Design and Simulation of a Tree-Based Intrusion Detection System against Denial of Service

2010 ◽  
Vol 29-32 ◽  
pp. 790-795
Author(s):  
Yuan Bai ◽  
Zhong Ying Bai
Keyword(s):  
Data Structure ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Single Point ◽  
Denial Of Service ◽  
Network Element ◽  
Distributed Intrusion Detection ◽  
Simulation Results ◽  
And Performance

Based on analysis of relative and absolute traffic anomalies a fully DIDS(Distributed Intrusion Detection System) is built to detect and respond flooding DoS(Denial of Service) in a specific network area, using traffic trees as data structure to store, execute, communicate and combine abnormal data. A single component settled in a network element is called Tree-Devices and all Tree-Devices construct a Tree-DIDS, a fully DIDS. Tree-Devices communicate with other devices in three ways and collaborate to detect attacks, by which communication cost is reduced. Fully architecture avoids the single point failure, while double anomalies help to warn earlier. The simulation results and performance analysis show that Tree-DIDS works effectively.

scholarly journals An adaptive distributed Intrusion detection system architecture using multi agents

2019 ◽  
Vol 9 (6) ◽  
pp. 4951
Author(s):  
Riyad A. M. ◽  
M. S. Irfan Ahmed ◽  
R. L. Raheemaa Khan
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Mobile Agents ◽  
Detection System ◽  
Single Point ◽  
False Positives ◽  
Detection Systems ◽  
Bulk Data ◽  
Distributed Intrusion Detection ◽  
Multi Agents

Intrusion detection systems are used for monitoring the network data, analyze them and find the intrusions if any. The major issues with these systems are the time taken for analysis, transfer of bulk data from one part of the network to another, high false positives and adaptability to the future threats. These issues are addressed here by devising a framework for intrusion detection. Here, various types of co-operating agents are distributed in the network for monitoring, analyzing, detecting and reporting. Analysis and detection agents are the mobile agents which are the primary detection modules for detecting intrusions. Their mobility eliminates the transfer of bulk data for processing. An algorithm named territory is proposed to avoid interference of one analysis agent with another one. A communication layout of the analysis and detection module with other modules is depicted. The inter-agent communication reduces the false positives significantly. It also facilitates the identification of distributed types of attacks. The co-ordinator agents log various events and summarize the activities in its network. It also communicates with co-ordinator agents of other networks. The system is highly scalable by increasing the number of various agents if needed. Centralized processing is avoided here to evade single point of failure. We created a prototype and the experiments done gave very promising results showing the effectiveness of the system.

scholarly journals An Effective Fault-Tolerant Intrusion Detection System under Distributed Environment

2021 ◽  
Vol 2021 ◽  
pp. 1-9
Author(s):  
Bo Hong ◽  
Hui Wang ◽  
Zijian Cao
Keyword(s):  
Intrusion Detection ◽  
Data Storage ◽  
Intrusion Detection System ◽  
User Behavior ◽  
Fault Tolerant ◽  
Detection System ◽  
Single Point ◽  
Denial Of Service ◽  
Distributed Environment ◽  
Network Bandwidth

Traditional intrusion detection system is limited to a single network or several hosts, which has been seriously unable to fulfill the growing information security problems. This paper uses the distributed technology to design and implement an intrusion detection system (IDS) based on the hybrid of Hadoop with some effective open-source technologies. On the one hand, it can efficiently realize the data acquisition and analysis under distributed environment. On the other hand, it can solve the problems of single-point fault-tolerant and the insufficient data processing capacity of the traditional intrusion detection system. In this IDS, RabbitMQ, Flume, and MongoDB are utilized to act as the middleware of this system to build the system environment which includes the collector, analyzer, and data storage. By detecting the CPU and memory usage of hosts, TCP connections, network bandwidth, web server operation logs, and the logs of user behavior, the proposed IDS especially focuses on monitoring the first four parts, which can better detect external distributed denial of service attacks and intrusions and send automatically alarm service information to the administrators.

Modeling a distributed intrusion detection system using collaborative building blocks

2011 ◽  
Vol 36 (1) ◽  
pp. 1-8 ◽  
Author(s):  
Linda Ariani Gunawan ◽  
Michael Vogel ◽  
Frank Alexander Kraemer ◽  
Sebastian Schmerl ◽  
Vidar Slåtten ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Building Blocks ◽  
Distributed Intrusion Detection ◽  
Distributed Intrusion Detection System

scholarly journals Scrutinizing Attacks and Evaluating Performance Appraisal Parameters via Feature Selection in Intrusion Detection System

2021 ◽  
Author(s):  
Navroop Kaur ◽  
Meenakshi Bansal ◽  
Sukhwinder Singh S
Keyword(s):  
Feature Selection ◽  
Performance Evaluation ◽  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Support Vector ◽  
K Nearest Neighbor ◽  
Evaluation Parameters

Abstract In modern times the firewall and antivirus packages are not good enough to protect the organization from numerous cyber attacks. Computer IDS (Intrusion Detection System) is a crucial aspect that contributes to the success of an organization. IDS is a software application responsible for scanning organization networks for suspicious activities and policy rupturing. IDS ensures the secure and reliable functioning of the network within an organization. IDS underwent huge transformations since its origin to cope up with the advancing computer crimes. The primary motive of IDS has been to augment the competence of detecting the attacks without endangering the performance of the network. The research paper elaborates on different types and different functions performed by the IDS. The NSL KDD dataset has been considered for training and testing. The seven prominent classifiers LR (Logistic Regression), NB (Naïve Bayes), DT (Decision Tree), AB (AdaBoost), RF (Random Forest), kNN (k Nearest Neighbor), and SVM (Support Vector Machine) have been studied along with their pros and cons and the feature selection have been imposed to enhance the reading of performance evaluation parameters (Accuracy, Precision, Recall, and F1Score). The paper elaborates a detailed flowchart and algorithm depicting the procedure to perform feature selection using XGB (Extreme Gradient Booster) for four categories of attacks: DoS (Denial of Service), Probe, R2L (Remote to Local Attack), and U2R (User to Root Attack). The selected features have been ranked as per their occurrence. The implementation have been conducted at five different ratios of 60-40%, 70-30%, 90-10%, 50-50%, and 80-20%. Different classifiers scored best for different performance evaluation parameters at different ratios. NB scored with the best Accuracy and Recall values. DT and RF consistently performed with high accuracy. NB, SVM, and kNN achieved good F1Score.

Sign in / Sign up

Export Citation Format

Share Document