A Novel Intelligent Intrusion Detection, Decision, Response System.
ABSTRACT This paper proposed a novel intelligent intrusion detection, decision, response system with fuzzy theory. This system utilized the two essential informations: times and time, of the failed login to decide automatically whether this login is a misuse user as alike as experienced system/security administrators. The database of this system isn't preestablished before working but is built and updated automatically during working. And this system is not only notification system but gives the exact and rapid decision and response to a misuse.
- SourceAvailable from: Fakhri Karray
Conference Paper: TCP/IP Model and Intrusion Detection Systems.[Show abstract] [Hide abstract]
ABSTRACT: To accommodate the information security growth and hacker's improved strategies and tools, intrusion detection systems (IDSs) are required to be allocated across the network. Furthermore, previous studies showed that the choice of network features used for the IDS is dependent on the type of the attack. Accordingly, each TCP/IP network layer has specific type of network attacks, which means that each TCP/IP network layer needs a specific type of IDS. This paper proposes a new categorization for IDS depending on the TCP/IP network model: application layer IDS (AIDS), transport layer IDS (TIDS), network layer IDS (NIDS) and link layer IDS (LIDS). Each of these IDS types is specialized to a specific network device. So, the detection process will be distributed among all TCP/IP network model layers through the network devices. To design each of these different types of IDS, several experiments have been conducted using two different features selection approaches to select the appropriate features set for each IDS type. The experimental results indicate that each IDS type has different features set that can not only improve the overall performance of the IDS, but it also can improve its scalability.23rd International Conference on Advanced Information Networking and Applications, AINA 2009, Workshops Proceedings, Bradford, United Kingdom, May 26-29, 2009; 01/2009
- [Show abstract] [Hide abstract]
ABSTRACT: This paper deals with a combination of work in the fields of artificial intelligence and computer security. It describes a decision model based on a new genetic algorithm approach for intrusion response system (NGAA-IRS). A brief survey of intrusion detection and response system (IDRS), genetic algorithm (GA), and its application to IDRS are presented. Then, the proposed model, parameters and evolution process for GA are discussed in details. The model is characterized by a new implementation of individual structure based on a matrix of response-resource entries and a fitness function based on cost benefit approach for selecting the appropriate solution. These features are specific to NGAA-IRS model and do not be used in other implementations beforehand.Computers and Communications, 2009. ISCC 2009. IEEE Symposium on; 08/2009
Conference Paper: Collaborative architecture for distributed intrusion detection system[Show abstract] [Hide abstract]
ABSTRACT: Due to the rapid growth of network technologies and substantial improvement in attack tools and techniques, a distributed intrusion detection system (dIDS) is required to allocate multiple IDSs across a network to monitor security events and to collect data. However, dIDS architectures suffer from many limitations such as the lack of a central analyzer and a heavy network load. In this paper, we propose a new architecture for dIDS, called a collaborative architecture for dIDS (C-dIDS), to overcome these limitations. The C-dIDS contains one-level hierarchy dIDS with a non-central analyzer. To make the detection decision for a specific IDS module in the system, this IDS module needs to collaborate with the IDS in the lower level of the hierarchy. Cooperating with lower level IDS module improves the system accuracy with less network load (just one bit of information). Moreover, by using one hierarchy level, there is no central management and processing of data so there is no chance for a single point of failure. We have examined the feasibility of our dIDS architecture by conducting several experiments using the DARPA dataset. The experimental results indicate that the proposed architecture can deliver satisfactory system performance with less network load.Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on; 08/2009