This document discusses and compares four main methodologies used in Intrusion Detection and Prevention Systems (IDPS): signature-based, anomaly-based, stateful protocol analysis-based, and hybrid-based. It provides details on how each methodology works and its strengths and weaknesses. A hybrid methodology that combines two or more of the other approaches is described as generally providing the best detection capabilities by taking advantage of the strengths of the individual methodologies. The document concludes by offering a way to evaluate IDPS systems based on parameters like resistance to evasion, accuracy, overhead, and other factors.
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The article is about a Threat/Intrusion Detection System, which could be used to detect such data leaks/breaches & take a preventive action to contain, if not stop the damage due to breach.
With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The growing prevalence of network attacks is a well-known problem which can impact the availability, confidentiality, and integrity of critical information for both individuals and enterprises. In this paper, we propose a real-time intrusion detection approach using a supervised machine learning technique. Our approach is simple and efficient, and can be used with many machine learning techniques. We applied different well-known machine learning techniques to evaluate the performance of our IDS approach. Our experimental results show that the Decision Tree technique can outperform the other techniques. Therefore, we further developed a real-time intrusion detection system (RT-IDS) using the Decision Tree technique to classify on-line network data as normal or attack data. We also identified 12 essential features of network data which are relevant to detecting network attacks using the information gain as our feature selection criterions. Our RT-IDS can distinguish normal network activities from main attack types (Probe and Denial of Service (DoS)) with a detection rate higher than 98% within 2 s. We also developed a new post-processing procedure to reduce the false-alarm rate as well as increase the reliability and detection accuracy of the intrusion detection system.
Deep Learning based Threat / Intrusion detection systemAffine Analytics
The article is about a Threat/Intrusion Detection System, which could be used to detect such data leaks/breaches & take a preventive action to contain, if not stop the damage due to breach.
With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The growing prevalence of network attacks is a well-known problem which can impact the availability, confidentiality, and integrity of critical information for both individuals and enterprises. In this paper, we propose a real-time intrusion detection approach using a supervised machine learning technique. Our approach is simple and efficient, and can be used with many machine learning techniques. We applied different well-known machine learning techniques to evaluate the performance of our IDS approach. Our experimental results show that the Decision Tree technique can outperform the other techniques. Therefore, we further developed a real-time intrusion detection system (RT-IDS) using the Decision Tree technique to classify on-line network data as normal or attack data. We also identified 12 essential features of network data which are relevant to detecting network attacks using the information gain as our feature selection criterions. Our RT-IDS can distinguish normal network activities from main attack types (Probe and Denial of Service (DoS)) with a detection rate higher than 98% within 2 s. We also developed a new post-processing procedure to reduce the false-alarm rate as well as increase the reliability and detection accuracy of the intrusion detection system.
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
Cybercrime is increasing at a faster pace and sometimes causes billions of dollars of business- losses so
investigating attackers after commitment is of utmost importance and become one of the main concerns of
network managers. Network forensics as the process of Collecting, identifying, extracting and analyzing
data and systematically monitoring traffic of network is one of the main requirements in detection and
tracking of criminals. In this paper, we propose an architecture for network forensic system. Our proposed
architecture consists of five main components: collection and indexing, database management, analysis
component, SOC communication component and the database.
The main difference between our proposed architecture and other systems is in analysis component. This
component is composed of four parts: Analysis and investigation subsystem, Reporting subsystem, Alert
and visualization subsystem and the malware analysis subsystem. The most important differentiating
factors of the proposed system with existing systems are: clustering and ranking of malware, dynamic
analysis of malware, collecting and analysis of network flows and anomalous behavior analysis.
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...ijcsit
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
Reference:
Dyuanyang Zhao, Zhilin Feng, Qingxiang Xu, “Analysis and design for Intrusion detection system based on data mining” in proceedings of 2010 IEEE second international workshop on education technology and computer science
Survey on classification techniques for intrusion detectioncsandit
Intrusion detection is the most essential component
in network security. Traditional Intrusion
Detection methods are based on extensive knowledge
of signatures of known attacks. Signature-
based methods require manual encoding of attacks by
human experts. Data mining is one of the
techniques applied to Intrusion Detection that prov
ides higher automation capabilities than
signature-based methods. Data mining techniques suc
h as classification, clustering and
association rules are used in intrusion detection.
In this paper, we present an overview of
intrusion detection, KDD Cup 1999 dataset and detai
led analysis of different classification
techniques namely Support vector Machine, Decision
tree, Naïve Bayes and Neural Networks
used in intrusion detection.
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
In order to avoid illegitimate use of any intruder, intrusion detection over the network is one of the critical
issues. An intruder may enter any network or system or server by intruding malicious packets into the
system in order to steal, sniff, manipulate or corrupt any useful and secret information, this process is
referred to as intrusion whereas when packets are transmitted by intruder over the network for any purpose
of intrusion is referred to as attack. With the expanding networking technology, millions of servers
communicate with each other and this expansion is always in progress every day. Due to this fact, more
and more intruders get attention; and so to overcome this need of smart intrusion detection model is a
primary requirement.
By analyzing the feature selection methods the identification of essential features of NSL-KDD data set is
done, then by using selected features and machine learning approach and analyzing the basic features of
networks over the data set a hybrid algorithm is made. Finally a model is produced over the algorithm
containing the rules for the network features.
A hybrid misuse intrusion detection model is made to find attacks on system to improve the intrusion
detection. Based on prior features, intrusions on the system can be detected without any previous learning.
