Host-Based Intrusion Detection System Using File Signature Technique
0
Citation
6
Reference
10
Related Paper
Keywords:
Jaccard index
Signature (topology)
The advantages and disadvantages of anomaly detection and misuse detection are summarized,and a network intrusion detection system model based on the hybrid intrusion detection technique is proposed by combining the advantages and overcoming the shortcomings.The results of anomaly detection and misuse detection are not always same for one action.The tracking algorithm in the paper effectively solves the problem that the results of anomaly detection and misuse detection are not same entirely.In the model,the normal behavior profiles are established through the data mining method and the anomaly detection engine is realized through entire sequence comparison and the correlation function.The model in the paper is better than the model based on a single intrusion detection technology in detection results.
Misuse detection
Cite
Citations (0)
Misuse detection
Cite
Citations (4)
Abstract In an information system, intrusions are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. Intrusion detection techniques have been traditionally classified into one of two methodologies: anomaly detection or misuse detection . This chapter gives an overview of the existing intrusion detection techniques, including anomaly detection and misuse detection models, and identifies techniques related to intrusion detection in distributed systems. Topics covered include statistical models, machine learning and data mining approaches, computer immunological approach, specification‐based approach, information theoretic measures for anomaly detection, rule‐based languages, state transition analysis toolkit, colored Petri automata (CPA), abstraction‐based approach, distributed intrusion detection systems, network‐based intrusion detection systems, and information sharing among intrusion detection systems.
Misuse detection
Abstraction
Cite
Citations (73)
Recently, Intrusion detection system is an important technology in computer network system because of has seen a dramatic increase in the number of attacks. The most of intrusion detection methods do not detect intrusion on real-time because difficult to analyze an auditing data for intrusions. A network intrusion detection system is used to monitors the activities of individual users, groups, remote hosts and entire systems, and detects suspected security violations, by both insider and outsiders, as they occur. It is learns user’s behavior patterns over time and detects behavior that deviates from these patterns. In this paper has rule-based component that can be used to encode information about known system vulnerabilities and intrusion scenarios. Integrating the two approaches makes Intrusion Detection System a comprehensive system for detecting intrusions as well as misuse by authorized users or Anomaly users (unauthorized users) using RFM analysis methodology and monitoring collect data from sensor Intrusion Detection System(IDS).
Misuse detection
Cite
Citations (0)
Intrusion Detection System is one of the important security mechanisms in today's information era. Two different approaches are used for intrusion detection: signature based and anomaly based. Signature based Intrusion Detection System is able to identify known attacks only whose signatures are available. While anomaly based Intrusion Detection System suffers from problem of high false alarms. Intrusion detection analyst need to address all alerts generated by Intrusion Detection System. If most of these alerts are false, then it is difficult for Intrusion detection analyst to identify real attack and act on it. In our research work we have designed solution to reduce false alerts generated by anomaly based Intrusion Detection System.
Signature (topology)
System call
Anomaly (physics)
False positive rate
Cite
Citations (3)
Intrusion detection is one of hot topics, this paper describes the background and purport of intrusion detection briefly,introduces the definition of intrusion and classification of intrusion detection, compares and analyzes various intrusion detection methods and architecture of intrusion detection systems. Finally,the research direction of intrusion detection is directed.
Cite
Citations (0)
Intrusions in an information system are the activities that violate the security policy of the system, and intrusion detection is the process used to identify intrusions. Intrusion detection has been studied for approximately 20 years. Intrusion detection provides a way to identify intrusion and allow responses to attacks against the systems. We present a machine learning approach known as Genetic Algorithm, to identify such attack type of connections. Intrusion detection system used information in the form of audit trails or packet of the network. In this paper we try to solve the fidelity problem. The intrusion detection systems have more result or information in misinterpretations or missed events is known as fidelity.
Misuse detection
Tree (set theory)
Cite
Citations (8)
Machine learning and data mining algorithms play important roles in designing intrusion detection systems. Based on their approaches toward the detection of attacks in a network, intrusion detection systems can be broadly categorized into two types. In the misuse detection systems, an attack in a system is detected whenever the sequence of activities in the network matches with a known attack signature. In the anomaly detection approach, on the other hand, anomalous states in a system are identified based on a significant difference in the state transitions of the system from its normal states. This chapter presents a comprehensive discussion on some of the existing schemes of intrusion detection based on misuse detection, anomaly detection and hybrid detection approaches. Some future directions of research in the design of algorithms for intrusion detection are also identified.
Misuse detection
Signature (topology)
Anomaly (physics)
System call
Cite
Citations (17)
Most intrusion detection systems (IDS) today lack the ability to detect both known and unknown intrusions. Even a very slight variation from known intrusions will go undetected thus rendering the IDS ineffectiveness. This paper proposes Anomaly and Signature-based Intrusion Detection System. The combination is needed in order to increase effectiveness of the IDS. The need arouse due to the fact that individual detection systems possesses serious drawbacks which can be solved only by combining them. With this at hand gives rise to an approach known as anomaly signature-based which is more efficient than individual techniques. This is due to the fact that anomaly detection detects unknown intrusions while signature-based detection detects known intrusions. By combining both techniques in conjunction with our anomaly signature-based system approach we are assured of an intrusion detection system that does not only detect both known and unknown intrusions but also capable of updating the signature-based detection database, thus in return rendering effectiveness to intrusion detection systems.
Signature (topology)
Anomaly (physics)
Cite
Citations (1)
With the rapid growth of computer networks during the past few years, security has become a crucial issue for modern computer systems. A good way to detect illegitimate use is through monitoring unusual user activity. This can be achieved with an Intrusion Detection System, which identifies attacks and reacts by generating alerts or by blocking the unwanted data/traffic. These systems are mainly classified as Anomaly based Intrusion Detection Systems and Misuse based Intrusion Detection Systems. Anomaly based Intrusion Detection System has the benefit of detecting novel attacks but has a high false positive rate. On the other hand, Misuse based systems are signature based having higher accuracy. Misuse based Intrusion Detection System fails to detect novel attacks. To overcome these limitations, both Anomaly based and Misuse based Intrusion Detection Systems should be combined to form a new Hybrid Intrusion Detection System. A new Hybrid Intrusion Detection System is proposed. In this system, fuzzy data-mining concept based on genetic algorithm is used as an intrusion detection system. KDD dataset is used to train the system and test the system.
Misuse detection
Cite
Citations (0)