Online Intrusion Behaviors: Sequences and Time Intervals

2010 ◽  
Vol 38 (10) ◽  
pp. 1307-1312
Author(s):  
Hao-En Chueh ◽  
Shun-Chuan Ho ◽  
Shih-Peng Chang ◽  
Ping-Yu Hsu
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Clustering Analysis ◽  
Pattern Analysis ◽  
Sequential Pattern ◽  
Intrusion Detection Systems ◽  
Time Intervals ◽  
Detection Systems ◽  
Intrusion Alerts ◽  
Network Environments

In this study we model the sequences and time intervals of online intrusion behaviors. To maintain network security, intrusion detection systems monitor network environments; however, most existing intrusion detection systems produce too many intrusion alerts, causing network managers to investigate many potential intrusions individually to determine their validity. To solve this problem, we combined a clustering analysis of the time intervals of online users' behaviors with a sequential pattern analysis to identify genuine intrusion behaviors. Knowledge of the patterns generated by intruder behaviors can help network managers maintain network security.

scholarly journals Multivariable Heuristic Approach to Intrusion Detection in Network Environments

Entropy ◽  
2021 ◽  
Vol 23 (6) ◽  
pp. 776
Author(s):  
Marcin Niemiec ◽  
Rafał Kościej ◽  
Bartłomiej Gdowski
Keyword(s):  
Intrusion Detection ◽  
Heuristic Algorithm ◽  
Detection Algorithm ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Thresholds ◽  
Detection Systems ◽  
Different Types ◽  
Ongoing Development ◽  
Network Environments

The Internet is an inseparable part of our contemporary lives. This means that protection against threats and attacks is crucial for major companies and for individual users. There is a demand for the ongoing development of methods for ensuring security in cyberspace. A crucial cybersecurity solution is intrusion detection systems, which detect attacks in network environments and responds appropriately. This article presents a new multivariable heuristic intrusion detection algorithm based on different types of flags and values of entropy. The data is shared by organisations to help increase the effectiveness of intrusion detection. The authors also propose default values for parameters of a heuristic algorithm and values regarding detection thresholds. This solution has been implemented in a well-known, open-source system and verified with a series of tests. Additionally, the authors investigated how updating the variables affects the intrusion detection process. The results confirmed the effectiveness of the proposed approach and heuristic algorithm.

scholarly journals MULTI-GIGABIT PATTERN FOR DATA IN NETWORK SECURITY

2013 ◽  
pp. 249-256
Author(s):  
Praveen Kumar . Ch ◽  
Prof.P.Vijai Bhaskar ◽  
Ravi. Ch ◽  
B.Rambhupal Reddy
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Pattern Matching ◽  
Intrusion Detection Systems ◽  
Search Pattern ◽  
Detection Systems ◽  
Network Intrusion ◽  
Matching Techniques ◽  
Detection Search ◽  
Perfect Hashing

In the current scenario network security is emerging the world. Matching large sets of patterns against an incoming stream of data is a fundamental task in several fields such as network security or computational biology. High-speed network intrusion detection systems (IDS) rely on efficient pattern matching techniques to analyze the packet payload and make decisions on the significance of the packet body. However, matching the streaming payload bytes against thousands of patterns at multi-gigabit rates is computationally intensive. Various techniques have been proposed in past but the performance of the system is reducing because of multi-gigabit rates.Pattern matching is a significant issue in intrusion detection systems, but by no means the only one. Handling multi-content rules, reordering, and reassembling incoming packets are also significant for system performance. We present two pattern matching techniques to compare incoming packets against intrusion detection search patterns. The first approach, decoded partial CAM (DpCAM), pre-decodes incoming characters, aligns the decoded data, and performs logical AND on them to produce the match signal for each pattern. The second approach, perfect hashing memory (PHmem), uses perfect hashing to determine a unique memory location that contains the search pattern and a comparison between incoming data and memory output to determine the match. The suggested methods have implemented in vhdl coding and we use Xilinx for synthesis.

