This document summarizes a proposed network attack alerting system that aims to reduce redundant alerts from intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack penetration testing tool on a virtual network environment. Well-known open source IDS tools from the Security Onion distribution are used to generate alerts. The system builds a database of alerts and defines rules to eliminate duplicate alerts for the same attack based on attributes like source/destination IP and port. It also establishes a severity classification scheme using threshold values of alerts and time to help administrators prioritize responses.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
An IDS (Intrusion detection system) is a device or software application that monitors network or system
activities for malicious activities or policy violations and produces reports to a management station. IDS
come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways.
There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may
attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : September 2019
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
Reference:
Dyuanyang Zhao, Zhilin Feng, Qingxiang Xu, “Analysis and design for Intrusion detection system based on data mining” in proceedings of 2010 IEEE second international workshop on education technology and computer science
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
An IDS (Intrusion detection system) is a device or software application that monitors network or system
activities for malicious activities or policy violations and produces reports to a management station. IDS
come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways.
There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may
attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : September 2019
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
Reference:
Dyuanyang Zhao, Zhilin Feng, Qingxiang Xu, “Analysis and design for Intrusion detection system based on data mining” in proceedings of 2010 IEEE second international workshop on education technology and computer science
With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
In recent years, wireless sensor network (WSN) is used in several application areas resembling observance, tracking, and dominant in IoTs. for several applications of WSN, security is a crucial demand. However, security solutions in WSN disagree from ancient networks because of resource limitation and process constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. This paper additionally presents characteristics, security needs, attacks, cryptography algorithms, and operation modes. This paper is taken into account to be helpful for security designers in WSNs.
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers. This honey token inside the frame will serve as a trap for the attacker. All nodes operating within the working domain of critical infrastructure network are divided into four different pools. This division is based per their computational power and level of vulnerability. These pools are provided with different levels of security measures within the network. IDS use different number of Honey Tokens (HT) per frame for every different pool e.g. Pool-A contains 4 HT/frame, Pool-B contains 3 HT/frame, Pool-C contains 2 HT/frame and Pool-D contain 1 HT/frame. Moreover, every pool uses different types of encryption schemes (AES-128,192,256). Our critical infrastructure network of 64 nodes is under the umbrella of unified security provided by this single Network Intrusion Detection System (NIDS). After the design phase of IDS, we analyze the performance of IDS in terms of True Positives (TP) and False Negatives (FN). Finally, we test these IDS through Network Penetration Testing (NPT) phase. The detection rate depends on the number of honey tokens per frame. Our proposed IDS are a scalable solution and it can be implemented for any number of nodes in critical infrastructure network. However, in case of Intrusion Prevention System (IPS) we use Virtual honeypot technology which is the best active prevention technology among all honeypot technologies. By using the original operating system and virtual technology, the honeypot lures attackers in a pre-arranged manner, analyzes and audits various attacking behavior, tracks the attack source, obtains evidence, and finds effective solutions.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Seminar Report | Network Intrusion Detection using Supervised Machine Learnin...Jowin John Chemban
Seminar Report : Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : November 2019
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A Performance Analysis of Chasing Intruders by Implementing Mobile AgentsCSCJournals
An Intrusion Detection System in network fetches the intrusions information from systems by using Mobile Agents aid. Intrusion Detection System detects intrusions based on the collected information and routes the intrusion. The intelligent decisions on communications, permit agents to gain their goals more efficiently and provide more survivability and security of an agent system. The proposed model showed a formal representation of information assurance in agent messaging over a dynamic network by probability of redundant routes. The proposed Intrusion Detection System, chase intruders and collect information by the Mobile Agents. Our propose architecture is an information exchange method and chasing intrusion along with a method by implementing Mobile Agents.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
In recent years, wireless sensor network (WSN) is used in several application areas resembling observance, tracking, and dominant in IoTs. for several applications of WSN, security is a crucial demand. However, security solutions in WSN disagree from ancient networks because of resource limitation and process constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. This paper additionally presents characteristics, security needs, attacks, cryptography algorithms, and operation modes. This paper is taken into account to be helpful for security designers in WSNs.
