Intrusion detection is an important technology in business sector as well as an active area of research. It is an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action. Today computers are part of networked; distributed systems that may span multiple buildings sometimes located thousands of miles apart. The network of such a system is a pathway for communication between the computers in the distributed system. The network is also a pathway for intrusion. This system is designed to detect and combat some common attacks on network systems. It follows the signature based IDs methodology for ascertaining attacks. A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. It has been implemented in VC++. In this system the attack log displays the list of attacks to the administrator for evasive action. This system works as an alert device in the event of attacks directed towards an entire network.
LATTICE STRUCTURAL ANALYSIS ON SNIFFING TO DENIAL OF SERVICE ATTACKSIJCNCJournal
Sniffing is one of the most prominent causes for most of the attacks in the digitized computing environment. Through various packet analyzers or sniffers available free of cost, the network packets can be captured and analyzed. The sensitive information of the victim like user credentials, passwords, a PIN which is of more considerable interest to the assailants’ can be stolen through sniffers. This is the primary reason for most of the variations of DDoS attacks in the network from a variety of its catalog of attacks. An effective and trusted framework for detecting and preventing these sniffing has greater significance in today’s computing. A counter hack method to avoid data theft is to encrypt sensitive information. This paper provides an analysis of the most prominent sniffing attacks. Moreover, this is one of the most important strides to guarantee system security. Also, a Lattice structure has been derived to prove that sniffing is the prominent activity for DoS or DDoS attacks.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
Detection of Rogue Access Point in WLAN using Hopfield Neural Network IJECEIAES
The serious issue in the field of wireless communication is the security and how an organization implements the steps against security breach. The major attack on any organization is Man in the Middle attack which is difficult to manage. This attack leads to number of unauthorized access points, called rogue access points which are not detected easily. In this paper, we proposed a Hopfield Neural Network approach for an automatic detection of these rogue access points in wireless networking. Here, we store the passwords of the authentic devices in the weight matrix format and match the patterns at the time of login. Simulation experiment shows that this method is more secure than the traditional one in WLAN.
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMIJNSA Journal
Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. But secured data communication over internet and any other network is always under threat of intrusions and misuses. So Intrusion Detection Systems have
become a needful component in terms of computer and network security. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. In this progression, here we present an Intrusion
Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions. Parameters and evolution processes for GA are discussed in details and implemented. This approach uses evolution theory to information evolution in order to filter the traffic data and thus reduce the complexity. To implement and measure the performance of our system we used the KDD99
benchmark dataset and obtained reasonable detection rate.
An Intrusion Detection based on Data mining technique and its intended import...Editor IJMTER
Intrusion detection is a pivotal and essential requirement of today’s era. There are two
major side of Intrusion detection namely, Host based intrusion detection as well as network based
intrusion detection. In Host based intrusion detection system, it monitors the information arrive at the
particular machine or node. While in network based intrusion system, it monitor and analyze whole
traffic of network. Data mining introduce latest technology and methods to handle and categorize
types of attacks using different classification algorithm and matching the patterns of malicious
behavior. Due to the use of this data mining technology, developers extract and analyze the types of
attack in the network.
In addition to this there are two major approach of intrusion detection. First, anomaly based approach,
in which attacks are found with high false alarm rate. However, in signature based approach, false
alarm rate is low with lack of processing of novel attacks. Most of the researchers do their research
based on signature intrusion with the purpose to increase detection rate. Major advantage of this
system, IDS does not require biased assessment and able to identify massive pattern of attacks.
Moreover, capacity to handle large connection records of network. In this paper we try to discover
the features of intrusion detection based on data mining technique.
HIERARCHICAL DESIGN BASED INTRUSION DETECTION SYSTEM FOR WIRELESS AD HOC SENS...IJNSA Journal
In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection
system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.
A Performance Analysis of Chasing Intruders by Implementing Mobile AgentsCSCJournals
This document summarizes a research paper that proposes using mobile agents to improve intrusion detection systems. The paper presents an architecture for an intrusion detection system that uses mobile agents to autonomously collect intrusion-related information from systems on a network. Information collector agents gather data, while chasing agents work to trace the path of intrusions and locate their origin. The paper evaluates this approach and discusses how mobile agents can enhance intrusion detection through their mobility and autonomous functionality.
An Efficient Classification Mechanism For Network Intrusion Detection System Based on Data Mining
Techniques:A Survey..........................................................................................................................1
Subaira A. S. and Anitha P.
