A comparison of Intrusion Detection systems

Biermann, Elmarie; Cloete, E.; Venter, Lucas M.

doi:10.1016/s0167-4048(01)00806-9

Cited by 111 publications

(47 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Some developments like the one presented in this paper could be use to update the detection engine with one released rule at a time without the handicap of long vulnerable windows due to the updating method of packaged rules. In [12] some drawbacks of misuse based approaches are examined, as the need of regularly updating a knowledge base in order to add new intrusion scenarios, work that must be performed by experts or system designers. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 …”

Section: A C C E P T E D Accepted Manuscriptmentioning

confidence: 99%

Analysis of update delays in signature-based network intrusion detection systems

Gascón

Orfila

Blasco

2011

Computers & Security

View full text Add to dashboard Cite

Network Intrusion Detection Systems (NIDS) play a fundamental role on security policy deployment and help organizations in protecting their assets from network attacks. Signature-based NIDS rely on a set of known patterns to match malicious traffic. Accordingly, they are unable to detect a specific attack until a specific signature for the corresponding vulnerability is created, tested, released and deployed. Although vital, the delay in the updating process of these systems has not been studied in depth. This paper presents a comprehensive statistical analysis of this delay in relation to the vulnerability disclosure time, the updates of vulnerability detection systems (VDS), the software patching releases and the publication of exploits. The widely deployed NIDS Snort and its detection signatures release dates have been used. Results show that signature updates are typically available later than software patching releases. Moreover, Snort rules are generally released within the first 100 days from the vulnerability disclosure and most of the times exploits and the corresponding NIDS rules are published with little difference. Implications of these results are drawn in the context of security policy definition. This study can be easily kept up to date due to the methodology used.

show abstract

Section: A C C E P T E D Accepted Manuscriptmentioning

confidence: 99%

Analysis of update delays in signature-based network intrusion detection systems

Gascón

Orfila

Blasco

2011

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Statistics is the most widely used technique, which defines normal behavior by collecting data relating to the behavior of legitimate users over a period of time [3]. The representative IDS based on statistics is NIDES (Next-generation Intrusion Detection Expert Systems), which measures the similarity between a subject's long-term behavior and short term behavior for intrusion detection [8].…”

Section: Related Workmentioning

confidence: 99%

Combining Multiple Host-Based Detectors Using Decision Tree

Han

Cho

2003

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. As the information technology grows interests in the intrusion detection system (IDS), which detects unauthorized usage, misuse by a local user and modification of important data, have been raised. In the field of anomaly-based IDS several artificial intelligence techniques are used to model normal behavior. However, there is no perfect detection method so that most of IDSs can detect the limited types of intrusion and suffers from its false alarms. Combining multiple detectors can be a good solution for this problem of conventional anomaly detectors. This paper proposes a detection method that combines multiple detectors using a machine learning technique called decision tree. We use conventional measures for intrusion detection and modeling methods appropriate to each measure. System calls, resource usage and file access events are used to measure user's behavior and hidden Markov model, statistical method and rule-base method are used to model these measures which are combined with decision tree. Experimental results with real data clearly demonstrate the effectiveness of the proposed method that has significantly low false-positive error rate against various types of intrusion.

show abstract

“…An Intrusion Detection System (IDS) is a security tool that acts as a defensive line against attackers [1,2]. There are many vulnerabilities in a computer network.…”

Section: Introductionmentioning

confidence: 99%

KCMC: A Hybrid Learning Approach for Network Intrusion Detection using K-means Clustering and Multiple Classifiers

Farrahi¹,

Ahmadzadeh²

2015

IJCA

View full text Add to dashboard Cite

A network Intrusion Detection System (IDS) is a security tool that acts as a defensive line. One of the most important challenges in network intrusion detection research area is designing an accurate intrusion detection system in terms of high detection rate, high accuracy and low false alarm rate. Hybrid learning approaches employ to deal with this challenge since, they have promising results in terms of detection rate, accuracy and false alarm rate. This paper, proposed a general structure of a hybrid learning approach. Then, the proposed approach has been implemented using Kmeans Clustering and Multiple Classifiers (KCMC). The data have been partitioned based on K-means clustering algorithm. Then, each partition classified using a distinct classifier. Naïve Bayes, Support Vector Machines and OneR classification algorithms have been used as the classifiers. The proposed hybrid approach has better results comparing to single classifiers in terms of detection rate, accuracy and false alarm rate. The detection rate of the proposed hybrid learning approach is 99.50%.

show abstract

A comparison of Intrusion Detection systems

Cited by 111 publications

References 5 publications

Analysis of update delays in signature-based network intrusion detection systems

Analysis of update delays in signature-based network intrusion detection systems

Combining Multiple Host-Based Detectors Using Decision Tree

KCMC: A Hybrid Learning Approach for Network Intrusion Detection using K-means Clustering and Multiple Classifiers

Contact Info

Product

Resources

About