This model contains the advantage of feature selection and machine learning techniques with misuse
detection.
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : September 2019
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
Seminar Report | Network Intrusion Detection using Supervised Machine Learnin...Jowin John Chemban
Seminar Report : Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : November 2019
Computer Worms Based on Monitoring Replication and Damage: Experiment and Eva...IOSRjournaljce
This paper presents the experiments of the proposed worm detection system WDS and its evaluation. More specifically, initially there will be an explanation of the various experiment designs and how the experiments will be conducted. The results are presented and an evaluation will take place against a set of predetermined criteria. The experiments involve networking three machines over wireless links and transferring files between them which may contain worms in order to test the W DS. The three machines are Host 1, Host 2 (Dummy Host) and Host 3. The evaluation of the system showed that all evaluation criteria were successfully met
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
Cybercrime is increasing at a faster pace and sometimes causes billions of dollars of business- losses so
investigating attackers after commitment is of utmost importance and become one of the main concerns of
network managers. Network forensics as the process of Collecting, identifying, extracting and analyzing
data and systematically monitoring traffic of network is one of the main requirements in detection and
tracking of criminals. In this paper, we propose an architecture for network forensic system. Our proposed
architecture consists of five main components: collection and indexing, database management, analysis
component, SOC communication component and the database.
The main difference between our proposed architecture and other systems is in analysis component. This
component is composed of four parts: Analysis and investigation subsystem, Reporting subsystem, Alert
and visualization subsystem and the malware analysis subsystem. The most important differentiating
factors of the proposed system with existing systems are: clustering and ranking of malware, dynamic
analysis of malware, collecting and analysis of network flows and anomalous behavior analysis.
INTRUSION DETECTION SYSTEM CLASSIFICATION USING DIFFERENT MACHINE LEARNING AL...ijcsit
Intrusion Detection System (IDS) has been an effective way to achieve higher security in detecting malicious activities for the past couple of years. Anomaly detection is an intrusion detection system. Current anomaly detection is often associated with high false alarm rates and only moderate accuracy and detection rates because it’s unable to detect all types of attacks correctly. An experiment is carried out to evaluate the performance of the different machine learning algorithms using KDD-99 Cup and NSL-KDD datasets. Results show which approach has performed better in term of accuracy, detection rate with reasonable false alarm rate.
Analysis and Design for Intrusion Detection System Based on Data MiningPritesh Ranjan
Reference:
Dyuanyang Zhao, Zhilin Feng, Qingxiang Xu, “Analysis and design for Intrusion detection system based on data mining” in proceedings of 2010 IEEE second international workshop on education technology and computer science
Survey on classification techniques for intrusion detectioncsandit
Intrusion detection is the most essential component
in network security. Traditional Intrusion
Detection methods are based on extensive knowledge
of signatures of known attacks. Signature-
based methods require manual encoding of attacks by
human experts. Data mining is one of the
techniques applied to Intrusion Detection that prov
ides higher automation capabilities than
signature-based methods. Data mining techniques suc
h as classification, clustering and
association rules are used in intrusion detection.
In this paper, we present an overview of
intrusion detection, KDD Cup 1999 dataset and detai
led analysis of different classification
techniques namely Support vector Machine, Decision
tree, Naïve Bayes and Neural Networks
used in intrusion detection.
INTRUSION DETECTION USING FEATURE SELECTION AND MACHINE LEARNING ALGORITHM WI...ijcsit
In order to avoid illegitimate use of any intruder, intrusion detection over the network is one of the critical
issues. An intruder may enter any network or system or server by intruding malicious packets into the
system in order to steal, sniff, manipulate or corrupt any useful and secret information, this process is
referred to as intrusion whereas when packets are transmitted by intruder over the network for any purpose
of intrusion is referred to as attack. With the expanding networking technology, millions of servers
communicate with each other and this expansion is always in progress every day. Due to this fact, more
and more intruders get attention; and so to overcome this need of smart intrusion detection model is a
primary requirement.
By analyzing the feature selection methods the identification of essential features of NSL-KDD data set is
done, then by using selected features and machine learning approach and analyzing the basic features of
networks over the data set a hybrid algorithm is made. Finally a model is produced over the algorithm
containing the rules for the network features.
A hybrid misuse intrusion detection model is made to find attacks on system to improve the intrusion
detection. Based on prior features, intrusions on the system can be detected without any previous learning.
This model contains the advantage of feature selection and machine learning techniques with misuse
detection.
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : September 2019
AN IMPROVED METHOD TO DETECT INTRUSION USING MACHINE LEARNING ALGORITHMSieijjournal
An intrusion detection system detects various malicious behaviors and abnormal activities that might harm
security and trust of computer system. IDS operate either on host or network level via utilizing anomaly
detection or misuse detection. Main problem is to correctly detect intruder attack against computer
network. The key point of successful detection of intrusion is choice of proper features. To resolve the
problems of IDS scheme this research work propose “an improved method to detect intrusion using
machine learning algorithms”. In our paper we use KDDCUP 99 dataset to analyze efficiency of intrusion
detection with different machine learning algorithms like Bayes, NaiveBayes, J48, J48Graft and Random
forest. To identify network based IDS with KDDCUP 99 dataset, experimental results shows that the three
algorithms J48, J48Graft and Random forest gives much better results than other machine learning
algorithms. We use WEKA to check the accuracy of classified dataset via our proposed method. We have
considered all the parameter for computation of result i.e. precision, recall, F – measure and ROC.