Automated Biometric Verification: A Survey on Multimodal Biometrics ..............................................1
Rupali L. Telgad, Almas M. N. Siddiqui and Dr. Prapti D. Deshmukh
Design and Implementation of Intelligence Car Parking Systems ........................................................1
Ogunlere Samson, Maitanmi Olusola and Gregory Onwodi
Intrusion Detection Techniques for Mobile Ad Hoc and Wireless Sensor Networks..............................1
Rakesh Sharma, V. A. Athavale and Pinki Sharma
Performance Evaluation of Sentiment Mining Classifiers on Balanced and Imbalanced Dataset ...........1
G.Vinodhini and R M. Chandrasekaran
Demosaicing and Super-resolution for Color Filter Array via Residual Image Reconstruction and Sparse
Representation..................................................................................................................................1
Jie Yin, Guangling Sun and Xiaofei Zhou
Determining Weight of Known Evaluation Criteria in the Field of Mehr Housing using ANP Approach ..1
Saeed Safari, Mohammad Shojaee, Mohammad Tavakolian and Majid Assarian
Application of the Collaboration Facets of the Reference Model in Design Science Paradigm ...............1
Lukasz Ostrowski and Markus Helfert
Personalizing Education News Articles Using Interest Term and Category Based Recommender
Approaches .......................................................................................................................................1
The use of honeynet to detect exploited systems (basic version)amar koppal
This document discusses the use of honeynets to detect exploited systems and hackers. It begins with an abstract and introduction on the topic. It then provides definitions of key terms like honeynet and honeypot. It describes the principles of data capture and data control that honeynets rely on. It discusses the differences between first (GEN I) and second (GEN II) generation honeynets. It outlines the typical honeynet architecture including honeypots and honeywalls. It explains how honeynets work to study attacker activities and methods. Finally, it discusses some advantages like high value data and simplicity, and disadvantages like narrow field of view of using honeynets.
A Modular Approach To Intrusion Detection in Homogenous Wireless NetworkIOSR Journals
This document discusses a modular approach to intrusion detection in homogeneous wireless networks. It begins by introducing wireless networks and the need for intrusion detection systems (IDS) due to security vulnerabilities. It then discusses different types of IDS, including signature-based detection that identifies known attacks, and anomaly-based detection that identifies deviations from normal behavior but can result in high false positives. The document proposes a modular approach combining advantages of signature-based and anomaly-based detection for high detection rates and low false positives. Requirements for IDS in wireless networks are also outlined.
DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...IJNSA Journal
The continuously emerging, operationally and managerially independent, geographically distributed computer networks deployable in an evolutionarily manner have created greater challenges in securing them. Several research works and experiments have convinced the security expert that Network Intrusion Detection Systems (NIDS) or Network Intrusion Prevention Systems (NIPS) alone are not capable of securing the Computer Networks from internal and external threats completely. In this paper we present the design of Intrusion Collaborative System which is a combination of NIDS,NIPS, Honeypots, software tools like nmap, iptables etc. Our Design is tested against existing attacks based on Snort Rules and several customized DDOS , remote and guest attacks. Dynamic rules are generated during every unusual behavior that helps Intrusion Collaborative System to continuously learn about new attacks. Also a formal approach to deploy Live Intrusion Collaboration Systems based on System of Systems Concept is Proposed.
EFFICACY OF ATTACK DETECTION CAPABILITY OF IDPS BASED ON ITS DEPLOYMENT IN WI...IJNSA Journal
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks.
In this paper, we present a detailed study of how deployment of an IDPS plays a key role in its performance and the ability to detect and prevent known as well as unknown attacks. We categorize IDPS based on deployment as Network-based, host-based, and Perimeter-based and Hybrid. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level to give better performance in terms of reduced rate of false positives and accurate detection and prevention.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
As the Supervisory Control and Data Acquisition (SCADA) system are deployed in infrastructures which are critical to the survival of a nation, they have emerged as a potential terrain for cyber-war, thus attracting the considered attention of ‘nation-states’. The analysis of worms like ‘stuxnet’ ‘flame’ and ‘duqu’ reveals the hand of a ‘nation-state’ in their design and deployment. Hence, the necessity to understand various issues in the defence of SCADA systems arises. The forensics of the SCADA system provide deep insight into the design and deployment of the worm (the malware) once the system is attacked. This is precisely the scope of this essay.
This document describes a proposed artificial neural network based intrusion detection system. It uses a multilayer perceptron neural network architecture trained on the KDD Cup 99 intrusion detection dataset. The system monitors network traffic in real-time, extracts features from network packets, and classifies the traffic into six categories using the neural network. It is able to detect both known and unknown attacks. The system aims to improve upon traditional signature-based intrusion detection systems.
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Editor IJCATR
Among the various forms of malware attacks such as Denial of service, Sniffer, Buffer overflows are the most dreaded threats to computer networks. These attacks are known as botnet attacks and self-propagating in nature and act as an agent or user interface to control the computers which they attack. In the process of controlling a malware, Bot header(s) use a program to control remote systems through internet with the help of zombie systems. Botnets are collection of compromised computers (Bots) which are remotely controlled by its originator (Bot-Master) under a common Command-and-Control (C&C) structure. A server commands to the bot and botnet and receives the reports from the bot. The bots use Trojan horses and subsequently communicate with a central server using IRC. Botnet employs different techniques like Honeypot, communication protocols (e.g. HTTP and DNS) to intrude in new systems in different stages of their lifecycle. Therefore, identifying the botnets has become very challenging; because the botnets are upgrading their methods periodically for affecting the networks. Here, the focus on addressing the botnet detection problem in an Enterprise Network
This research introduces novel Solution to mitigate the malicious activities of Botnet attacks through the Principle of component analysis of each traffic data, measurement and countermeasure selection mechanism called Malware Hunter. This system is built on attack graph-based analytical models based on classification process and reconfigurable through update solutions to virtual network-based countermeasures.
Attacks and counterattacks on wireless sensor networksijasuc
WSN is formed by autonomous nodes with partial memory, communication range, power, and bandwidth.
