks: firewalls, biometrics, access controls, encryption. This paper presents an outline of tools that assist an administrator in verifying and maintaining the security of a networked system - Active Security tools. It discusses why there is a need for such tools and how security mechanisms are attacked. The report also describes the main tools available in this field, with particular emphasis on Intrusion Detection tools - how they work, what is available, and how they are changing. Finally, it demonstrates some of the concepts in a practical firewall network simulation

Fuzzy intrusion detection

Visual data mining techniques are used to assess which metrics are most effective at detecting different types of attacks. The research confirms that data aggregation and data reduction play crucial roles in the formation of the metrics. Once the proper metrics are identified, fuzzy rules are constructed for detecting attacks in several categories. The attack categories are selected to match the different phases that intruders frequently use when attacking a system. A suite of attacks tools is assembled to test the fuzzy rules. The research shows that fuzzy rules applied to good metrics can provide an effective means of detecting a wide variety of network intrusion activity. This research is being used as a proof of concept for the development of system known as the Fuzzy Intrusion Recognition Engine (FIRE).This thesis examines the application of fuzzy systems to the problem of network intrusion detection. Historically, there have been two primary methods of performing intrusion detection: misuse detection and anomaly detection. In misuse detection, a database of attack signatures is maintained that match known intrusion activity. While misuse detection systems are very effective, they require constant updates to the signature database to remain effective or to detect distinctly new attacks. Anomaly detection systems attempt to discover suspicious behavior by comparing system activity against past usage profiles. In this research, network activity is collected and usage profiles established for a variety of metrics. A network data gathering and data analysis tool was developed to create the metrics from the network stream. Great care is given to identifying the metrics that are most suitable for detecting intrusion activity

Active Network Security

Most discussions of network security focus on the tools and techniques used to fortify networks: firewalls, biometrics, access controls, encryption. This paper presents an outline of tools that assist an administrator in verifying and maintaining the security of a networked system -- Active Security tools. It discusses why there is a need for such tools and how security mechanisms are attacked. The report also describes the main tools available in this field, with particular emphasis on Intrusion Detection tools -- how they work, what is available, and how they are changing. Finally, it demonstrates some of the concepts in a practical firewall network simulation

Cyber-Physical Security Strategies

Cyber-physical security describes the protection of systems with close relationships between computational functions and physical ones and addresses the issue of vulnerability to attack through both cyber and physical avenues. This describes systems in a wide variety of functions, many crucial to the function of modern society, making their security of paramount importance. The development of secure system design and attack detection strategies for each potential avenue of attack is needed to combat malicious attacks. This thesis will provide an overview of the approaches to securing different aspect of cyber-physical systems. The cyber element can be designed to better prevent unauthorized entry and to be more robust to attack while its use is evaluated for signs of ongoing intrusion. Nodes in sensor networks can be evaluated by their claims to determine the likelihood of their honesty. Control systems can be designed to be robust in cases of the failure of one component and to detect signal insertion or replay attack. Through the application of these strategies, the safety and continued function of cyber-physical systems can be improved

Software integrity management system.

The purpose of this thesis is to design, implement, and evaluate a software package that is mutli-platform and will provide software integrity management (SIM). The software package is implemented in Java and will perform two hashing algorithms, Message Digest version 5 (MD5) and Secure Hashing Algorithm 1 (SHA-1), in order to verify the integrity of executable files. These records of executables and their hash value will be stored in flat database files. The database files will be stored off site on multiple servers. Each server will hold a file corresponding to the hash algorithm that was used. By storing the files off site, the users of the SIM package will be guaranteed a certain level of security and assurance that their executable files have not been tampered with. With the growing threats of security exploits and viruses, it is important for average users to be able to have this level of security. The security of the files off site will be as good as the security of the servers themselves. For this reason the server machines will be Linux machines since they are less susceptible to viruses. The server administrator will still have to keep up with security patches in order to avoid exploits, but the job will be less time consuming without having to worry about virus definitions. Initial testing using the GNU Compiler for Java (GCJ) in the Linux environment showed an increase in computational speed

Anomaly-based network intrusion detection: Techniques, systems and challenges.

Threat Intrusion detection Anomaly detection IDS systems and platforms Assessment a b s t r a c t The Internet and computer networks are exposed to an increasing number of security threats. With new types of attacks appearing continually, developing flexible and adaptive security oriented approaches is a severe challenge. In this context, anomaly-based network intrusion detection techniques are a valuable technology to protect target systems and networks against malicious activities. However, despite the variety of such methods described in the literature in recent years, security tools incorporating anomaly detection functionalities are just starting to appear, and several important problems remain to be solved. This paper begins with a review of the most well-known anomaly-based intrusion detection techniques. Then, available platforms, systems under development and research projects in the area are presented. Finally, we outline the main challenges to be dealt with for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues. ª 2008 Elsevier Ltd. All rights reserved. Introduction Intrusion Detection Systems (IDS) are security tools that, like other measures such as antivirus software, firewalls and access control schemes, are intended to strengthen the security of information and communication systems. Although, as shown i

SUIDS : a resource-efficient intrusion detection system for ubiquitous computing environments

The background of the project is based on the notion of ubiquitous computing. Ubiquitous computing was introduced as a prospective view about future usage of computers. Smaller and cheaper computer chips will enable us to embed computing ability into any appliances. Along with the convenience brought by ubiquitous computing, its inherent features also exposed its weaknesses. It makes things too easy for a malicious user to spy on others. An Intrusion Detection System (IDS) is a tool used to protect computer resources against malicious activities. Existing IDSs have several weaknesses that hinder their direct application to ubiquitous networks. These shortcomings are caused by their lack of considerations about the heterogeneity, flexibility and resource constraints of ubiquitous networks. Thus the evolution towards ubiquitous computing demands a new generation of resource-efficient IDSs to provide sufficient protections against malicious activities. SUIDS is the first intrusion detection system proposed for ubiquitous computing environments. It keeps the special requirements of ubiquitous computing in mind throughout its design and implementation. SUIDS adopts a layered and distributed system architecture, a novel user-centric design and service-oriented detection method, a new resource-sensitive scheme, including protocols and strategies, and a novel hybrid metric based algorithm. These novel methods and techniques used in SUIDS set a new direction for future research and development. As the experiment results demonstrated, SUIDS is able to provide a robust and resource-efficient protection for ubiquitous computing networks. It ensures the feasibility of intrusion detection in ubiquitous computing environments