Seminar Report | Network Intrusion Detection using Supervised Machine Learnin...Jowin John Chemban
Seminar Report : Network Intrusion Detection using Supervised Machine Learning Technique with Feature Selection
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : November 2019
Computer Worms Based on Monitoring Replication and Damage: Experiment and Eva...IOSRjournaljce
This paper presents the experiments of the proposed worm detection system WDS and its evaluation. More specifically, initially there will be an explanation of the various experiment designs and how the experiments will be conducted. The results are presented and an evaluation will take place against a set of predetermined criteria. The experiments involve networking three machines over wireless links and transferring files between them which may contain worms in order to test the W DS. The three machines are Host 1, Host 2 (Dummy Host) and Host 3. The evaluation of the system showed that all evaluation criteria were successfully met
Review of Intrusion and Anomaly Detection Techniques IJMER
Intrusion detection is the act of detecting actions that attempt to compromise the
confidentiality, integrity or availability of a resource. With the tremendous growth of network-based
services and sensitive information on networks, network security is getting more and more importance
than ever. Intrusion poses a serious security threat in a huge network environment. The increasing use of
internet has dramatically added to the growing number of threats that inhabit within it. Intrusion
detection does not, in general, include prevention of intrusions. Now a days Network intrusion detection
systems have become a standard component in the area of security infrastructure. This review paper tries
to discusses various techniques which are already being used for intrusion detection.
A Survey On Genetic Algorithm For Intrusion Detection SystemIJARIIE JOURNAL
The Internet has become a part of daily life and an essential tool today. Internet has been used as an important component of
business models. Therefore, It is very important to maintain a high level security to ensure safe and trusted communication of
information between various organizations.
Intrusion Detection Systems have become a needful component in terms of computer and network security. Intrusion detection is
one of the important security constraints for maintaining the integrity of information. Intrusion detection systems are the tools
used for prevention and detection of threats to computer systems. Various approaches have been applied in past that are less
effective to curb the menace of intrusion.
In this paper, a survey on applications of genetic algorithms in intrusion detection systems is carried out.
Synthesis of Polyurethane Solution (Castor oil based polyol for polyurethane)IJARIIE JOURNAL
Around 160 million hector unused is available in India. India is the world’s largest producer of castor oil,
producing over 75% of the total world’s supply. There are over a hundred companies in India-small and
medium-that are into castor oil production, producing a variety of the basic grades o castor oil. All the above
factors make it imperative that the India industry relooks at the castor oil sector in order to devise suitable
strategies to derive the most benefits from such an attractive confluence of factors. Castor oil is unique owing to
its exceptional diversity of application. The oil and its derivatives are used in over 100 different applications in
diverse industries such as paints, lubricants, pharma, cosmetics, paper, rubber and more. Recent developments
have successfully derived polyol from natural oils and synthesized range of PU product from them. However,
making flexible solution from natural oil polyol is still proving challenging. The goal of this thesis is to
understand the potentials and the limitations of natural oil as an alternative to petroleum polyol. An initial
attempt to understand natural oil polyol showed that flexible solution could be synthesized from castor oil,
which produced a rigid solution. Characterization results indicate that the glass transition temperature (Tg) was
the predominant factor that determines the rigidity of the solution. The high Tg of solution was attributed to the
low number of covalent bond between cross linkers.
COMPUTER INTRUSION DETECTION BY TWOOBJECTIVE FUZZY GENETIC ALGORITHMcscpconf
The purpose of this paper is to describe two objective fuzzy genetics-based learning algorithms
and discusses its usage to detect intrusion in a computer network. Experiments were performed
with KDD-cup data set, which have information on computer networks, during normal behavior
and intrusive behavior. The performance of final fuzzy classification system has been
investigated using intrusion detection problem as a high dimensional classification problem.
This task is formulated as optimization problem with two objectives: To minimize the number of
fuzzy rules and to maximize the classification rate. We show a two-objective genetic algorithm
for finding non-dominated solutions of the fuzzy rule selection problem
A BAYESIAN CLASSIFICATION ON ASSET VULNERABILITY FOR REAL TIME REDUCTION OF F...IJNSA Journal
IT assets connected on internetwill encounter alien protocols and few parameters of protocol process are exposed as vulnerabilities. Intrusion Detection Systems (IDS) are installed to alerton suspicious traffic or activity. IDS issuesfalse positives alerts, if any behavior construe for partial attack pattern or the IDS lacks environment knowledge. Continuous monitoring of alerts to evolve whether, an alert is false positive or not is a major concern. In this paper we present design of an external module to IDS,to identify false positive alertsbased on anomaly based adaptive learning model. The novel feature of this design is that the system updates behavior profile of assets and environment with adaptive learning process.A mixture model is used for behavior modeling from reference data. The design of the detection and learning process are based on normal behavior and of environment. The anomaly alert identification algorithm isbuiltonSparse Markov Transducers (SMT) based probability.The total process is presented using real-time data. The Experimental results are validated and presentedwith reference to lab environment.