Their occupation depends on inspecting corporal and environmental conditions and communing through a
system and performing data processing. The application field is vast, comprising military, ecology,
healthcare, home or commercial and require a highly secured communication. The paper analyses different
types of attacks and counterattacks and provides solutions for the WSN threats.
Clearswift was shortlisted for Best Healthcare & Wellbeing Strategy at the VIB Awards 2016. The company was one of the select few chosen to be considered for this award. Clearswift's strategy in healthcare and wellbeing was recognized for its quality.
Seminar Report - Network Intrusion Prevention by Configuring ACLs on the Rout...Disha Bedi
Base Paper presented by - Muhammad Naveed, Shams un Nihar and Mohammad Inayatullah Babar At 2010 6th International Conference on Emerging Technologies (ICET)
Students in second grade studied uneaten breakfasts thrown away and took many photos of the leftovers they found around the school. After collecting evidence of unfinished breakfasts, the students worked together to analyze the findings and propose solutions.
Catàleg ERA 2015-2016 : conferències i cursos per a centres culturalsSébastien Bauer
Catàleg de conferències i cursos per a centres culturals
La llum, de Zaratustra a Einstein
HumaniTICs, llegir humanitats a l'era digital
La Stoa, escola de felicitat
La república de Florència, 1115-1532
La independència dels Estats Units
La laïcitat, d'Averroès a Ferdinand Buisson
The document outlines the agenda for a two-day gathering in Nashville, Tennessee from July 13-14, 2012 called "Together Tennessee: Seizing Our Future". The agenda includes identifying the most pressing issues affecting Tennesseans, analyzing these issues in depth, discussing organizational resources and challenges, developing strategies and action steps to address the key issues, and planning next steps to strengthen community change efforts in Tennessee.
Working at clearswift - Employee benefits 2016Lizanne Young
This document discusses Clearswift's employee benefits and community involvement initiatives. It outlines the various health and wellness programs Clearswift offers its employees, such as free health checks, massages, fitness sessions and talks. It also describes how Clearswift supports employees' participation in sporting challenges through activities like boot camp sessions. Additionally, it mentions that Clearswift has a Giving Council that organizes fundraising events and volunteer activities to support local charities, and employees vote each year on the charities to support through these efforts.
This document describes the software requirements and specifications for building network intrusion detection and prevention systems using Snort and Iptables. It outlines the system requirements including the operating system, firewall, and servers needed. It then describes the key tools used - Snort for intrusion detection, BASE for analyzing Snort alerts, Wireshark for packet analysis, Iptables for firewall rules, and scripting for automation. Finally, it provides an overview of the web development tools used to create interfaces for managing rule sets.
1. Clinical manifestations of paediatric tuberculosis can be non-specific and tuberculosis is more difficult to diagnose in children compared to adults. Children are more likely to develop severe or disseminated disease if tuberculosis is undiagnosed or untreated.
2. Diagnosis of tuberculosis in a child is a sentinel event that requires contact investigation to be critical.
3. Congenital tuberculosis transmission from mother to child is rare but carries high risks of neonatal mortality and morbidity, so early diagnosis and treatment of infected newborns is important.
Network Intrusion Prevention by Configuring ACLs on the Routers, based on Sno...Disha Bedi
Base Paper presented by - Muhammad Naveed, Shams un Nihar and Mohammad Inayatullah Babar At 2010 6th International Conference on Emerging Technologies (ICET)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
This document summarizes a proposed network attack alerting system that aims to reduce the large number of alerts generated by intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack attacking tools on a virtual network lab environment. Well-known open source security tools on the Security Onion Linux distribution are used to generate alerts. The system defines rules to identify important alert types and stores alerts in a database. It aims to eliminate redundant alerts for the same attack by analyzing attributes like source/destination IP and port. Alert severity levels are defined using threshold counts and times to classify alerts and help administrators respond appropriately.
Computer networks connect devices through communication systems. Network security aims to protect information and allow authorized access. It involves authentication of users, monitoring network traffic for intrusions, and other strategies. Intrusion detection systems monitor for suspicious activity and notify administrators. There are different types of intrusion detection including network-based and host-based systems. Penetration testing evaluates security by simulating attacks. Cryptography also helps secure networks through techniques like public key encryption, hashing, and key exchange algorithms.
A CASE STUDY ON VARIOUS NETWORK SECURITY TOOLSKatie Robinson
Network security tools play an important role in cybersecurity. The document discusses various network security tools including vulnerability scanners like Nessus, packet sniffers like Wireshark, password crackers like John the Ripper, honeypots, and wireless security tools like NetStumbler. It provides an overview of the most popular tools, how they work, and what features they provide to enhance network security through activities like vulnerability detection, packet analysis, password cracking, and monitoring of network traffic. The top five tools discussed are Wireshark, Nessus, Snort, John the Ripper, and NetStumbler.
This document summarizes a research paper on developing a honey pot intrusion detection system. The paper introduces cyber warfare as a growing threat and the need for effective network security. It then describes designing and implementing a honey pot IDS to detect potential threats on a host system by emulating network services and monitoring connections. The IDS would use event correlation, log analysis, alerting and policy enforcement. The document provides background on intrusions, IDS testing methodology, and reasons why only creating secure systems is not enough to prevent all intrusions.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to exhaust the network resources, such as bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. One possible way to counter DDoS attacks is to trace the attack sources and punish the perpetrators. we propose a novel traceback method for DDoS using Honeypots. IP tracing through honeypot is a single packet tracing method and is more efficient than commonly used packet marking techniques.