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers. This honey token inside the frame will serve as a trap for the attacker. All nodes operating within the working domain of critical infrastructure network are divided into four different pools. This division is based per their computational power and level of vulnerability. These pools are provided with different levels of security measures within the network. IDS use different number of Honey Tokens (HT) per frame for every different pool e.g. Pool-A contains 4 HT/frame, Pool-B contains 3 HT/frame, Pool-C contains 2 HT/frame and Pool-D contain 1 HT/frame. Moreover, every pool uses different types of encryption schemes (AES-128,192,256). Our critical infrastructure network of 64 nodes is under the umbrella of unified security provided by this single Network Intrusion Detection System (NIDS). After the design phase of IDS, we analyze the performance of IDS in terms of True Positives (TP) and False Negatives (FN). Finally, we test these IDS through Network Penetration Testing (NPT) phase. The detection rate depends on the number of honey tokens per frame. Our proposed IDS are a scalable solution and it can be implemented for any number of nodes in critical infrastructure network. However, in case of Intrusion Prevention System (IPS) we use Virtual honeypot technology which is the best active prevention technology among all honeypot technologies. By using the original operating system and virtual technology, the honeypot lures attackers in a pre-arranged manner, analyzes and audits various attacking behavior, tracks the attack source, obtains evidence, and finds effective solutions.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Seminar Report | Network Intrusion Detection using Supervised Machine Learnin...Jowin John Chemban
Seminar Report : Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : November 2019
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A Performance Analysis of Chasing Intruders by Implementing Mobile AgentsCSCJournals
An Intrusion Detection System in network fetches the intrusions information from systems by using Mobile Agents aid. Intrusion Detection System detects intrusions based on the collected information and routes the intrusion. The intelligent decisions on communications, permit agents to gain their goals more efficiently and provide more survivability and security of an agent system. The proposed model showed a formal representation of information assurance in agent messaging over a dynamic network by probability of redundant routes. The proposed Intrusion Detection System, chase intruders and collect information by the Mobile Agents. Our propose architecture is an information exchange method and chasing intrusion along with a method by implementing Mobile Agents.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging
endlessly. So it is critical to protect the networks from attackers and the Intrusion detection
technology becomes popular. Therefore, it is necessary that this security concern must be articulate
right from the beginning of the network design and deployment. The intrusion detection technology is the
process of identifying network activity that can lead to a compromise of security policy. Lot of work has
been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a
novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and
manage misuse and anomaly detects
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.
Autonomic Anomaly Detection System in Computer Networksijsrd.com
This paper describes how you can protect your system from Intrusion, which is the method of Intrusion Prevention and Intrusion Detection .The underlying premise of our Intrusion detection system is to describe attack as instance of ontology and its first need is to detect attack. In this paper, we propose a novel framework of autonomic intrusion detection that fulfills online and adaptive intrusion detection over unlabeled HTTP traffic streams in computer networks. The framework holds potential for self-governing: self-labeling, self-updating and self-adapting. Our structure employs the Affinity Propagation (AP) algorithm to learn a subject’s behaviors through dynamical clustering of the streaming data. It automatically labels the data and adapts to normal behavior changes while identifies anomalies.
Survey on classification techniques for intrusion detectioncsandit
Intrusion detection is the most essential component
in network security. Traditional Intrusion
Detection methods are based on extensive knowledge
of signatures of known attacks. Signature-
based methods require manual encoding of attacks by
human experts. Data mining is one of the
techniques applied to Intrusion Detection that prov
ides higher automation capabilities than
signature-based methods. Data mining techniques suc
h as classification, clustering and
association rules are used in intrusion detection.
