Behavioral Host-Based Intrusion Detection and Prevention System for Android

Intrusion Detection System (IDS) is vital to protect smartphones from about to happen security breach and make sure user privacy. Android is the most popular mobile Operating System (OS), holding many markets share. Android malware detection has received important concentration, existing solutions typically rely on performing resource intensive analysis on a server, assuming an uninterrupted link between the device and the server. In this paper, we propose a behavior Host-based IDS (HIDS) by using permissions incorporating arithmetical and ML algorithms. The benefit of our proposed IDS is two folds. First, it is completely independent and runs on the smartphone device, without need any link to a server. Second, it requires only training dataset consisting of some of examples from both benign and malicious datasets for tuning. though, in put into practice, collecting malicious examples is exciting since its important infecting the device and collecting many of samples in order to characterize the malware’s behavior and the labelling has to be done. The evaluation outcome show that the proposed IDS gives a very hopeful accuracy.

Download Full-text

Using response action with intelligent intrusion detection and prevention system against web application malware

Information Management & Computer Security ◽

10.1108/imcs-02-2013-0007 ◽

2014 ◽

Vol 22 (5) ◽

pp. 431-449 ◽

Cited By ~ 8

Author(s):

Ammar Alazab ◽

Michael Hobbs ◽

Jemal Abawajy ◽

Ansam Khraisat ◽

Mamoun Alazab

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Web Application ◽

Web Applications ◽

Detection Efficiency ◽

Detection System ◽

Content Type ◽

Novel Approach ◽

Prevention System ◽

Intrusion Detection And Prevention

Purpose – The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened. Design/methodology/approach – A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS). Findings – After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system. Research limitations/implications – Data limitation. Originality/value – The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.

Download Full-text

A HYBRID APPROACH OF INTRUSION DETECTION SYSTEM BASED ON NEURAL NETWORK AND NORMALIZATION

INTERNATIONAL JOURNAL ONLINE OF SCIENCE ◽

10.24113/ijoscience.v2i2.76 ◽

2016 ◽

Vol 2 (2) ◽

Author(s):

Kavita Patil ◽

Dr. Bhupesh Gour ◽

Mr. Deepak Tomar

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Hybrid Approach ◽

Attack Detection ◽

Proper Action ◽

Prevention System ◽

Event Handling ◽

Intrusion Detection And Prevention

In the whole world, the most famous threat that are spread around is done by the intruder computers over the internet. The types of external activity found over the system are termed as intrusion and the mechanism that is applied for the preservation of the information against these intrusions are called as intrusion detection system. For protecting the network, first there is a need to detect the attacks then take the proper action regarding it. There are techniques applied for scanning and analysing for highlighting the susceptibilities and loop-holes within the components of security, various aspects of network that are not secured and also implementation of the intrusion-detection and prevention-system techniques are also described here. In this paper, proposed methods based on Neural Network is described that provides better way of attack detection, that are required in various applications of security such as network forensics, portable computer and the event handling systems by applying various different approaches. Proposed work is implemented in MATALB.

Download Full-text

RELEVANCE OF THE DEVELOPMENT OF AN INTRUSION DETECTION SYSTEM WITH A TRAP MODULE

Interexpo GEO-Siberia ◽

10.33764/2618-981x-2020-8-1-165-167 ◽

2020 ◽

Vol 8 (1) ◽

pp. 165-167

Author(s):

Midat O. Maxudov ◽

Ivan E. Doroshenko ◽

Andrey S. Grehov ◽

Diana G. Makarova

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Detailed Report ◽

Prevention System ◽

Intrusion Detection And Prevention

The article presents the relevance of developing an intrusion detection system with a trap module. The trap module implemented as a part of the intrusion detection system allows providing a detailed report and information about the attacker for the intrusion detection and prevention system SNORT.

Download Full-text

Http Rule Base Intrusion Detection and Prevention System

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i1093.0789s219 ◽

2019 ◽

Vol 8 (9S2) ◽

pp. 438-441

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Rule Base ◽

Application Layer ◽

Malicious Activity ◽

Input Text ◽

Prevention System ◽

Hyper Text Transfer Protocol ◽

Intrusion Detection And Prevention

The objective of HTTP Rule Base Intrusion Detection and Prevention System (IDPS) is to provide security for one of the application layer protocols namely HTTP (Hyper-Text Transfer Protocol). Such an HTTP based Intrusion Detection System (IDS) detects header attacks and attacks in payload (includes HTML and scripting). Misuse detection uses signature based approach where predefined patterns are defined. The input text or pattern is compared with the predefined signatures to detect malicious activity. Furthermore new types of attacks are continuously created. The new attacks created by attacker are also detected by these IDS, only if attacks are in the form of signatures. Signatures are defined either in a single-line or by complex script languages and are used in rule base to detect attacks. These signatures and rules have to be updated periodically as the attacks are continuously changing its nature of attacks

Download Full-text

Design of Intrusion Detection and Prevention in SCADA System for the Detection of Bias Injection Attacks

Security and Communication Networks ◽

10.1155/2019/1082485 ◽

2019 ◽

Vol 2019 ◽

pp. 1-12 ◽

Cited By ~ 1

Author(s):