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyber attacks at the network-level and the host-level in a timely and automatic manner. However, Traditional Intrusion Detection Systems (IDS), based on traditional machine learning methods, lacks reliability and accuracy. Instead of the traditional machine learning used in previous researches, we think deep learning has the potential to perform better in extracting features of massive data considering the massive cyber traffic in real life. Generally Mobile Ad Hoc Networks have given the low physical security for mobile devices, because of the properties such as node mobility, lack of centralized management and limited bandwidth. To tackle these security issues, traditional cryptography schemes can-not completely safeguard MANETs in terms of novel threats and vulnerabilities, thus by applying Deep learning methods techniques in IDS are capable of adapting the dynamic environments of MANETs and enables the system to make decisions on intrusion while continuing to learn about their mobile environment. An IDS in MANET is a sensoring mechanism that monitors nodes and network activities in order to detect malicious actions and malicious attempt performed by Intruders. Recently, multiple deep learning approaches have been proposed to enhance the performance of intrusion detection system. In this paper, we made a systematic comparison of three models, Inceprtion architecture convolutional neural network (Inception-CNN), Bidirectional long short-term memory (BLSTM) and deep belief network (DBN) on the deep learning-based intrusion detection systems, using the NSL-KDD dataset containing information about intrusion and regular network connections, the goal is to provide basic guidance on the choice of deep learning models in MANET.
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Network Intrusion Detection And Countermeasure Selection In Virtual Network (...ClaraZara1
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in detecting abnormal content in the traffic data during information passing from one node to another and also detects known attack signature and unknown attack. This approach is tested by running the artificial network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
The data that is stored on the computer may be confidential or
sensitive according to its applications or usage. The data must
be protected from unauthorized users. This paper analyses the
security attacks in a) stand-alone computers and b) in cloud
computing. A study of existing protective mechanisms is also
presented.
Network Attacks - (Information Assurance and Security)BS in Information Techn...SyvilMaeTapinit
Network attacks are unauthorized actions that target digital assets within an organizational network. There are two main types: passive attacks that involve monitoring networks to steal data without alterations, and active attacks that modify, encrypt, or damage data. Common network attacks include unauthorized access, distributed denial of service attacks, man-in-the-middle attacks, SQL injection attacks, privilege escalation, and insider threats. Organizations can help protect their networks through measures like network segmentation, regulating internet access, strategic security device placement, network address translation, traffic monitoring, and isolating different network components physically or logically.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Nowadays maintaining security in the networking domain is very important and essential since the network is hacked by the unauthorized people. There are various strategies and mechanism have been applied which provide the security to some extent. Most of these security mechanisms principles are similar to encryption and firewall. Even though this mechanism provides security, but these strategies are failed to detect the intrusions in which there is a need for development of new technology and it is known as Intrusion detection system. The Intrusion detection systems are used to identify the problems like unauthorized use, misuse and abuse of computer networking systems. Outside attackers are not only the problem, the threat of authorized users misusing and abusing their privileges is an equally pressing concern. Intrusion detection systems are used to analyze the event occurrence in a system with the goal to indicate security issues. An intrusion detection system display networked units and appears for anomalous or malicious conduct within the patterns of exercise within the audit stream.This paper studied the basic concepts of intrusion detection, its need, components and challenges.
The document provides an overview of cyber security concepts including definitions of cyber security, hackers, and types of cyber attacks such as web-based attacks, system-based attacks, and common attack methods like phishing, brute force attacks, and denial of service attacks. It also discusses cyber security defenses, tools, and strategies such as firewalls, antivirus software, intrusion detection systems, access controls, encryption, employee training, and security audits. Key terms like ports, IP addresses, port scanning, security operations centers (SOCs), zero-trust models, and ethical hacking are also defined.
Peripheral Review and Analysis of Internet Network SecurityIJRES Journal
This paper is on the exploration of Internet Network security. With the advent of the internet, security became a major concern for computer users, organizations and the Military. The internet structure itself allow for many security threats to occur. Knowing the attack methods, the architecture of the internet when modified can reduce the possible attacks that can be sent across the network. The internet can be secured by the means of VPN, IPSec, Anti‐Malware Software and scanners, Secure Socket Layer, intrusion‐detection, security management, firewalls and cryptography mechanisms. The essence of this research is to forecast the future of internet network security.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Analysis of Artificial Intelligence Techniques for Network Intrusion Detectio...IIJSRJournal
With the rapid advancement of computer technology during the last couple of decades. Computer systems are commonly used in manufacturing, corporate, as well as other aspects of human living. As a result, constructing dependable infrastructures is a major challenge for IT managers. On the contrary side, this same rapid advancement of technology has created numerous difficulties in building reliable networks which are challenging tasks. There seem to be numerous varieties of attacks that affect the accessibility, authenticity, as well as secrecy of communications systems. In this paper, an in-depth and all-inclusive description of artificial intelligence methods used for the detection of network intrusions is discussed in detail.