Enhancing SIEM Correlation Rules Through BaseliningErtugrul Akbas
Enterprise grade software has been updated with a capability that identifies anomalous events based on baselines as well as rule based correlation engine, and alerts administrators when such events are identified. To reduce the number of false positive alerts we have investigated the use of different baseline training techniques and introduce the use of 3 different training approaches for baseline detection and updating lifecycle
Problems from the inside of an organization’s perimeters are a significant threat, since it is very difficult to
differentiate them from outside activity. In this dissertation, evaluate an insider threat detection motto on
its ability to detect different type of scenarios that have not previously been identify or contemplated by the
developers of the system. We show the ability to detect a large variety of insider threat scenario instances
We report results of an ensemble-based, unsupervised technique for detecting potential insider threat,
insider threat scenarios that robustly achieves results. We explore factors that contribute to the success of
the ensemble method, such as the number and variety of unsupervised detectors and the use of existing
knowledge encoded in scenario based detectors made for different known activity patterns. We report
results over the entire period of the ensemble approach and of ablation experiments that remove the
scenario-based detectors.
The Practical Data Mining Model for Efficient IDS through Relational DatabasesIJRES Journal
Enterprise network information system is not only the platform for information sharing and information exchanging, but also the platform for enterprise production automation system and enterprise management system working together. As a result, the security defense of enterprise network information system does not only include information system network security and data security, but also include the security of network business running on information system network, which is the confidentiality, integrity, continuity and real-time of network business. Network security technology has become crucial in protecting government and industry computing infrastructure. Modern intrusion detection applications face complex requirements – they need to be reliable, extensible, easy to manage, and have low maintenance cost. In recent years, data mining-based intrusion detection systems (IDSs) have demonstrated high accuracy, good generalization to novel types of intrusion, and robust behavior in a changing environment. Still, significant challenges exist in the design and implementation of production quality IDSs. Incrementing components such as data transformations, model deployment, and cooperative distributed detection remain a labor intensive and complex engineering endeavor. This paper describes DAID, a database-centric architecture that leverages data mining within the Relational RDBMS to address these challenges. DAID also offers numerous advantages in terms of scheduling capabilities, alert infrastructure, data analysis tools, security, scalability, and reliability. DAID is illustrated with an Intrusion Detection Center application prototype that leverages existing functionality in Relational Database 10g. Intrusion detection system work at many levels in the network fabric and are taking the concept of security to a whole new sphere by incorporating intelligence as a tool to protect networks against un-authorized intrusions and newer forms of attack. We have described formal model for the construction of network security situation measurement based on d-s evidence theory, frequent mode, and sequence model extracted from the data on network security situation based on the knowledge found method and convert the pattern on the related rules of the network security situation, and automatic generation of network security situation.
Intrusion Detection System (IDS) Development Using Tree-Based Machine Learnin...IJCNCJournal
The paper proposes a two-phase classification method for detecting anomalies in network traffic, aiming to tackle the challenges of imbalance and feature selection. The study uses Information Gain to select relevant features and evaluates its performance on the CICIDS-2018 dataset with various classifiers. Results indicate that the ensemble classifier achieved the highest accuracy, precision, and recall. The proposed method addresses challenges in intrusion detection and highlights the effectiveness of ensemble classifiers in improving anomaly detection accuracy. Also, the quantity of pertinent characteristics chosen by Information Gain has a considerable impact on the F1-score and detection accuracy. Specifically, the Ensemble Learning achieved the highest accuracy of 98.36% and F1-score of 97.98% using the relevant selected features.
Intrusion Detection System(IDS) Development Using Tree-Based Machine Learning...IJCNCJournal
The paper proposes a two-phase classification method for detecting anomalies in network traffic, aiming to tackle the challenges of imbalance and feature selection. The study uses Information Gain to select relevant features and evaluates its performance on the CICIDS-2018 dataset with various classifiers. Results indicate that the ensemble classifier achieved the highest accuracy, precision, and recall. The proposed method addresses challenges in intrusion detection and highlights the effectiveness of ensemble classifiers in improving anomaly detection accuracy. Also, the quantity of pertinent characteristics chosen by Information Gain has a considerable impact on the F1-score and detection accuracy. Specifically, the Ensemble Learning achieved the highest accuracy of 98.36% and F1-score of 97.98% using the relevant selected features.
Improving the performance of Intrusion detection systemsyasmen essam
Intrusion detection systems (IDS) are widely studied by
researchers nowadays due to the dramatic growth in
network-based technologies. Policy violations and
unauthorized access is in turn increasing which makes
intrusion detection systems of great importance. Existing
approaches to improve intrusion detection systems focus on feature selection or reduction since some features are
irrelevant or redundant which when removed improve the
accuracy as well as the learning time.
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
Keywords — Anomaly Detection, Modified Apriori Algorithm, Misuse detection, Sequential Pattern Mining
Intrusion detection and anomaly detection system using sequential pattern miningeSAT Journals
Abstract
Nowadays the security methods from password protected access up to firewalls which are used to secure the data as well as the networks from attackers. Several times these types of security methods are not enough to protect data. We can consider the use of Intrusion Detection Systems (IDS) is the one way to secure the data on critical systems. Most of the research work is going on the effectiveness and exactness of the intrusion detection, but these attempts are for the detection of the intrusions at the operating system and network level only. It is unable to detect the unexpected behavior of systems due to malicious transactions in databases. The method used for spotting any interferes on the information in the form of database known as database intrusion detection. It relies on enlisting the execution of a transaction. After that, if the recognized pattern is aside from those regular patterns actual is considered as an intrusion. But the identified problem with this process is that the accuracy algorithm which is used may not identify entire patterns. This type of challenges can affect in two ways. 1) Missing of the database with regular patterns. 2) The detection process neglects some new patterns. Therefore we proposed sequential data mining method by using new Modified Apriori Algorithm. The algorithm upturns the accurateness and rate of pattern detection by the process. The Apriori algorithm with modifications is used in the proposed model.
