scholarly journals Threat Defense: Cyber Deception Approach and Education for Resilience in Hybrid Threats Model

Symmetry ◽  
2021 ◽  
Vol 13 (4) ◽  
pp. 597
Author(s):  
William Steingartner ◽  
Darko Galinec ◽  
Andrija Kozina
Keyword(s):  
Intrusion Detection System ◽  
Detection System ◽  
Threat Detection ◽  
Security Controls ◽  
Security Industry ◽  
Malicious Activity ◽  
Recent Innovation ◽  
Hybrid Threats ◽  
Authorized Access ◽  
Behavioral Analytics

This paper aims to explore the cyber-deception-based approach and to design a novel conceptual model of hybrid threats that includes deception methods. Security programs primarily focus on prevention-based strategies aimed at stopping attackers from getting into the network. These programs attempt to use hardened perimeters and endpoint defenses by recognizing and blocking malicious activities to detect and stop attackers before they can get in. Most organizations implement such a strategy by fortifying their networks with defense-in-depth through layered prevention controls. Detection controls are usually placed to augment prevention at the perimeter, and not as consistently deployed for in-network threat detection. This architecture leaves detection gaps that are difficult to fill with existing security controls not specifically designed for that role. Rather than using prevention alone, a strategy that attackers have consistently succeeded against, defenders are adopting a more balanced strategy that includes detection and response. Most organizations deploy an intrusion detection system (IDS) or next-generation firewall that picks up known attacks or attempts to pattern match for identification. Other detection tools use monitoring, traffic, or behavioral analysis. These reactive defenses are designed to detect once they are attacked yet often fail. They also have some limitations because they are not designed to catch credential harvesting or attacks based on what appears as authorized access. They are also often seen as complex and prone to false positives, adding to analyst alert fatigue. The security industry has focused recent innovation on finding more accurate ways to recognize malicious activity with technologies such as user and entity behavioral analytics (UEBA), big data, artificial intelligence (AI), and deception.

scholarly journals Explanation Framework for Intrusion Detection

2020 ◽  
pp. 83-91
Author(s):  
Nadia Burkart ◽  
Maximilian Franz ◽  
Marco F. Huber
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positives ◽  
Human Reasoning ◽  
Malicious Activity ◽  
Specific Policy ◽  
Decision Boundaries

AbstractMachine learning and deep learning are widely used in various applications to assist or even replace human reasoning. For instance, a machine learning based intrusion detection system (IDS) monitors a network for malicious activity or specific policy violations. We propose that IDSs should attach a sufficiently understandable report to each alert to allow the operator to review them more efficiently. This work aims at complementing an IDS by means of a framework to create explanations. The explanations support the human operator in understanding alerts and reveal potential false positives. The focus lies on counterfactual instances and explanations based on locally faithful decision-boundaries.

Deploying Honeynets

2008 ◽  
pp. 1562-1579
Author(s):  
Ronald C. Dodge Jr. ◽  
Daniel Ragsdale
Keyword(s):  
Intrusion Detection ◽  
Detailed Analysis ◽  
Intrusion Detection System ◽  
Computer Network ◽  
Production Systems ◽  
Detection System ◽  
Network System ◽  
Network Resources ◽  
Malicious User ◽  
Malicious Activity

When competent computer network system administrators are faced with malicious activity on their networks, they think of the problem in terms of four distinct but related activities: detection, prevention, mitigation, and response. The greatest challenge of these four phases is detection. Typically, detection comes in the form of intrusion detection system (IDS) alerts and automated application and log monitors. These however are fraught with mischaracterized alerts that leave administrators looking for a needle in a haystack. One of the most promising emerging security tools is the honeynet Honeynets are designed to divert the malicious user or attacker to non-production systems that are carefully monitored and configured to allow detailed analysis of the attackers’ actions and also protection of other network resources. Honeynets can be configured in many different ways and implemented from a full DMZ to a carefully placed file that is monitored for access.

Deploying Honeynets

2011 ◽  
pp. 266-286
Author(s):  
Ronald C. Dodge Jr. ◽  
Daniel Ragsdale
Keyword(s):  
Intrusion Detection ◽  
Detailed Analysis ◽  
Intrusion Detection System ◽  
Computer Network ◽  
Production Systems ◽  
Detection System ◽  
Network System ◽  
Network Resources ◽  
Malicious User ◽  
Malicious Activity

When competent computer network system administrators are faced with malicious activity on their networks, they think of the problem in terms of four distinct but related activities: detection, prevention, mitigation, and response. The greatest challenge of these four phases is detection. Typically, detection comes in the form of intrusion detection system (IDS) alerts and automated application and log monitors. These however are fraught with mischaracterized alerts that leave administrators looking for a needle in a haystack. One of the most promising emerging security tools is the honeynet Honeynets are designed to divert the malicious user or attacker to non-production systems that are carefully monitored and configured to allow detailed analysis of the attackers’ actions and also protection of other network resources. Honeynets can be configured in many different ways and implemented from a full DMZ to a carefully placed file that is monitored for access.

scholarly journals Study of Intrusion Detection System

2021 ◽  
Vol 9 (VI) ◽  
pp. 788-792
Author(s):  
Miss. Manoshri A. Ghawade
Keyword(s):  
Intrusion Detection ◽  
Key Management ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Secure Routing ◽  
Abnormal Behavior ◽  
Sybil Attack ◽  
Malicious Activity ◽  
Network Intrusion