In this paper, we present an overview of
intrusion detection, KDD Cup 1999 dataset and detai
led analysis of different classification
techniques namely Support vector Machine, Decision
tree, Naïve Bayes and Neural Networks
used in intrusion detection.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal1
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkIJRES Journal
Intrusion Detection System (IDS) is used to supervise all tricks which are running on particular machine or network. Also it will give you alert regarding to any attack. However now a day’s these alerts are very large in amount. It is very complicated to examine these attacks. We intend a time and space based alert analysis technique which can strap related alerts without surroundings knowledge and provide attack graph to help the administrator to understand the attack on host or network steps wise clearly and fittingly for analysis. A threat evaluation is given to discover out the most treacherous attack, which decrease administrator’s time and energy in calculating huge amount of alerts. We are analyzing the network traffic in form of attack using Entity Threat Evaluation (ETE) which find out which particular host is attacked, Gadget Threat Evaluation (GTE) which tells us within that host which device is attacked, Network Threat Evaluation (NTE) which tells us which network is attacked, Hit Threat Evaluation (HTE) by giving input as dataset of attack. Main idea is that the distribution of different types of attacks is not balanced. The attacks which are not repeatedly occurs, the learning sample size is too small as compared to high-frequent attacks. It makes Artificial Neural Network (ANN) not easy to become skilled at the characters of these attacks and therefore detection precision is much worse. To solve such troubles, we propose a new technique for ANN-based IDS, Fuzzy Clustering (FC-ANN), to enhance the detection precision for low-frequent attacks and detection stability.
INTRUSION DETECTION SYSTEM USING CUSTOMIZED RULES FOR SNORTIJMIT JOURNAL
These days the security provided by the computer systems is a big issue as it always has the threats of
cyber-attacks like IP address spoofing, Denial of Service (DOS), token impersonation, etc. The security
provided by the blue team operations tends to be costly if done in large firms as a large number of systems
need to be protected against these attacks. This leads these firms to turn to less costly security
configurations like IDS Suricata and IDS Snort. The main theme of the project is to improve the services
provided by Snort which is a tool used in creating a vague defense against cyber-attacks like DDOS
attacks which are done on both physical and network layers. These attacks in turn result in loss of
extremely important data. The rules defined in this project will result in monitoring traffic, analyzing it,
and taking appropriate action to not only stop the attack but also locate its source IP address. This whole
process uses different tools other than Snort like Wireshark, Wazuh and Splunk. The product of this will
result in not only the detection of the attack but also the source IP address of the machine on which the
attack is initiated and completed. The end product of this research will result in sets of default rules for the
Snort tool which will not only be able to provide better security than its previous versions but also be able
to provide the user with the IP address of the attacker or the person conducting the attack. The system
involves the integration of Wazuh with Snort tool in order to make it more efficient than IDS Suricata
which is another intrusion detection system capable of detecting all these types of attacks as mentioned.
Splunk is another tool used in this project which increases the firewall efficiency to pass the no. of bits to
be scanned and the no. of bits scanned successfully. Wazuh is used in this system as it is the best choice for
traffic monitoring and incident response than any other of its alternatives in the market. Since this system
is used in firms which are known to handle big amounts of data and for this purpose, we use Splunk tool as
it is very efficient in handling big amounts of data. Wireshark is used in this system in order to give the IDS
automation in its capability to capture and report the malicious packets found during the network scan. All
of this gives the IDS a capability of a low budget automated threat detection system. This paper gives
complete guidelines for authors submitting papers for the AIRCC Journals.
Information Systems and Networks are subjected to electronic attacks. When
network attacks hit, organizations are thrown into crisis mode. From the IT department to
call centers, to the board room and beyond, all are fraught with danger until the situation is
under control. Traditional methods which are used to overcome these threats (e.g. firewall,
antivirus software, password protection etc.) do not provide complete security to the system.
This encourages the researchers to develop an Intrusion Detection System which is capable
of detecting and responding to such events. This review paper presents a comprehensive
study of Genetic Algorithm (GA) based Intrusion Detection System (IDS). It provides a
brief overview of rule-based IDS, elaborates the implementation issues of Genetic Algorithm
and also presents a comparative analysis of existing studies.