New Explore Careers and College Majors 2024.pdfDr. Mary Askew
Explore Careers and College Majors is a new online, interactive, self-guided career, major and college planning system.
The career system works on all devices!
For more Information, go to https://bit.ly/3SW5w8W
2. the fundamentals of how these systems are structured to the
techniques they use to detect and identify potential security
threats [7]. The paper also explains how an intrusion detection
system responds to violations of the security policies they are
monitoring. Intrusion detection and prevention systems suffer
from scalable and efficiency problems, these two problems are
addressed by high performance deep packet pre-filtering and
memory efficient technique [8]. This technique allows the
Intrusion detection and prevention systems to have high
accuracy rates and high performance numbers by utilizing a
deep packet pre-filter and changing how it handles and
processes memory and captured data. Anomaly detection
methodologies are plagued with high rates of false positives
and a new detection system for anomaly based methodology
that strikes a balance between generalizations is proposed [9].
The proposed system balances the generalizations in anomaly
detection methodologies and in doing so it achieves both a
high accuracy rate and a low false positive rate. Combining
the two most used methodologies in intrusion detection and
prevention systems into a system that uses both anomaly and
signature based detection methodologies produces a better
detection system [10]. This combination of methodologies
produces a better system by pre-processing the data with the
anomaly detection engine and then passing the results to the
signature based engine. This results in a very high accuracy
rate and very low false positives. In a proposal for a new
signature based intrusion detection and prevention system [11],
the authors started by presenting the basic organization and
implementations of intrusion detection and prevention systems.
III. IDPS METHODOLOGIES
There are many different methodologies used by IDPS to
detect changes on the systems they monitor. These changes
can be external attacks or misuse by internal personnel.
Among the many methodologies, four stand out and are
widely used. These are the signature based, anomaly based,
Stateful protocol analysis based, and hybrid based. Most
current IDPS systems use the hybrid methodology which the
combination of other methodologies to offer better detection
and prevention capabilities. All the methodologies use the
same general model and the differences among them is mainly
on how they process information they gather from the
monitored environment to determine if a violation of the set
policy has occurred. Fig. 1 shows a broad architecture of
which these systems are based on. This architecture was
developed by the Intrusion Detection Working Group and has
four functional blocks, the Event blocks which are the event
boxes that gathers events to from the monitored system and
will be analyzed by other blocks, then the Database blocks
which are the database boxes which stores the events from the
Event blocks, then the Analysis blocks that processes the
events and sends an alert, and final the Response blocks
whose purpose is to respond to an intrusion and stop it [12].
Fig. 1 General architecture for IDPS systems.
A. Anomaly Based Methodology
Anomaly based methodology works by comparing
observed activity against a baseline profile. The baseline
profile is the learned normal behaviour of the monitored
system and is developed during the learning period were the
IDPS learns the environment and develops a normal profile of
the monitored system. This environment can be networks,
users, systems and so on.
The profile can be fixed or dynamic. A fixed profile does
not change once established while a dynamic profile changes
as the systems been monitored evolves [13]. A dynamic
profile adds extra over head to the system as the IDPS
continues to update the profile which also opens it to evasion.
An attacker can evade the IDPS that uses a dynamic profile by
spreading the attack over a long time period. In doing so, her
attack becomes part of the profile as the IDPS incorporates her
changes into the profile as normal system changes. Using a
predefined threshold any deviations that fall outside the
threshold are reported as violations. A fixed profile is very
effective at detecting new attacks since any change from
normal behaviour is classified as an anomaly.
Anomaly based methodologies can detect zero-day attacks
to environment without any updates to the system. Anomaly
intrusion detection methodology uses three general techniques
for detecting anomalies and these are the statistical anomaly
detection, Knowledge/data-mining, and machine learning
based [13].
The statistical anomaly techniques are used to build the two
required profiles, one during the learning phase which is then
used as the baseline profile and the current profile which is
compared to the baseline profile and any differences that
found a marked as anomalies depending on the threshold
settings of the monitored environment [14]. The threshold
must be tuned according to the requirements and behaviour of
the environment being monitored for the systems to be
effective.
The knowledge/data-mining technique is used to automate
the way the technique monitor searches for anomalies and this
process places a very high overheard on the system. The
technique produces the most false positives and false
negatives due to the high overhead that result from the
complicated task of identifying and correctly categorizing
observed events on the system [15]. The machine learning
technique works by analyzing the system calls and it is the
widely used technique [16].
3. The general architecture of an anomaly based IDPS system
is shown in figure 2. The monitored environment is monitored
by the detector that examines the observed events against the
baseline profile. If the observed events match the baseline, no
action is taken, but if it does not match the baseline profile and
it is within the acceptable threshold range then the profile is
updated. If the observed events do not match the baseline
profile and falls outside the threshold range they are marked
as an anomaly and alert is issued.