An intrusion detection system (IDS) could be a device or software application that observes a network for malicious activity or policy violations. Any malicious activity or violation is often reported or collected centrally employing a security information and event management system. Some IDS’s are proficient of responding to detected intrusion upon discovery. These are classified as intrusion prevention systems (IPS). A system that analyzes incoming network traffic is thought as Network intrusion detection system (NIDS). A system that monitors important software files is understood as Host intrusion detection system (HIDS). Wireless sensor networks (WSNs) are vulnerable to different kinds of security threats which will degenrate the performance of the entire network; that may lead to fatal problems like denial of service (DoS) attacks, direction attacks, Sybil attack etc. Key management protocols, authentication protocols and secure routing cannot provide security to WSNs for these varieties of attacks. Intrusion detection system (IDS) could be a solution to the present problem. It analyzes the network by collecting sufficient amount of knowledge and detects abnormal behavior of sensor node(s).

Application of Representation Learning based Chronological Modeling for Network Intrusion Detection

2022 ◽  
Vol 16 (1) ◽  
pp. 0-0
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Representation Learning ◽  
Detection Methods ◽  
Network Intrusion Detection ◽  
Moving Averages ◽  
Malicious Activity ◽  
Network Intrusion ◽  
Individual Observation

An autoencoder has the potential to overcome the limitations of current intrusion detection methods by recognizing benign user activity rather than differentiating between benign and malicious activity. However, the line separating them is quite blurry with a significant overlap. The first part of this study aims to investigate the rationale behind this overlap. The results suggest that although a subset of traffic cannot be separated without labels, timestamps have the potential to be leveraged for identification of activity that does not conform to the normal or expected behavior of the network. The second part aims to eliminate dependence on visual-inspections by exploring automation. The trend of errors for HTTP traffic was modeled chronologically using resampled data and moving averages. This model successfully identified attacks that had orchestrated over HTTP within their respective time slots. These results support the hypothesis that it is technically feasible to build an anomaly-based intrusion detection system where each individual observation need not be categorized.

Hybrid Intrusion Detection System Security Enrichment Using Classifier Ensemble

2020 ◽  
Vol 17 (1) ◽  
pp. 434-438
Author(s):  
D. Karthikeyan ◽  
V. Mohanraj ◽  
Y. Suresh ◽  
J. Senthilkumar
Keyword(s):  
Data Mining ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection Rate ◽  
Detection System ◽  
Classifier Ensemble ◽  
Intrusion Detection Systems ◽  
Detection Systems ◽  
Malicious Activity ◽  
Using Data

Intrusion Detection Systems (IDS) is a software or device used to monitor a system or network for malicious activity. Thus, effective intrusion detection of different attacks. Existing methods of studies prove value of data mining methods in Intrusion Detection Systems (IDS). We focus on improving intrusion detection rate of IDS using Data Mining techniques. We implements a new classifier ensemble based intrusion detection systems (CEBIDS) using hybird detection approaches. CEBIDS combines feature level and data level techniques in WEKA tool with KDD cup’99 dataset enhances detection rate in significant manner.

scholarly journals Secure automated threat detection and prevention (SATDP)

2018 ◽  
Vol 7 (2.20) ◽  
pp. 86
Author(s):  
CH Ramaiah ◽  
D Adithya Charan ◽  
R Syam Akhil
Keyword(s):  
Artificial Intelligence ◽  
Intrusion Detection System ◽  
Detection System ◽  
Network Intrusion Detection ◽  
Threat Detection ◽  
Final Phase ◽  
Learning Mechanism ◽  
Network Intrusion ◽  
Network Server ◽  
Threat Environment

Secure automated threat detection and prevention is the more effective procedure to reduce the workload of analyst by scanning the network, server functions& then informs the analyst if any suspicious activity is detected in the network. It monitors the system continuously and responds according to the threat environment. This response action varies from phase to phase. Here suspicious activities are detected by the help of an artificial intelligence which acts as a virtual analyst concurrently with network intrusion detection system to defend from the threat environment and taking appropriate measures with the permission of the analyst. In its final phase where packet analysis is carried out to surf for attack vectors and then categorize supervised and unsupervised data.  Where the unsupervised data will be decoded or converted to supervised data with help of analyst feedback and then auto-update the algorithm (virtual analyst). So that it evolves the algorithm (with active learning mechanism) itself by time and become more efficient, strong. So, it can able to defend form similar or same kind of attacks.  

scholarly journals High Performance Network Intrusion Detection System

2019 ◽  
Vol 9 (2) ◽  
pp. 3749-3753
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
High Performance ◽  
Detection System ◽  
Network Intrusion Detection ◽  
Single Issue ◽  
Multiple Resources ◽  
Malicious Activity ◽  
Network Intrusion ◽  
Aes Encryption Algorithm

In this paper, we present intrusion detection system for finding the variant types of attacks in the network. It is the way to enhance the functionality in the network by reducing the chances of risks. ICMP protocol and AES encryption algorithm are used to report the error messages and manage the information being sent from source to destination. If there is any malicious activity occurred in the network, the user will be alerted of it by specifying them the type of malicious activity. As a result it reduces the chances of intrusions and contacting multiple resources for resolving single issue.

Sign in / Sign up

Export Citation Format

Share Document