The overwhelming threat may be a challenge to
general security system. Fundamentally diverse alert and threat
techniques are been researched in order to reduce deceptive
warnings. Threat Detection Systems generates huge amount of
alerts which becomes challenging to deal with them and prepare
solution. The detection System checks inbound and outbound
network activities and finds an suspicious pattern that indicate
an ongoing steps for attack. Large amount of alert may contain
false alarm therefore need of alert analysis mechanisms to offer
high level information of seriousness of threat, how dangerous
device are and which device admin has to pay more attention. To
solve this query we would make use of time and space based alert
analysis technique that provides a solution in form of attack
graph and its evaluation that provides severity of attack to
administrator.
Electrically small antennas: The art of miniaturizationEditor IJARCET
We are living in the technological era, were we preferred to have the portable devices rather than unmovable devices. We are isolating our self rom the wires and we are becoming the habitual of wireless world what makes the device portable? I guess physical dimensions (mechanical) of that particular device, but along with this the electrical dimension is of the device is also of great importance. Reducing the physical dimension of the antenna would result in the small antenna but not electrically small antenna. We have different definition for the electrically small antenna but the one which is most appropriate is, where k is the wave number and is equal to and a is the radius of the imaginary sphere circumscribing the maximum dimension of the antenna. As the present day electronic devices progress to diminish in size, technocrats have become increasingly concentrated on electrically small antenna (ESA) designs to reduce the size of the antenna in the overall electronics system. Researchers in many fields, including RF and Microwave, biomedical technology and national intelligence, can benefit from electrically small antennas as long as the performance of the designed ESA meets the system requirement.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
1. ISSN: 2278 – 1323
International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 2, No 5, May 2013
www.ijarcet.org
1776
Abstract— Network attack alerting system becomes a critical
technology to help and assist security engineers and network
administrators to secure their network infrastructure. The
proposed system implements network attack alerting system
based on Network-based and Host-based Intrusion Detection
System (IDS). Open source attacking system, Backtrack is used
to initiate and launch the attacks. Well-known free open source
tools available on Security Onion Linux Distribution are used to
distinguish the important network IDS alert types. The system
uses existing IDS rules and defines the set of new rules to fetch
these attacks. There are the overwhelming alerts generated by
IDSs so finding a solution to reduce these alerts is the most
important field of IDS. The system eliminates the large numbers
of alerts that belong to the same attack type within the defined
time window.
Index Terms— intrusion detection system, rules, alerts, attack.
I. INTRODUCTION
With the increase usage of the network of computers and
Internet, the number of network attacks has also risen. To
detect against these attacks, intrusion detection systems are
greatly used into computer networks. The main purpose of the
intrusion detection system is to reveal intrusive events and
flag alerts in such an event. An intrusion detection system can
be compared with a house burglar alarm: if somebody tries to
enter illegally in the house, one of the sensors will detect it
and will trigger the alarm bell and alert the house owner and
the police. Similarly, if somebody tries to compromise the
confidentiality, the integrity or the availability of a computer
system or network, or tries to break the security protections,
an intrusion detection system will alert the system owner and
the security team [1].
Intrusion detection system may raise large number of alerts
that are redundant, irrelevant and correlate alerts. The
redundant, irrelevant and false alerts are reduced as early as
possible for the purpose of reducing the number of processed
alerts to enhance the performance. This paper eliminates the
redundant alerts that have the similar attributes such as the
source IP, destination IP, source Port, destination Port and so
on. Threshold count and threshold time are defined to classify
the severity level of the alerts. Alert reduction and defining
the severity level are important for the system administrators
Manuscript received May, 2013.
Mon Mon Zaw, Faculty of Information and Communication
Technology, University of Technology (Yatanarpon Cyber City), Pyin Oo
Lwin, Myanmar, 09-420731668,
to take appropriate actions. If the alerts reach the highest
severity level, the security engineer needs to take down the
attack origin.