Fig. 2 Anomaly based methodology architecture
B. Signature Based Methodology
Signature based methodology works by comparing
observed signatures to the signatures on file. This file can be
database or a list of known attack signatures. Any signature
observed on the monitored environment that matches the
signatures on file is flagged as a violation of the security
policy or as an attack. The signature based IDPS has little
overhead since it does not inspect every activity or network
traffic on the monitored environment. Instead it only searches
for known signatures in the database or file. Unlike the
anomaly based methodology, the signature based
methodology system is easy to deploy since it does not need to
learn the environment [16]. This methodology works by
simply searching, inspecting, and comparing the contents of
captured network packets for known threats signatures. It also
compares behaviour signatures against allowed behaviour
signatures. Signature based methodology also analyzes the
systems calls for known threats payload [17]. Signature based
methodology is very effective against know attacks/violations
but it cannot detect new attacks until it is updated with new
signatures. Signature based IDPS are easy to evade since they
are based on known attacks and are depended on new
signatures to be applied before they can detect new attacks
[18]. Signature based detection systems can be easily
bypassed by attackers who modify known attacks and target
systems that have not been updated with new signatures that
detect the modification. Signature based methodology requires
significant resources to keep up with the potential infinite
number of modifications to known threats. Signature based
methodology is simpler to modify and improve since its
performance is mainly based on the signatures or rules
deployed [19].
The general architecture of a signature based methodology
is shown in fig. 3. This architecture uses the detector to find
and compare activity signatures found in the monitored
environment to the known signatures in the signature database.
If a match is found, an alert is issued and there is no match the
detector does nothing.
Fig. 3 Signature based methodology architecture
C. Stateful Protocol Analysis Based Methodology
The Stateful protocol analysis methodology works by
comparing established profiles of how protocols should
behave against the observed behaviour. The established
protocol profiles are designed and established by vendors.
Unlike the signature based methodology which only compares
observed behaviour against a list, Stateful protocol analysis
has a deep understanding of how the protocols and
applications should interact/work. This deep
understanding/analysis places a very high overhead on the
systems [13]. Stateful protocol analysis blends and
compliments other IDPS methodologies well which has led to
rise of Hybrid methodologies [19]. Stateful protocol analysis’s
deep understanding of how protocol should behave is used as
a base for developing IDPS that understand web traffic
behaviour and are effective at protecting websites [19].
Although the Stateful protocol analysis has a deep
understanding of the monitored protocols, it can be easily
evaded by attacks that follow and stay within the acceptable
behaviour of protocols. Stateful protocol analysis
methodologies and techniques have slowly been adapted and
integrated into other methodologies over the past decade. This
has led to the decline of IDPS that utilize just Stateful protocol
analysis methodology. The majority of the research on IDPS
methodologies mainly concentrates on anomaly, signature,
and hybrid methodologies which further reduce the viability
of Stateful protocol analysis as a standalone IDPS
methodology.
The general architecture of Stateful protocol analysis is
shown in fig.4. This architecture is identical to that of the
signature based methodology with one exception, instead of
the signature database the Stateful protocol analysis has
database of acceptable protocol behaviour.
4. Fig.4 Stateful protocol analysis based methodology architecture
D. Hybrid Based Methodology
The hybrid based methodology works by combining two
or more of the other methodologies. The result is a better
methodology that takes advantage of the strengths of the
combined methodologies. Prelude is one of the first hybrid
IDS that offered a framework based on the Intrusion
Detection Message Exchange Format (IDMEF) an IETF
standard that allows different sensors to communicate[20]. In
[21] Snort is modified by adding an anomaly based engine to
its signature based engine to create a better detection and
then the new hybrid systems is tested against the regular
Snort using same test data. The hybrid system detected more
intrusions than the regular one. A hybrid intrusion detection
system of cluster-based wireless sensors networks was
proposed that worked by breaking the detection into two, first
it used anomaly based model to filter the data and then it used
signature based model to detect intrusion attempts. Another
model for a hybrid methodology was proposed based on how
the human immune system works [22]. The proposed system
is “based on the framework of the human immune system,
that uses a hybrid architecture which applies both anomaly
and misuse detection approaches” [22]. A general over view
of a hybrid based methodology is shown in Fig. 5 three other
methodologies are combined. The monitored environment is
analyzed by first methodology and passed to the next and
then the last one. This produces a better system.
Fig. 5- Hybrid based methodology architecture
IV.EVALUATIONS OF METHODOLOGIES
This section offers a description of ways for evaluating
intrusion detection and prevention system (IDPS)
methodologies and the systems that are based on these
methodologies. Table 1 can be used to evaluate any intrusion
detection and prevention system (IDPS) whether it uses one of
the three main methodologies or a combination of the two or
more of the other methodologies.
TABLE 1.
Parameters for evaluating IDPS methodologies.
A. Resistance to evasion
The intrusion detection and prevention system (IDPS)
should be able to detect evasion attempts and stop them. These
attempts are more common with the signature and stateful
protocol analysis based intrusion detection and prevention
system (IDPS) due their dependence on signatures. Anomaly
based intrusion detection and prevention system (IDPS) have
better resistance to evasion, but the hybrid based system offers
the best resistance to evasion attempts due to the combination
of other methodologies.
B. High Accuracy Rate
An IDPS should have a high accuracy rate when detecting
and analyzing possible threats. The signature based
methodology has a high accuracy rate on known threats but its
overall rate is lower that the anomaly based methodology
Anomaly Signature Stateful
Protocol
Analysis
Hybrid
Resistance to
Evasion
Medium Low Low High
High accuracy rate Medium Medium Medium High
Market Share Medium High Medium Medium
Scalability Medium High High Medium
Maturity Level High High High Medium
Overhead on
Monitored System
Medium Low Low Medium
Maintenance Low Medium Medium Medium
Performance Medium High High Medium
Easy to Configure No Yes Yes No
Easy to Use Medium Low Low Low
Protection against
New Attacks
High Low Medium High
False Positives High Low Low Low
False Negatives High Medium Medium Low
5. which can detect previously known threats. The hybrid based
methodology offers the best accuracy rates.