Similar to Detecting and Preventing Attacks Using Network Intrusion Detection Systems (20)
How to Handle the Separate Discount Account on Invoice in Odoo 17Celine George
In Odoo, separate discount account can be set up to accurately track and manage discounts applied on various transaction and ensure precise financial reporting and analysis
Split Shifts From Gantt View in the Odoo 17Celine George
Odoo allows users to split long shifts into multiple segments directly from the Gantt view.Each segment retains details of the original shift, such as employee assignment, start time, end time, and specific tasks or descriptions.
How to Create Sequence Numbers in Odoo 17Celine George
Sequence numbers are mainly used to identify or differentiate each record in a module. Sequences are customizable and can be configured in a specific pattern such as suffix, prefix or a particular numbering scheme. This slide will show how to create sequence numbers in odoo 17.
Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...Neny Isharyanti
Presented as a plenary session in iTELL 2024 in Salatiga on 4 July 2024.
The plenary focuses on understanding and intepreting relevant TPACK competence for teachers to be adept in teaching multimodality in the digital age. It juxtaposes the results of research on multimodality with its contextual implementation in the teaching of English subject in the Indonesian Emancipated Curriculum.
How to Store Data on the Odoo 17 WebsiteCeline George
Here we are going to discuss how to store data in Odoo 17 Website.
It includes defining a model with few fields in it. Add demo data into the model using data directory. Also using a controller, pass the values into the template while rendering it and display the values in the website.
How to Show Sample Data in Tree and Kanban View in Odoo 17Celine George
In Odoo 17, sample data serves as a valuable resource for users seeking to familiarize themselves with the functionalities and capabilities of the software prior to integrating their own information. In this slide we are going to discuss about how to show sample data to a tree view and a kanban view.
How to Configure Time Off Types in Odoo 17Celine George
Now we can take look into how to configure time off types in odoo 17 through this slide. Time-off types are used to grant or request different types of leave. Only then the authorities will have a clear view or a clear understanding of what kind of leave the employee is taking.
(T.L.E.) Agriculture: Essentials of GardeningMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏.𝟎)-𝐅𝐢𝐧𝐚𝐥𝐬
Lesson Outcome:
-Students will understand the basics of gardening, including the importance of soil, water, and sunlight for plant growth. They will learn to identify and use essential gardening tools, plant seeds, and seedlings properly, and manage common garden pests using eco-friendly methods.
No, it's not a robot: prompt writing for investigative journalismPaul Bradshaw
How to use generative AI tools like ChatGPT and Gemini to generate story ideas for investigations, identify potential sources, and help with coding and writing.
A talk from the Centre for Investigative Journalism Summer School, July 2024
Detecting and Preventing Attacks Using Network Intrusion Detection Systems
1. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 49
Detecting and preventing attacks using network intrusion
detection systems
MeeraGandhi meera.gandhi@gmail.com
Department of Computer Science and Engg.,
ResearchScholar,
SathyabamaUniversity,
S.K.Srivatsa profsks@hotmail.com
Professor, ICE, St.Joseph’s College of Engg., Chennai,
Abstract
Intrusion detection is an important technology in business sector as well as an
active area of research. It is an important tool for information security. A Network
Intrusion Detection System is used to monitor networks for attacks or intrusions
and report these intrusions to the administrator in order to take evasive action.
Today computers are part of networked; distributed systems that may span
multiple buildings sometimes located thousands of miles apart. The network of
such a system is a pathway for communication between the computers in the
distributed system. The network is also a pathway for intrusion. This system is
designed to detect and combat some common attacks on network systems. It
follows the signature based IDs methodology for ascertaining attacks. A
signature based IDS will monitor packets on the network and compare them
against a database of signatures or attributes from known malicious threats. It
has been implemented in VC++. In this system the attack log displays the list of
attacks to the administrator for evasive action. This system works as an alert
device in the event of attacks directed towards an entire network.
Key words: intruders, information security, real time IDS, attacks, signature
1. INTRODUCTION
With the development of network technologies and applications, network attacks are greatly
increasing both in number and severity. As a key technique in network security domain, Intrusion
Detection System (IDS) plays vital role of detecting various kinds of attacks and secures the
networks. Main purpose of IDS is to find out intrusions among normal audit data and this can be
considered as classification problem. Intrusion detection systems (IDS) are an effective security
technology, which can detect, prevent and possibly react to the attack. It performs monitoring of
target sources of activities, such as audit and network traffic data in computer or network
systems, requiring security measures, and employs various techniques for providing security
services. With the tremendous growth of network-based services and sensitive information on
networks, network security is becoming more and more important than ever before.
Symantec in a recent report [1] uncovered that the number of fishing attacks targeted at stealing
confidential information such as credit card numbers, passwords, and other financial information
are on the rise, going from 9 million attacks in June2004 to over 33 millions in less than a year
.One solution to this is the use of network intrusion detection systems (NIDS) [2], that detect
2. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 50
attacks by observing various network activities. It is therefore crucial that such systems are
accurate in identifying attacks, quick to train and generate as few false positives as possible.
This paper presents the scope and status of our research in misuse detection [2, 3]. Experimental
results have demonstrated that this model is much more efficient in the detection of network
intrusions, compared with network based techniques. Section 2 describes an overview of
frequently occurring network attacks and discusses related research done so far, also presents
the experimental results. Finally, section 3 provides the concluding remarks and future scope of
the work. Section 4 briefs the references.