II. INTRUSION DETECTION SYSTEM
Intrusion Detection System is greatly becoming a vital
component to detect various attacks or intrusion activities as
an active way and also useful in monitoring attempts to break
network security. Intrusion could be in many patterns such as:
non-legitimate user attempting to get access to the system
resources or network resources, malicious programs that ruin
the system resources, declines the system function and
legitimate user attempting to gain advanced privileges or
access to confidential information, thus compromising the
system‘s security policy. The primary function of IDS is to
inform the system administrator about the event of an attack.
The typical components of IDS are sensor or agent,
management server, database server and console. Intrusion
detection systems are classified into two types: Host-based
and Network-based Intrusion Detection System.
A. Host-based vs. Network-based Intrusion Detection
System
Intrusion detection system was firstly developed for
host-based computer systems. Host-based Intrusion Detection
System (HIDS) are located in the server computers and check
the internal interfaces. It examines attack patterns by revising
application logs, system calls, file-system modifications, and
other host behaviors that are relevant to the server computers.
They are generally applied for checking user behavior and
used to trail intrusions happened when legitimate user
attempts to get confidential information. HIDSs typically
built the extensive log file data that are relevant to detected
events. This log data can be applied to endorse the validity of
alerts, to explore incidents, and to correlate events between
the host-based IDS and other logging sources. The attributes
commonly logged by host-based IDSs include the following:
Timestamp (usually date and time) , Event or alert type ,
Rating (e.g., priority, severity, impact, confidence) and Event
details specific to the type of event, such as IP address and
port information, application information, filenames and
paths, and user IDs [3].
With the increased usage of computer networks, IDS
gradually shifted toward the network-based IDS. NIDS
regards and revises network packets to detect attacks in the
network system. It attempts to detect malicious behavior such
as denial of service attacks, port scan or even tries to break
Intrusion Alert Elimination on Network Attack
Alerting System
Mon Mon Zaw
2. ISSN: 2278 – 1323
International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 2, No 5, May 2013
1777
www.ijarcet.org
into computer by monitoring network traffic. NIDSs typically
built the extensive log file data that are relevant to detected
events. Data fields commonly logged by network-based IDSs
include the following: timestamp (usually date and time),
Connection or session ID (typically a consecutive or unique
number assigned to each TCP connection or to like groups of
packets for connectionless protocols), Event or alert type ,
Rating (e.g., priority, severity, impact, confidence) , Network,
transport, and application layer protocols, Source and
destination IP addresses , Source and destination TCP or UDP
ports, or ICMP types and codes, Number of bytes transmitted
over the connection , Decoded payload data, such as
application requests and responses and State-related
information (e.g., authenticated username) [3].
B. Misuse-based vs. Anomaly-based Intrusion Detection
System
Misuse-based or Signature-based IDS performs pattern
matching techniques to be compatible an attack pattern
corresponding to known attack patterns in the database and
issues very low false positives (FP). The major disadvantage
of misuse detection is that it cannot guess new and unknown
attacks and has high false alarm rate. The necessity of
Misuse-based IDS is to regularly update rules or signatures
and it cannot detect unknown attacks.
Anomaly-based IDS creates normal behavior models and
automatically detects anomalous behaviors. Anomaly
detection techniques identify new types of intrusions as
deviations from normal usage, but the drawback of these
techniques is the rate of false positives (FP). The advantage of
anomaly detection is that it can detect attacks that have been
seen or not before. But the drawback of anomaly detection is
ineffective in detecting insiders‘ attacks.
III. RELATED WORK
Since Anderson‘s report [Anderson 1980], Intrusion
detection has been observed for over twenty years. By
applying various techniques, the researchers proposed
systems that purpose to construct attack scenarios. Dain et al.
[7] apply data mining approach to integrate the alerts into
attack scenarios in real time. In [Valdes and Skinner], a
probabilistic approach is applied to carry out correlation
information from diverse sensors, and concentrate on the idea
of 'threads' to control links between alerts [8]. Ritchey and
Ammann used a model checking technique to identify
network vulnerabilities on the basis of prerequisites and
consequences of attacks together with hosts and network
connectivity information [9]. Humphrey Waita Njogu uses
Clustering technique to eliminate the large amount of alerts
and to improve the quality of alerts sent to the analysts by
verifying alert using the available Supporting Evidence
(Vulnerability data, logs and Network Resources) before
alerts are clustered [10].
