A survey of intrusion detection system technologies

This paper provides an overview of IDS types and how they work as well as configuration considerations and issues that affect them. Advanced methods of increasing the performance of an IDS are explored such as specification based IDS for protecting Supervisory Control And Data Acquisition (SCADA) and Cloud networks. Also by providing a review of varied studies ranging from issues in configuration and specific problems to custom techniques and cutting edge studies a reference can be provided to others interested in learning about and developing IDS solutions. Intrusion Detection is an area of much required study to provide solutions to satisfy evolving services and networks and systems that support them. This paper aims to be a reference for IDS technologies other researchers and developers interested in the field of intrusion detection

Introduction to Security Onion

Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management

A Pattern Recognition Neural Network Model for Detection and Classification of SQL Injection Attacks

Thousands of organisations store important and confidential information related to them, their customers, and their business partners in databases all across the world. The stored data ranges from less sensitive (e.g. first name, last name, date of birth) to more sensitive data (e.g. password, pin code, and credit card information). Losing data, disclosing confidential information or even changing the value of data are the severe damages that Structured Query Language injection (SQLi) attack can cause on a given database. It is a code injection technique where malicious SQL statements are inserted into a given SQL database by simply using a web browser. In this paper, we propose an effective pattern recognition neural network model for detection and classification of SQLi attacks. The proposed model is built from three main elements of: a Uniform Resource Locator (URL) generator in order to generate thousands of malicious and benign URLs, a URL classifier in order to: 1) classify each generated URL to either a benign URL or a malicious URL and 2) classify the malicious URLs into different SQLi attack categories, and a NN model in order to: 1) detect either a given URL is a malicious URL or a benign URL and 2) identify the type of SQLi attack for each malicious URL. The model is first trained and then evaluated by employing thousands of benign and malicious URLs. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed approach

A Learning-based Neural Network Model for the Detection and Classification of SQL Injection Attacks

Structured Query Language injection (SQLi) attack is a code injection technique where hackers inject SQL commands into a database via a vulnerable web application. Injected SQL commands can modify the back-end SQL database and thus compromise the security of a web application. In the previous publications, the author has proposed a Neural Network (NN)-based model for detections and classifications of the SQLi attacks. The proposed model was built from three elements: 1) a Uniform Resource Locator (URL) generator, 2) a URL classifier, and 3) a NN model. The proposed model was successful to: 1) detect each generated URL as either a benign URL or a malicious, and 2) identify the type of SQLi attack for each malicious URL. The published results proved the effectiveness of the proposal. In this paper, the author re-evaluates the performance of the proposal through two scenarios using controversial data sets. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed model in terms of accuracy, true-positive rate as well as false-positive rate

Factors Affecting the Learning of Fixed Prosthodontics Course by Students at Kermanshah University of Medical Sciences

AIM: The objective of this study was to investigate the factors affecting the learning of fixed prosthodontics course from the viewpoint of students and faculty members of Kermanshah Dentistry School. MATERIAL AND METHODS: This research was a descriptive-analytical study conducted using the convenient sampling method. A total of 72 students and 5 faculty members were included in the study. Data were collected using a researcher-made questionnaire containing two sections. The first section consists of demographic information, and the second section consists of 14 questions to evaluate the factors affecting the learning of the fixed prosthodontics course. RESULTS: From the students’ point of view, there was a significant relationship between the effect of using clinical points during a teaching on the learning efficacy of the fixed prosthodontics course and gender (P = 0.028). There was a statistically significant relationship between the level of professor's knowledge regarding the modern educational methods on the learning of fixed prosthodontics course (P = 0.034). The factor of displaying and implementing practical work on the real patient was considered important by students, and having knowledge about modern educational methods was considered important by faculty members. CONCLUSIONS: It is recommended that appropriate educational planning be implemented to enhance students’ practical work on the real patient and increase professors’ knowledge about modern educational methods

A Pattern Recognition Neural Network Model for Detection and Classification of SQL Injection Attacks

Thousands of organisations store important and confidential information related to them, their customers, and their business partners in databases all across the world. The stored data ranges from less sensitive (e.g. first name, last name, date of birth) to more sensitive data (e.g. password, pin code, and credit card information). Losing data, disclosing confidential information or even changing the value of data are the severe damages that Structured Query Language injection (SQLi) attack can cause on a given database. It is a code injection technique where malicious SQL statements are inserted into a given SQL database by simply using a web browser. In this paper, we propose an effective pattern recognition neural network model for detection and classification of SQLi attacks. The proposed model is built from three main elements of: a Uniform Resource Locator (URL) generator in order to generate thousands of malicious and benign URLs, a URL classifier in order to: 1) classify each generated URL to either a benign URL or a malicious URL and 2) classify the malicious URLs into different SQLi attack categories, and a NN model in order to: 1) detect either a given URL is a malicious URL or a benign URL and 2) identify the type of SQLi attack for each malicious URL. The model is first trained and then evaluated by employing thousands of benign and malicious URLs. The results of the experiments are presented in order to demonstrate the effectiveness of the proposed approach

Insider Threat Detection Using Supervised Machine Learning Algorithms on an Extremely Imbalanced Dataset

An insider threat can take on many forms and fall under different categories. This includes: malicious insider, careless/unaware/uneducated/naïve employee, and third-party contractor. A malicious insider, which can be a criminal agent recruited as a legitimate candidate or a disgruntled employee seeking revenge, is likely the most difficult category to detect, prevent and mitigate. Some malicious insiders misuse their positions of trust by disrupting normal operations, while others transfer confidential or vital information about the victim organisation which can damage the employer's marketing position and/or reputation. In addition, some just lose their credentials (i.e. usernames and passwords) which can then be abused or stolen by an external hacker to breach the network using their name. Additionally, malicious insiders have free rein to roam a victim organisation unconstrained which can lead to successfully collecting personal information of other colleagues and/or clients, or even installing malicious software into the system/network.Machine learning techniques have been studied in published literature as a promising solution for such threats. However, they can be bias and/or inaccurate when the associated dataset is hugely imbalanced. In this case, an inaccurate classification could result in a huge cost to individuals and/or organisations. Therefore, this paper addresses the insider threat detection on an extremely imbalanced dataset which includes employing a popular balancing technique known as spread subsample. Our results show that although balancing our dataset using this technique did not improve performance metrics such as: classification accuracy, true positive rate, false positive rate, precision, recall, and f-measure it did improve the time taken to build the model and the time taken to test the model. Additionally, we realised that running our chosen classifiers with parameters other than the default ones has an impact on both balanced and imbalanced scenarios but the impact is significantly stronger when using the imbalanced dataset

A Conceptual Framework of a Surrogate-based Quality-Quantity Decision Support System (Q2DSS) for Water Resources Systems

The water crisis in different countries of the world has made the earth undergo tremendous changes compared to the past years. Therefore, it is very necessary to have intelligent systems that can help managers make correct and optimal decisions in various possible conditions. In recent years, the biggest challenge faced by water resource managers in the Karun Basin in Iran has been the decline in the quality of surface waters in the downstream areas of the basin. In this research, a surrogate-based model has been developed for predicting and controlling the quantity and quality of water in different parts of the basin. As a decision support system, this model can evaluate the quantity of water at different points in the basin and also predict its quality in various probable conditions. This model will also be used to extract optimal operating policies with the aim of satisfying quality constraints in different conditions. The model can help decision makers in the optimal management of the system and also greatly reduce the losses caused by quality issues in possible future situations