2. NETWORKING ATTACKS
A Network Intrusion Detection System is used to monitor networks for attacks or intrusions[5,6]
and report these intrusions to the administrator in order to take evasive action. A large NIDS
server can be set up on a backbone network, to monitor all traffic; or smaller systems can be set
up to monitor traffic for a particular server, switch, gateway, or router. It has been shown in fig. 1.
Intrusion detection is needed in today’s computing environment because it is impossible to keep
pace with the current and potential threats and vulnerabilities in our computing systems. The
environment is constantly evolving and changing field by new technology and the Internet.
Intrusion detection products are tools to assist in managing threats and vulnerabilities in this
changing environment. Threats are people or groups who have the potential to compromise your
computer system. These may be a curious teenager, a disgruntled employee, or espionage from
a rival company or a foreign government [4].
Attacks on network computer system could be devastating and affect networks and corporate
establishments. We need to curb these attacks and Intrusion Detection System helps to identify
the intrusions. Without an NIDS, to monitor any network activity, possibly resulting in irreparable
damage to an organization’s network
FIGURE 1: Computer network with Intrusion Detection Systems
Intrusion attacks [7, 8, and 9] are those in which an attacker enters your network to read,
damage, and/or steal your data. These attacks can be divided into two subcategories: pre
intrusion activities and intrusions.
4. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 52
2.1 Pre intrusion activities
Pre intrusion activities are used to prepare for intruding into a network. These include port
scanning to find a way to get into the network and IP spoofing to disguise the identity of the
attacker or intruder.
• Port scans: A program used by hackers to probe a system remotely and determine what
TCP/UPD ports are open (and vulnerable to attack) is called a scanner. A scanner can
find a vulnerable computer on the Internet, discover what services are running on the
machine, and then find the weaknesses in those services. There are 65,535 TCP ports
and an equal number of UDP ports. Stealth scanners use what is called an IP half scan,
sending only initial or final packets instead of establishing a connection, to avoid
detection.
• IP spoofing: This is a means of changing the information in the headers of a packet to
forge the source IP address. Spoofing is used to impersonate a different machine from
the one that actually sent the data. This can be done to avoid detection and/or to target
the machine to which the spoofed address belongs. By spoofing an address that is a
trusted port, the attacker can get packets through a firewall.
Various intrusions into the network are given as follows:
• Source routing attack: This is a protocol exploit that is used by hackers to reach private
IP addresses on an internal network by routing traffic through another machine that can
be reached from both the Internet and the local network [7, 8]. TCP/IP to allow those
sending network data to route the packets through a specific network point for better
performance supports source routing. Administrators to map their networks or to
troubleshoot routing problems also use it.
• Trojan attacks: Trojans are programs that masquerade as something else and allow
hackers to take control of your machine, browse your drives, upload or download data,
etc. For example, in 1999, a Trojan program file called Picture.exe was designed to
collect personal data from the hard disk of an infiltrated computer and send it to a specific
e-mail address. So-called Trojan ports are popular avenues of attack for these programs.
• Registry attack: In this type of attack, a remote user connects to a Windows machine’s
registry and changes the registry settings. To prevent such an attack, configure
permissions so that the every one group does not have access.
• Password hijacking attacks: The easiest way to gain unauthorized access to a
protected system is to find a legitimate password. This can be done via social
engineering (getting authorized users to divulge their passwords via persuasion,
intimidation, or trickery) or using brute force method.
2.2 System Description
2.2.1 Packet Sniffer
This module involves capturing all traffic passing through the network. The sniffer will be installed
on the end system in a network on which the traffic has to be captured. The sniffer[10] captures
all network traffic by operating the network adapter in promiscuous mode.
2.2.2 Determination of attack signatures
Attack Signatures [13, 14] refers to the pattern of attack traffic. Signatures are modeled based on
the packet header pattern a particular attack follows. It involves a count of packets from a
particular target or a particular source or destination port or it may even be modeled with the help
of other details in the packet such as header size, Time to Live (TTL), flag bits, protocol.
5. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 53
2.2.3 Identification of attacks
This involves extracting useful information from captured local traffic such as source and
destination IP addresses, protocol type, header length, source and destination ports etc and
compare these details with modeled attack signatures to determine if an attack has occurred.
2.2.4 Reporting attack details
This involves reporting the attack to the administrator so that he may take evasive action.
Reporting involves specifying attack details such as source and victim IP addresses, time stamp
of attack and more importantly the type of attack.
2.3 Experimental Results
2.3.1 Signature based intrusion detection
Signature-based IDSs operate analogously to virus scanners, i.e. by searching a database of
signatures for a known identity – or signature – for each specific intrusion event. In signature-
based IDSs, monitored events are matched against a database of attack signatures to detect
intrusions.
FIGURE 2: IDS in Promiscuous mode
Signature-based IDS [15] are unable to detect unknown and emerging attacks since signature
database has to be manually revised for each new type of intrusion that is discovered.
In addition, once a new attack is discovered and its signature is developed, often there is a
substantial latency in its deployment across networks [13]. The most well known signature-based
6. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 54
IDS include SNORT [14], Network Flight Recorder [16], NetRanger [17], RealSecure [18],
Computer Misuse Detection System (CMDS™) [20], NetProwler [21], Haystack [22] and MuSig
(Misuse Signatures) [23].