V.SrujanaReddy proposed a new technique based on
maximum likelihood approach for the purpose of online alert
aggregation based on dynamic, probabilistic model [11].
Safaa O. Al-Mamory use Breadth-First search algorithm to
find the related attacks and show the correlation graph CGs
that effectively simplify the analysis of large amounts of alerts
[12]. H Pao proposed a graphical signature for intrusion
detection given alert sequences and identified group of alerts
that are frequent and shows novel graph based on dissimilarity
measure [13]. This paper emphasizes the elimination of alerts
of the same attack based on the attributes values of the attack
pattern and shows how many times of these attacks alerts on
the defined time window. The severity level of these alerts is
classified by defining threshold time and threshold value.
IV. PROPOSED SYSTEM ARCHITECTURE
The network attack alerting system is based on the virtual
machine (VM) ware. This system creates network and host
attacks using attacking tools on Network Lab Environment.
Well-known free open source tools available on Security
Onion Linux Distribution are used to detect these attacks.
This system uses network-based intrusion detection sensor
and host-based intrusion detection sensor to distinguish the
important IDS alert types. The alerts are stored in the database
to define rules set, reduce the large number of alerts of the
same attack and define the severity level of the alert types.
This system builds the own database consisting of the
necessary information to reduce the same alert types.
Figure. 1. Network Lab Environment
A. Security Onion
Security Onion is Linux distribution for IDS (Intrusion
Detection) and NSM (Network Security Monitoring) that
provides full context and forensic visibility into the traffic it
monitors. It is based on Xubuntu and contains Snort, Squil,
Snorby, Squert, OSSEC and many other security tools [5]. In
this system, security onion is used to alert the event of the
attacks that are launched from penetration testing tools.
Attacking
Tools
NIDS & HIDS
Sensor
Database
Rules Set
Alert
-VHS
-HS
-MS
-LS
VM Ware
Backtrack
Security
Onion
NAAS System
3. ISSN: 2278 – 1323
International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 2, No 5, May 2013
www.ijarcet.org
1778
B. Backtrack
Backtrack is Linux distribution designed for the world‘s
leading penetration testers and information security auditing
professionals. Backtrack provides users with easy access to a
comprehensive and large collection of security-related tools
ranging from port scanners to password crackers. The
penetration testing tools included in Backtrack can be
categorized into: information gathering, network mapping,
vulnerability identification, web application analysis,
penetration, privilege escalation, maintaining access and so
on [6].
C. Snort
Snort is an open source Intrusion Detection System for
monitoring and detection of security attacks on networks. A
rule-driven language is used in snort. It combines the benefits
of signature, protocol and anomaly based inspection method
[4].
alert tcp any any -> $HOME_NET any (flags: SF; msg:
"SYN-FIN packet detected";)
This signature detects any scan attempt using SYN-FIN
TCP packets. The flags field is used to find out which flag bits
are set inside the TCP header of a packet. The protocol is TCP
and can be issued by the any host on the internet and pointed
to any node in HOME_NET.
V. PROPOSED SYSTEM
When suspicious traffic is detected based on applying rules,
an Intrusion detection system issues large number of alerts.
Some are duplicate, dissimilar, unrelated, frequent,
non-frequent, important and non important alerts. Some alerts
are fragmentary attribute information. The proposed system is
used the network-based IDS sensor and host-based IDS
sensor for detecting intrusion or attack and constructs a log
file database , in order to save all the reports issued for future
references. In intrusion detection system, some alerts are
getting from the same type of attack patterns, some are not
similar alert patterns and various attribute values but are the
same group and some alerts are the consequence of the
previous alerts. This system eliminates the number of alerts
that are relevant to the same attack pattern. Alert reduction
and defining the severity level are important for the system
administrators to take appropriate actions.