C. Market Share
Market share is the measure of the methodology’s
dominance in the deployed systems. The signature based
methodology far outweighs the other three methodologies,
followed by Stateful protocol analysis. The anomaly and
hybrid based methodology are the bottom but their adaption is
growing much faster and will soon surpass the first two
methodologies.
D. Scalability
Scalability is the ability of an IDPS to scale and grow with
environment once deployed. The signature and Stateful
protocol analysis based methodologies are easy to scale since
they are based on signatures that can be easily scaled. A
hybrid based methodology can be easily scale depending on
the underlying methodologies. The anomaly based
methodology is the least scalable methodology due the time it
requires to learn and build its baseline profiles.
E. Resistance to evasion
The intrusion detection and prevention system (IDPS)
should be able to detect evasion attempts and stop them. These
attempts are more common with the signature and stateful
protocol analysis based intrusion detection and prevention
system (IDPS) due their dependence on signatures. Anomaly
based intrusion detection and prevention system (IDPS) have
better resistance to evasion, but the hybrid based system offers
the best resistance to evasion attempts due to the combination
of other methodologies.
F. High Accuracy Rate
An IDPS should have a high accuracy rate when detecting
and analyzing possible threats. The signature based
methodology has a high accuracy rate on known threats but its
overall rate is lower that the anomaly based methodology
which can detect previously known threats. The hybrid based
methodology offers the best accuracy rates.
G. Market Share
Market share is the measure of the methodology’s
dominance in the deployed systems. The signature based
methodology far outweighs the other three methodologies,
followed by Stateful protocol analysis. The anomaly and
hybrid based methodology are the bottom but their adaption is
growing much faster and will soon surpass the first two
methodologies.
H. Scalability
Scalability is the ability of an IDPS to scale and grow with
environment once deployed. The signature and Stateful
protocol analysis based methodologies are easy to scale since
they are based on signatures that can be easily scaled. A
hybrid based methodology can be easily scale depending on
the underlying methodologies. The anomaly based
methodology is the least scalable methodology due the time it
requires to learn and build its baseline profiles.
I. Maturity Level
Maturity level looks at how long a methodology has been
around and how stable it is. The signature based methodology
is the most mature, followed by the Stateful protocol analysis
and anomaly based methodologies. The hybrid methodology
is at the bottom of this list, but it is growing at a much faster
than the others.
J. Overhead on Monitored System
The intrusion detection and prevention system (IDPS)
should not place a lot of overhead on the monitored systems; it
should work without affecting the performance of monitored
systems. Signature and Stateful protocol analysis places the
least overhead on the monitored systems. The hybrid based
methodology can place a high overhead burden on the
monitored system depending on the combined methodologies.
The anomaly based methodology places the most overhead on
the monitored system.
K. Maintenance
The anomaly based methodology requires the least amount
of maintenance since it does not require updates to detect new
threats. The other three methodologies require constant
signature updates in order to keep up with new threats. This
constant updating of signatures adds to the resources required
to maintain the methodology.
L. Performance
The intrusion detection and prevention system should be
able to perform at peak performance under all condition on the
monitored system without becoming a bottle neck or reducing
its efficiency. The signature and Stateful protocol analysis
based methodologies offers better performance than anomaly
and hybrid based methodologies since they only check for
well-defined signatures which do not require as much
resources.
M. Easy to Configure
The intrusion detection and prevention system (IDPS)
should be easy to install and integrate with other security tools
already in the environment. The signature and the Stateful
protocol analysis methodologies are easier to install and
configure. They do not require as much time to tune since they
use signatures that can be updated automatically in some cases.
The anomaly and the hybrid depending on the combined
methodologies require more time to configure, learn, and tune
the environment.
N. Easy to Use
The intrusion detection and prevention system should be
easy to use and understand. This means it produces less false
positives and false negatives which makes it easier to analyze
and understand the alerts. The signature and the Stateful
protocol analysis methodologies are easier to use since they
produce fewer alerts. The hybrid based methodology can be
easier than the anomaly depending on its underlying
methodologies. The anomaly requires more resources to
manage the high volumes of alerts it produces.
6. O. Protection against New Attacks
The intrusion detection and prevention system should be
able to detect new threats. The anomaly based methodology
does detect new attacks without any updates unlike the
signature and Stateful protocol analysis that require their
signatures to be updated before they can detect previously
unknown threats. The hybrid based methodology can detect
new threats if one of the underlying methodologies is anomaly
based.
P. False Positives
False positives happen as a result of a methodology
misclassifying a non-threat event as a threat. The anomaly
based methodology is plagued by false positives. The
signature and Stateful protocol analysis based methodologies
produces the least number of false positives. The hybrid based
methodology’s level of false positives is low if anomaly based
is not part of its underlying methodologies.
Q. False Negatives
False negatives are a result on a methodology classifying
threats as non-threats. The anomaly based methodology
produces the most false negatives when compared with
signature and the Stateful protocol analysis based
methodologies. The hybrid based methodology produces less
false negatives if it does not use anomaly based methodology
as one of its underlying methodologies.