This system follows the signature based IDs methodology for ascertaining attacks. A signature
based IDS will monitor packets on the network and compare them against a database of
signatures [19] or attributes from known malicious threats.
Most intrusion IDS are signature based. This means that they operate in much the same way as a
virus scanner, by searching for a known attack or signature for each specific intrusion event. And,
while signature-based IDS is very efficient at sniffing out known attack, it does, like anti-virus
software, depend on receiving regular signature updates, to keep in touch with variations in
hacker technique.
Because signature based IDS can only ever be as good as the extent of the signature database,
two further problems immediately arise. Firstly, it is easy to fool signature-based solutions by
changing the ways in which an attack is made. This technique simply skirts around the signature
database stored in the IDS, giving the hacker an ideal opportunity to gain access to the network.
This can be overcome by using defense in depth technique.
Secondly, the more advanced the signature database, the higher the CPU load for the system
charged with analyzing each signature. Inevitably, this means that beyond the maximum
bandwidth packets may be dropped. We have overcome these problems in our IDS system by
using capture drivers that support network of up to 1 GBPS (Giga bits per second).
Network Traffic
FIGURE 3. – Implementation Architecture
2.3.2 Packet sniffing and promiscuous mode
Packet sniffers generally require that a network interface is in promiscuous mode. The packet
sniffer normally requires administrative privileges on the machine being used as a packet sniffer,
Comparison of
packets with attack
signatures
Reporting attacks to
the user through GUI
Raw packet data
Analyzer
Packet sniffer/probe
Known
attack
signatures
7. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 55
so that the hardware of the network card can be manipulated to be in promiscuous mode is given
in Figure 2.
This system uses a network probe to capture raw packet data and then we use this raw packet
data to retrieve packet information such as source and destination IP address, source and
destination ports, flags, header length, checksum, Time to Live (TTL) and protocol type. We then
use this data and compare it with known attack signatures to identify threats to the network,
shown in figure 3.The experimental results have been shown through screen shots in the figure 4
and 5
2.3.3 Attacks captured by software
IGMP KOD
An IGMP based denial-of-service attack that depletes the stack's large envelopes and also has
source IP address spoofing. KOD (Kiss of Death) is a denial-of-service attack, which results in
"Blue Screen" error message (so called "blue screen of death") or instantaneous reboot of
computer. KOD send to victim's computer malformed IGMP (Internet Group Management
Protocol) packets causing TCP/IP stacks to fail.
FIGURE 4: Screen shots 1
8. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 56
FIGURE 5: Screen shots 2.
DOS attack
In computer security, a denial-of-service attack (DOS) is an attempt to make a computer resource
unavailable to its intended users. Typically the targets are high-profile web servers, and the attack
attempts to make the hosted web pages unavailable on the internet. It is a computer crime that
violates the Internet proper use policy as indicated by the internet Architecture Board (IAB).
DOS attacks have two general forms:
i) Force the victim computer(s) to reset or consume its resources such that it can no longer
provide its intended service.
ii) Obstruct the communication media between the intended users and the victim so that
they can no longer communicate adequately.
A denial-of-service attack is characterized by an explicit attempt by attackers to prevent legitimate
users of a service from using that service. Examples include:
flooding a network, thereby preventing legitimate network traffic;
Disrupting service to a specific system or person.
9. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 57
Attacks can be directed at any network device, including attacks on routing devices and
web, electronic mail, or Domain Name System Servers.
Consumption of computational resources, such as bandwidth, disk space, or CPU time
DOS conseal
Vulnerability exists in the conseal firewall product that causes the vulnerable system to reboot or
lock up when a large number of spoofed UDP packets are received by the firewall. The way this
attack kills the machine happens in 2 ways
• If Conseal is set for "learning" mode the flooding packets from all the different IPs and
ports will cause the program to continuously attempt to write more and more new rules. This
eventually uses up all the resources and results in a freeze and eventually a reboot.
• If Conseal is set to log attacks, once again because of the number of packets the system
resources are eaten up and the machine dies.
DOS bloop
It is a denial Of Service attack that sends random spoofed ICMP packets. ICMP flooding is
probably the most common type of Denial of Service attack, since nearly all websites reply to
ICMP packets, its easy to use ICMP flooding to shut them down. The result of the attack is
freezes the users machine or a CPU usage will rise to extreme lag potential.
ICMP flooding works by sending a lot of ICMP packets to the target machine, for each packet
sent the remote computer has to reply to each one, meaning it would exhaust the machines
bandwidth so a legitimate user could not access the server. ICMP packets are better known as
“Pings”, they are used to see if a remote computer is online.
NMAP
NMAP was the source of strange new scan patterns started being detected by the SHADOW ID
Systems located throughout the Internet. This scan’s signature is characterized by SYN packets
sent to apparently random destination ports over some discreet range of values. At the end of
these scans we typically see several packets to high numbered TCP and UDP ports, followed by
a small number of packets to a common destination port. The two basic scan types used most in
NMAP [8,9] are TCP connect () scanning and SYN scanning also known as half-open, or stealth
scanning.