R. B. Benisha ◽

S. Raja Ratna

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

False Negative ◽

Grey Wolf Optimization ◽

Injection Attacks ◽

Scada System ◽

Prevention System ◽

Learning Machine ◽

Intrusion Detection And Prevention

Intrusion detection and prevention system detects malicious activities that occur in the real-time SCADA systems. This system has a problem without a profound solution. The challenge of the existing intrusion detection is accuracy in the process of detecting the anomalies. In SCADA, wind turbine data are modified by the intruders and forged details are given to the server. To overcome this, the biased intrusion detection system is used for detecting the intrusion with encrypted date, time, and file location with less false-positive and false-negative rates and thereby preventing the SCADA system from further intrusion. It is done in three phases. First, Modified Grey Wolf Optimization (MGWO) is used to extract the features needed for classification and to find the best weight. Second, Entropy-based Extreme Learning Machine (EELM) is used to extort the features and detect the intruded data with its intruded time, file location, and date. Finally, the data are encrypted using the Hybrid Elliptical Curve Cryptography (HECC) to prevent further attack. Experimental results show better accuracy in both detection as well as prevention.

Download Full-text

Intrusion Detection Based on Big Data Fuzzy Analytics

10.5772/intechopen.99636 ◽

2021 ◽

Author(s):

Farah Jemili ◽

Hajer Bouras

Keyword(s):

Big Data ◽

Network Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

High Performance ◽

Detection System ◽

Training Dataset ◽

False Alarms ◽

Massive Datasets ◽

Detection Rates

In today’s world, Intrusion Detection System (IDS) is one of the significant tools used to the improvement of network security, by detecting attacks or abnormal data accesses. Most of existing IDS have many disadvantages such as high false alarm rates and low detection rates. For the IDS, dealing with distributed and massive data constitutes a challenge. Besides, dealing with imprecise data is another challenge. This paper proposes an Intrusion Detection System based on big data fuzzy analytics; Fuzzy C-Means (FCM) method is used to cluster and classify the pre-processed training dataset. The CTU-13 and the UNSW-NB15 are used as distributed and massive datasets to prove the feasibility of the method. The proposed system shows high performance in terms of accuracy, precision, detection rates, and false alarms.

Download Full-text

Network Intrusion Detection System to Preserve User Privacy

Proceedings of International Conference on Computational Intelligence and Data Engineering - Lecture Notes on Data Engineering and Communications Technologies ◽

10.1007/978-981-10-6319-0_7 ◽

2017 ◽

pp. 85-94

Author(s):

Sireesha Rodda ◽

Uma Shankar Rao Erothi

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Network Intrusion Detection ◽

User Privacy ◽

Network Intrusion ◽

Network Intrusion Detection System

Download Full-text

Network Attacks Detection by Hierarchical Neural Network

Computer Engineering and Applications Journal ◽

10.18495/comengapp.v4i2.108 ◽

2015 ◽

Vol 4 (2) ◽

pp. 119-132

Author(s):

Mohammad Masoud Javidi

Keyword(s):

Neural Network ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Single Agent ◽

Attack Detection ◽

Intrusion Detection Systems ◽

Training Dataset ◽

Detection Systems ◽

Combination Of Classifiers

Intrusion detection is an emerging area of research in the computer security and net-works with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behavior or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper,we propose to use a hybrid intelligent approach using a combination of classifiers in order to make the decision intelligently, so that the overall performance of the resul-tant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or cluster first on the whole training dataset and then the output are applied to another classifier to classify the data. In this re- search, we applied Neural Network with Supervised and Unsupervised Learning in order to implement the intrusion detection system. Moreover, in this project, we used the method of Parallelization with real time application of the system processors to detect the systems intrusions.Using this method enhanced the speed of the intrusion detection. In order to train and test the neural network, NSLKDD database was used. Creating some different intrusion detection systems, each of which considered as a single agent, we precisely proceeded with the signature-based intrusion detection of the network.In the proposed design, the attacks have been classified into 4 groups and each group is detected by an Agent equipped with intrusion detection system (IDS).These agents act independently and report the intrusion or non-intrusion in the system; the results achieved by the agents will be studied in the Final Analyst and at last the analyst reports that whether there has been an intrusion in the system or not.Keywords: Intrusion Detection, Multi-layer Perceptron, False Positives, Signature- based intrusion detection, Decision tree, Nave Bayes Classifier

Download Full-text

Expert Knowledge Correlated Evaluation of Intrusion Detection System in Heterogeneous IoT

10.36227/techrxiv.16722784.v1 ◽

2021 ◽

Author(s):

Nitish A ◽

Prof.(Dr).Hanumanthapppa J ◽

Shiva Prakash S.P ◽

Kirill Krinkin

Keyword(s):

Intrusion Detection ◽

Intrusion Detection System ◽

Expert Knowledge ◽

Detection System ◽

Evaluation Framework ◽

Network Intrusion Detection ◽

Root Cause ◽

Network Intrusion ◽

Misclassification Rates ◽

Intrusion Detection And Prevention

<div>The dynamic heterogeneous IoT contexts adversely affect the performance of learning-based network intrusion detection and prevention systems resulting in increased misclassification rates—necessitating an expert knowledge correlated evaluation framework. The proposed framework includes intrusion root cause analysis and a correlation model that can be generalized over any network intrusion dataset, corresponding expert knowledge, detection technique, and learning-based algorithm. The experimentations prove the robustness of the propounded</div><div>framework on imbalanced datasets.</div>

Download Full-text