Intrusion Detection Systems Alerts Reduction

2018 ◽  
pp. 255-275 ◽  
Author(s):  
Aymen Akremi ◽  
Hassen Sallay ◽  
Mohsen Rouached
Keyword(s):  
Intrusion Detection ◽  
High Speed ◽  
Detection System ◽  
Search Space ◽  
Relevant Information ◽  
Intrusion Detection Systems ◽  
Detection Accuracy ◽  
Detection Systems ◽  
Rules Set ◽  
Intrusion Alerts

Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

Framework for Threat Analysis and Attack Modelling of Network Security Protocols

2020 ◽  
pp. 110-124
Author(s):  
Nachiket Athavale ◽  
Shubham Deshpande ◽  
Vikash Chaudhary ◽  
Jatin Chavan ◽  
S. S. Barde
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Detection System ◽  
Security Protocols ◽  
Intrusion Detection Systems ◽  
Sensitive Information ◽  
Detection Systems ◽  
Threat Analysis ◽  
Warning Message ◽  
System Administrator

Nowadays everything is computerized including banking and personal records. Also, to boost business profits, businessmen have changed their way of operations from physical way to electronic way, for example Flipkart. But as these developments benefit the developer they also increase the chance of exposing all of customer's personal details to malicious users. Hackers can enter into the system and can steal crucial or sensitive information about other authentic users and in case of banks leads to frauds. Security thus, becomes an important issue for all companies and banks. Intrusion detection systems help such companies by detecting in real time whether an intrusion is carried on or not. Here the authors are developing a signature based intrusion detection system which will scan incoming packets and send a warning message to system administrator. Also, the authors are implementing a framework and provide it to all the users so that developing intrusion detection based system similar to ours. The advantage of using framework is that it can be upgraded and re-defined whenever it is needed.

scholarly journals Data Mining Techniques for Providing Network Security through Intrusion Detection Systems: a Survey

2018 ◽  
Vol 7 (1) ◽  
pp. 7
Author(s):  
Prabhu Kavin B ◽  
Ganapathy S
Keyword(s):  
Data Mining ◽  
Network Security ◽  
Intrusion Detection ◽  
Detection System ◽  
Intrusion Detection Systems ◽  
Detection Accuracy ◽  
Data Mining Techniques ◽  
Detection Systems ◽  
Data Mining Algorithms ◽  
Soft Computing Techniques

Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.

Synthesis of Supervised Approaches for Intrusion Detection Systems

2014 ◽  
pp. 44-57
Author(s):  
Ahmed Chaouki Lokbani ◽  
Ahmed Lehireche ◽  
Reda Mohamed Hamou ◽  
Abdelmalek Amine
Keyword(s):  
Data Mining ◽  
Network Security ◽  
Intrusion Detection ◽  
Bayesian Networks ◽  
Decision Trees ◽  
Association Rules ◽  
Intrusion Detection Systems ◽  
Data Mining Techniques ◽  
Evaluation Measures ◽  
Detection Systems

Given the increasing number of users of computer systems and networks, it is difficult to know the profile of the latter, and therefore, intrusion has become a highly prized area of network security. In this chapter, to address the issues mentioned above, the authors use data mining techniques, namely association rules, decision trees, and Bayesian networks. The results obtained on the KDD'99 benchmark have been validated by several evaluation measures and are promising and provide access to other techniques and hybridization to improve the security and confidentiality in the field.

Intrusion Detection Systems

2014 ◽  
Vol 596 ◽  
pp. 852-855 ◽  
Author(s):  
Gui Guo Liu
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Information Society ◽  
Data Availability ◽  
Intrusion Detection Systems ◽  
Network Information ◽  
Detection Techniques ◽  
Detection Systems

In the ear of information society, network security have become a very important issues. Intrusion is a behavior that tries to destroy confidentiality, data integrality, and data availability of network information. Intrusion detection systems are constructed as a software that automates the automatically detects possible intrusions. In this paper, we present the existing intrusion detection techniques in details including intrusion detection types, firewalls, etc.

A Review on Intrusion Detection Systems and Techniques

2020 ◽  
Vol 28 (Supp02) ◽  
pp. 65-91
Author(s):  
Nitesh Singh Bhati ◽  
Manju Khari ◽  
Vicente García-Díaz ◽  
Elena Verdú
Keyword(s):  
Network Security ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Security System ◽  
Intrusion Detection Systems ◽  
The Internet ◽  
Detection Techniques ◽  
Detection Systems ◽  
Network Security System

An Intrusion Detection System (IDS) is a network security system that detects, identifies, and tracks an intruder or an invader in a network. As the usage of the internet is growing every day in our society, the IDS is becoming an essential part of the network security system. Therefore, the proper research and implementation of IDSs are required. Today, with the help of improved technologies at our disposal, many solutions have been found to create many intrusion detection systems. However, it is difficult to identify the perfect solution from the vast options we have available. Hence, motivated by the need of a better security system, this paper presents a survey of different published solutions that have been developed and/or researched on the topic of intrusion detection techniques during the period from 2000 to 2019, including the accuracy of the output. With the help of this survey, an all-inclusive view of the different papers would be at one’s disposal.

Sign in / Sign up

Export Citation Format

Share Document