A. Algorithm for Defining Severity Level
For defining the severity level, threshold value and
threshold time based on the occurrence of the attacks within
time interval are predefined. The algorithm for defining
severity level is shown above.
TI: Time Interval; Threshold Time: TT;
Threshold Count: TC;Alert Count : Ac ;
if ((TI (Ai) < TT && Ac > TC) or (TI (Ai) > TT && Ac >
TC)) then
Alarm ‗severity level: HIGH‘;
else if (TI (Ai) < TT && Ac < TC) then
Alarm ‗severity level: MEDIUM‘;
else (TI (Ai) < TT && Ac > TC) then
Alarm ‗severity level: LOW‘;
B. Algorithm for ICMP Alert
In this system, each alert A is mostly considered on the
attributes A = (TS, SID, Proto, srcIP, srcPort, destIP,
destPort), where the time stamp attribute expresses the
frequent time of the alert, the SID attribute states the signature
ID that issued the alert, and the Proto attribute reveals the
protocol type of the network traffic that initiated the alert. The
srcIP, srcPort, destIP, and destPort attributes describe the
source IP address, source port, destination IP address, and
destination port of the traffic. The attributes (SID, Proto,
srcIP, destIP) are used to reduce the alerts of the same attack
because the protocol ICMP does not consist of ports. If
necessary, type and code of ICMP is used to check the alerts.
List of attributes on Alert (A): [TS, SID, Proto, srcIP, destIP]
TS: Time Stamp; SID: Signature ID;
srcIP : SourceIP; destIP: Destination IP;
Alert Count : Ac = 0;
while Proto (Ai) = ―ICMP‖
{
if (SID (Ai) == SID (Ai+j) and srcIP (Ai) == srcIP (Ai+j) and
destIP (Ai) == destIP (Ai+j)) where i,j = 1,2,3,.. n.
{
Ac ++;
j++;
}
TI (Ai) = TS (Ai+j) – TS (Ai);
}
Alert Ai (TS, SID, Proto, srcIP, destIP);
Proceed Severity Level Algorithm.
C. Algorithm for Port Scanning Alert
If the attacker tries to scan ports (Port Scanning) what
services are running on the victim host, the protocol type is
TCP and the attributes of alerts (TS, SID, Proto, srcIP,
srcPort, destIP, destPort) are considered. The signature id of
the alerts that corresponds the same attack is mostly same. But
in this attack, the signature id of these alerts is not the same.
When the attacker (same source IP) tries to connect the same
destination IP for port scanning, the attack comes from
random same source port to different destination ports with
the same sequence number on the one time session. In
elimination of the port scanning alerts case, need to check
source IP, destination IP, source port, destination port and
sequence number. There is no payload information on port
scanning attack alert. In some attack case, if necessary, the
payload information of the alerts is considered.
List of attributes on Alert (A): [TS, Proto, srcIP, destIP,
srcPort, destPort, seqno]
TS: Time Stamp; srcIP : Source IP; destIP: Destination IP ;
srcPort : Source Port; destPort: Destination Port;
seqno: sequence number;
Alert Count : Ac = 0;
while Proto (Ai) = ―TCP‖
{
4. ISSN: 2278 – 1323
International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
Volume 2, No 5, May 2013
1779
www.ijarcet.org
if (srcIP (Ai) == srcIP(Ai+j) and destIP (Ai) == destIP (Ai+j)
and srcPort (Ai) == srcPort (Ai+j) and seqno (Ai) ==
seqno(Ai+j)) where j = 1,2,3,…,n then
{
Ac ++;
j++;
destPort (Ai) = destPort (Ai) U destPort (Ai+j);
}
TI (Ai) = TS (Ai+j) – TS (Ai);
}
Alert Ai (TS, Proto, srcIP, destIP, srcPort, destPort);
Proceed Severity Level Algorithm.
