The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Alert fusion is a key problem in distributed intrusion detection system (DIDS). The paper proposes a distributed intrusion alert fusion scheme based on multiple keywords and routing infrastructure: distributed hash table (DHT). All the related alerts produced by local sensor can be routed and fused to their corresponding peers by multiple keywords, while evenly distributing unrelated alerts to different...
The rapid proliferation of computer networks has changed the prospect of network security. An easy accessibility condition cause computer networkpsilas vulnerable against several threats from hackers. Threats to networks are numerous and potentially devastating. Up to the moment, researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several available environments...
Intrusions are one of the most important issues in the current Internet environment. Therefore, a lot of researchers and companies elaborated countermeasure techniques such as intrusion detection systems (IDS) and intrusion prevention systems (IPS). These systems detect intrusions and prevent attackers from succeeding in their intrusion attempts. They usually rely on pattern matching and therefore,...
This paper proposed an intrusion detection system framework adapt to load characteristic under IPv6/4 environment; it uses decision-tree-based classification method, under guidance of a certain flow, creates dynamically rule matching tree adapt to load characteristic, reduces greatly the rule set that per packet or event need to be detected, improves the detection efficiency, can be utilized to solve...
Nowadays, we are witnessing an important increase in attacks among which distributed denial-of-service (DDoS) that easily flood the victims using multiple paths. Intrusion detection and filtering are necessary mechanisms to combat against these attacks and secure networks. However, the existing detection techniques for DDoS attacks have their entities work in isolation. In this paper, we propose an...
Integrated multi-core processors with on-chip application acceleration have established themselves as the most efficient method of powering next-generation networking platforms. New research has been conducted for addressing the issues of multi-core supported network and system security. This paper put forward an asymmetrical multiprocessing architecture multi-core supported anomaly intrusion detection...
Security has emerged as the biggest threat to information systems. System protection mechanisms such as access controls can be fooled by authorized but malicious users, masqueraders, and misfeasors. As a result, serious damage can be caused either because many intrusions are never detected or because the average detection latency is too long. In this paper, we define intrusion confinement thru isolation...
One of the reasons that the research of intrusion detection in wireless sensor networks has not advanced significantly is that the concept of "intrusion" is not clear in these networks. In this paper we investigate in depth one of the most severe attacks against sensor networks, namely the sinkhole attack, and we emphasize on strategies that an attacker can follow to successfully launch...
The Internet has become a vital communication infrastructure. However, the same Internet has also become the vehicle for many powerful malicious attacks (e.g., botnets) that could turn it into doing more harm than good. This has led to the development, and sometimes deployment, of various security infrastructures and services (e.g., PKI, DNSSEC and TPM). Unfortunately, it seems inevitable, at least...
The existed distributed intrusion detection system adopt the architecture which the data is collected and analyzed centrally, in which there are some defects. The defects are like simple point invalidation and bad extension. On the base of analyzing existed distributed intrusion detection system , this paper designs one distributed intrusion detection system based on the entity model and proposed...
We develop a class of adaptive security protocols with designs to allow group communication systems (GCSs) in mobile ad hoc networks (MANETs) to dynamically adjust operational settings to best satisfy application-imposed performance and security requirements, leveraging the inherent tradeoff between security and performance properties of the system. These adaptive security protocols include an intrusion...
Intrusion detection systems (IDS) are fundamentally passive and fail-open. Because their primary task is classification, they do nothing to prevent an attack from succeeding. An intrusion prevention system (IPS) is deployed in-line with its capability to provide real-time and active defense. It makes attempts to stop attacks. This paper presents the design and implementation of LDLB: a light intrusion...
This paper presents a taxonomy of anomaly detection techniques that is then used to survey and classify a number of research prototypes and commercial products. Commercial products and solutions based anomaly detection techniques are beginning to establish themselves in mainstream security solutions alongside firewalls, intrusion prevention systems and network monitoring solutions. These solutions...
An intrusion detection system which can work in IPv6 network environment is designed and implemented based on protocol analysis and pattern match technology in this paper. The system not only can fast detect system vulnerabilities and network intrusion events, but also possesses high accuracy and good performance. Furthermore, the system is tested using IDSwakeup. The test shows that the system can...
Alert correlation is the method used to analyze the implicit relation among attacks so as to discover real threats. There already have been several proposals on alert correlation, such as the methods based on predefined knowledge and the methods need no predefined knowledge. But they all have their drawbacks. Generally, the predefined knowledge based methods have no ability to recognize unknown attacks,...
We have implemented Multi-Session based Network Security Event Detector: ROOK to detect botnet activity and P2P file sharing traffic and our results show that our method is less false positives than existing network security event detectors (e.g. IDS). We proposed a network security event detection method by analyzing correlation among multiple sessions. Our method can recognize hosts behaviors by...
This paper describes the design and research of intrusion detection rules in the distributed intrusion detection system which is based on agent. The hierarchical framework model based on intelligent agents is proved in the distribute intrusion system. The model involves three kinds of intelligent agents: A type agent, B type agent and C type agent which have different task. The definition and analysis...
The 3 most important issues for anomaly detection based intrusion detection systems by using data mining methods are: feature selection, data value normalization, and the choice of data mining algorithms. In this paper, we study primarily the feature selection of network traffic and its impact on the detection rates. We use KDD CUP 1999 dataset as the sample for the study. We group the features of...
We present a model and architecture that enhances the traditional signature based intrusion detection engine with threat-awareness capability. Signature based network intrusion detection systems use a set of signatures S to evaluate captured network traffic for detecting intrusions. However, due to dynamic changes in the threat level of a network, only a subset of signatures s of S is relevant to...
An important aspect of homeland security is securing public buildings and places against intrusion. Wireless sensor networks (WSN) are an efficient means of detecting intrusion and extremely convenient to deploy in such situations. However, the software running on top of the sensor nodes that directly supports the alarm applications defined by the security forces needs to provide reliability, security...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.