DNS solinger
Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS)
protocols that provides an openly re-distributable reference implementation of the major
components of the Domain Name System. BIND SOLINGER vulnerability could allow remote
attackers to hang the service for periods up to 120 seconds by initiating abnormal TCP
connections to the daemon. In some systems, it is possible to set the system wide solinger
timeout to a lower value, however this may have unexpected consequences with other
applications.
2.4 Testing tool
We have used Karalon traffic IQ professional [11, 24] for testing our software with intrusion
attacks. Traffic IQ Professional provides a unique industry approved software solution for auditing
and testing the recognition and response capabilities of Intrusion detection systems.
Features include
• Traffic Replay
• Traffic scan list
• Reporting
• Traffic file editor
• Command prompt
10. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 58
• Traffic library
3. CONCLUSION
We have successfully created a network based intrusion detection system with signature IDS
methodology. It successfully captures packets transmitted over the entire network by
promiscuous mode of operation and compares the traffic with crafted attack signatures. The
attack log displays the list of attacks to the administrator for evasive action. This system works as
an alert device in the event of attacks directed towards an entire network It has functionality to run
in the background and monitor the network.
It also incorporates functionality to detect installed adapters on the system, selecting adapter for
capture, pause capture and clearing captured data is shown in the screen shots. It may be
incorporated with further signatures for attacks. This system could be used as a stand alone for
providing attack alerts to the administrator or it can be used as a base system for developing a
network intrusion prevention system. The types of attacks share the characteristic that upon their
initiation and while they are in progress, Global attack and of distributed intrusion detection processes
produce sufficient network traffic (e.g. port scanning) so that local detectors can find sufficient evidence of
the attack and report the attacks.
4. REFERENCES
[1] "Symantec-Internet Security threat report highlights (Symantec.com)",
http://www.prdomain.com/companies/Symantec/newrelea
ses/Symantec_internet_205032.htm
[2] Symantec Security Response, W32.ExploreZip.L.Worm,
http://securityresponse.symantec.com/avcenter/venc/data/w32.explorezip.l.worm.html ,
January 2003.
[3] Komninos T., Spirakis P.: Dare the Intruders, Ellinika Grammata and CTI Press (2003).
[4] E. Biermann, E.Cloete, L.M. Venter, A comparison of Intrusion detection systems, Computers
and
Security, 20(2001)8, 676–683.
[5] P. Ning and D. Xu. Hypothesizing and reasoning about attacks missed by intrusion detection
systems.
ACM Transactions on Information and System Security, 7(4):591– 627, November 2004
[6] Herringshaw, C. (1997) ‘Detecting attacks on networks’, IEEE Computer Society Vol.30,
pp.16 – 17.
[7] International Standard IS0 7498.2, Information processing system - Open system
interconnection –
Basic reference model, PaR 2: Security architecture, 1989.
[8 ] D. Oollmann, Cornpuler Security, John Wiley & Sons, 1999.
11. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 59
[9] R.G. Bace, Intrusion Detection. Macmillan Technical Publishing, 2000
[10] http://www.winpcap.org/ - Obtained drivers for packet capture with wpcap.dll and packet.dll
driver.
[11] http://www.karalon.com - Obtained Karalon IQ professional tool for testing our network
intrusion
detection system.
[12] http://www.securityfocus.com – White papers for intrusion detection techniques and
methodologies.
[13] R. Lippmann, The Role of Network Intrusion Detection, In Proceedings of the Workshop on
Network
Intrusion Detection, H.E.A.T. Center, Aberdeen, MD, March 19-20, 2002.
[14] SNORT Intrusion Detection System, www.snort.org, 2004.
[15] Snort-Wireless Intrusion Detection, http://snort-wireless.org, 2003.]
[16] NFR Network Intrusion Detection, http://www.nfr.com/products/NID/, 2001.
[17] Cisco Systems, Inc., NetRanger-Enterprise-scale, Real-time, Network Intrusion Detection
System,
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/netrangr/, 1998.
[18] Internet Security Systems, Inc., RealSecure, http://www.iss.net/prod/rsds.html, 1997.
[19] Intrusion.com, Intrusion SecureHost, white paper available at:
www.intrusion.com/products/hids.asp ,
2003.
[20] J. Van Ryan, SAIC's Center for Information Security, Technology Releases CMDS Version
3.5,
http://www.saic.com/news/may98/news05-15-98.html, 1998.
[21] N. Weaver, V. Paxson, S. Staniford and R. Cunningham, A Taxonomy of Computer Worms,
In
Proceedings of the The Workshop on Rapid Malcode (WORM 2003), held in conjunction
with the
10th ACM Conference on Computer and Communications Security, Washington, DC,
October
27, 2003.
[22] Wheel Group Corporation, Cisco Secure Intrusion Detection System,
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/index.htm , 2004
[23] Patwardhan, A. Parker, J., Joshi,A., Karygiannis, A., and Iorga,M. “Secure Routing and
Intrusion
Detection in Ad Hoc Networks”, Third IEEE International Conference on Pervasive
Computing and
Communications, Kauai Island, Hawaii, 2005.
12. Meera Gandhi, S.K.Srivatsa
International Journal of Computer Science and Security, Volume (2) : Issue (1) 60
[24] Komninos T, Spirakis P., Stamatiou et.al..: A Software Tool for Distributed Intrusion Detection
in
Computer Networks (Helena) (Best Poster presentation in PODC 2004).