The above criterion encompasses all possible parameters to
evaluate IDPS system. We believe that using these, we can
compare IDPS systems in a more effective manner.
V. CONCLUSION
This paper presented the four main methodologies that are
used in intrusion detection and prevention systems. These
methodologies are anomaly based, signature based, stateful
protocol analysis, and hybrid based. Although the anomaly
based methodology has the edge on the other two on detecting
new threats without any updates or input for the users, most
current IDPS on the market utilizes a combination of the four
main methodologies. The paper also offered ways to easily
compare and evaluate IDPS methodologies that are used by
IDPS products on the market. Our future research includes
experiments using some commercial and open source tools
using our evaluation criteria.
VI.REFERENCES
[1] Animesh Patcha, Jung-Min Park, “An overview of anomaly detection
techniques: Existing solutions and latest technological trends,
Computer Networks,” The International Journal of Computer and
Telecommunications Networking, Vol.51, No.12, August, 2007,
pp.3448-3470.
[2] Rebecca Bace, “An introduction to intrusion detection and assessment
for system and network security management.” ICSA Intrusion
Detection Systems Consortium Technical Report, 1999.
[3] James P. Anderson, “Computer security threat monitoring and
surveillance,” James P. Anderson Co., Fort Washington, Pennsylvania,
technical Report, April 1980.
[4] Tarek S. Sobh, “Wired and wireless intrusion detection system:
Classifications, good characteristics and state-of-the-art,” Computer
Standards & Interfaces 28 , 2006, pp. 670– 694.
[5] Fredrik.Valeur, Giovanni Vigna, Christopher Kruegel, Richard A.
Kemmerer, “A comprehensive approach to intrusion detection alert
correlation,” IEEE Transactions on Dependable and Secure Computing,
Vol. 1, NO. 3, 2004.
[6] Shelly X. Wu, Wolfgang Banzhaf, “The use of computational
intelligence in intrusion detection systems: A review,” Applied Soft
Computing Journal 10, 2010, pp. 1-35.
[7] Xuan D. Hoang, Jiankun Hu, Peter Bertok, “A program-based anomaly
intrusion detection scheme using multiple detection engines and fuzzy
inference,” Journal of Net- work and Computer Applications 32, 2009,
pp. 1219–1228.
[8] Elshoush H. Tagelsir, Izzeldin M. Osman, “Alert correlation in
collaborative intelligent intrusion detection systems—A survey.”
Applied Soft Computing 11, 2011, pp. 4349-4365.
[9] Shanbhag, Shashank, Tilman Wolf. “Accurate anomaly detection
through parallelism.” IEEE Network 23.1, 2009, pp. 22-28.
[10] James Cannady, Jay Harrell, “A comparative analysis of current
Intrusion detection technologies,” Houston 1996, Proc. 4th
Technology
for Information Security Conference.
[11] Bejtlich, Richard, “The Tao of Network Security Monitoring: Beyond
Intrusion Detection,” Addison-Wesley, 2004.
[12] Terry Brugger, “KDD cup’99 dataset (network intrusion) considered
harmful,” http://www.kdnuggets.com/news/2007/n18/4i.html, 2007.
[13] Karen Scarfone and Peter Mell, “Guide to Intrusion Detection and
PreventionSystems(IDPS),”
http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf, 2007.
[14] Pedro Garcı´a-Teodoroa, Jesus E. Dı´az-Verdejoa, Gabriel .Macia-
Ferna´ndeza, Enrique Va´zquezb, “Anomaly-based network intrusion
detection: Techniques, systems and challenge,” Computers Security
28.1-2, 2009, pp. 18-28.
[15] Chih-Fong Tsai, YuFeng Hsu, Chia-Ying Lin, W.Y.Lin, “Intrusion
detection by machine learning: A review,” Expert Systems with
Applications, Vol 36, No.10. December 2009, pp.11994-12000.
[16] Dorothy, Denning. “An intrusion-detection model,” IEEE Transactions
on Software Engineering, Vol. SE-13, No.2. February, 1987.
[17] Alfonso Valdes, Keith Skinner, “Probabilistic alert correlation,” 4th
International Symposium on Recent Advances in Intrusion Detection
(RAID2001), 2001, pp.54–68.
[18] Indraneel Mukhopadhyay, Mohuya Chakraborty and Satyajit
Chakrabarti, "A Comparative Study of Related Technologies of
Intrusion Detection & Prevention Systems," Journal of Information
Security, Vol. 2 No. 1, pp. 28-38.
[19] Justin Lee, Stuart Moskovics, Lucas Silacci, “A Survey of Intrusion
Detection Analysis Methods,” CSE 221, University of California, San
Diego, Spring 1999.
[20] Ning Weng, Luke Vespa, Benfano Soewito, “Deep packet pre-filtering
and finite state encoding for adaptive intrusion detection system,”
Computer Networks, Vol. 55, 2011, pp. 1648–1661.
[21] Ali M. Aydın, Halim A. Zaim, Gokhan K. Ceylan, “A hybrid intrusion
detection system design for computer network security,” Computers
and Electrical Engineering, Vol. 35, 2009, pp. 517–526.
[22] Kenneth L. Ingham, Anil Somayaji, “A Methodology for Designing
Accurate Anomaly Detection Systems,” 4th international IFIPACM
Latin American conference on Networking LANC 07, 2007, pp.139.