D. Algorithm for Direct Flooding Alert
The attacker tries to make a machine or network resources
unavailable to its legitimate user launching the Flooding
attack. When the attacker sends a SYN packet, the victim
server must open a connection and keep it alive until the
connection ends. Using unlike spoofed IP addresses, the
attacker can send large number of SYN packets until the
target machine is incapable to accept any more connections.
This algorithm shows the elimination of the direct flooding
alert using one spoofed IP address.
List of attributes on Alert (A): [TS, Proto, srcIP, destIP,
srcPort, destPort, Flag]
TS: Time Stamp; srcIP : Source IP; destIP: Destination IP ;
srcPort : Source Port; destPort: Destination Port; Flag: Flag;
Alert Count : Ac = 0;
while Proto (Ai) = ―TCP‖ && Flag = ―SYN‖ or Proto (Ai) =
―TCP‖ && Flag = ―RST‖
{
if (srcIP (Ai) == srcIP(Ai+j) and destIP (Ai) == destIP (Ai+j)
and srcPort (Ai) == srcPort (Ai+j) and destPort (Ai) ==
destPort (Ai+j)) where j = 1,2,3,…,n then
{
Ac ++;
j++;
}
TI (Ai) = TS (Ai+j) – TS (Ai);
}
Alert Ai (TS, Proto, srcIP, destIP, srcPort, destPort);
Proceed Severity Level Algorithm.
VI. CONCLUSION
This system shows the importance alerting system to help
and assist the security engineers and network administrators
to secure their network infrastructure. It also generates the
alerts which are useful for the security engineers to take down
the attack origin definitely. This system removes the duplicate
alerts of the same attack and then shows one alert. To
eliminate the alerts, it only considers that the attacks caused
from the same source IP to same destination IP and how many
times the one source IP creates the same attack. Later, the
system will built the profile-based signature database to check
the attack occurring day-by-day. And then correlation
technique is used to consider the relevance of the alerts.
ACKNOWLEDGMENT
I would like to be grateful my thesis advisor, Dr. Thandar
Phyu for pointing my paper and providing many valuable
comments and suggestions to improve this paper. I would also
like to thank my family for always being there for me.
REFERENCES
[1] R. & Mell P, ―Intrusion Detection Systems‖. NIST Special
Publication,pp. 800-31,2001.
[2] Prahanthi , Radha Devi & K.Sandhya Rani ―Analysis of Intrusion
Detection System & Emergence of Online Alert Aggregation‖, Vol. 2,
Issue 2,Mar-Apr 2012, pp.1483-1487 1483 | P a g e
[3] K. Scarfone, and P. Mell, Guide to Intusion Detection and Prevention
Systemsǁ ,National Institute of Standards and Technology NIST.
Computer Security, 2007.
[4] Snort Users Manual, http://www.snort.org.
[5] http://code.google.com/p/security-onion/.
[6] http://en.wikipedia.org/wiki/BackTrack.
[7] Dain O.M. and Cunningham R. K, "Fusing a heterogeneous alert
stream into scenarios", Proceedings: the 2001 ACM Workshop on Data
Mining for Security Applications, 2001, pp. 1-13.
[8] Valdes A. and Skinner K., "Probabilistic alert correlation",
Proceedings: Recent Advances in Intrusion Detection, LNCS 2212,
2001, pp. 54-68.
[9] Ritchey, R. and Ammann, P. 2000, ―Using model checking to analyze
network vulnerabilities‖, In Proceedings of IEEE Symposium on
Security and Privacy. 156–165.
[10] Humphrey Waita Njogu and Luo Jiawei, ―Using Alert Cluster to reduce
IDS Alerts‖.
[11] Safaa O. Al-Mamory and Hong Li Zhang, ―Scenario Discovery Using
Abstracted Correlation Graph‖.
[12] H Pao, C- Mao and H- Ming Le, ―An Intrinsic Graphical Signature
Based on Alert Correlation Analysis for Intrusion Detection, Journal of
Information Science and Engineering 28, 243-262 (2012).