An overview to Software Architecture in Intrusion Detection System

International Journal of Soft Computing and Software Engineering 05/2012; 1(1). DOI: 10.7321/jscse.v1.n1.1
Source: arXiv


Network intrusion detection systems provide proactive defense against
security threats by detecting and blocking attack-related traffic. This task
can be highly complex, and therefore, software based network intrusion
detection systems have difficulty in handling high speed links. This paper
reviews of many type of software architecture in intrusion detection systems
and describes the design and implementation of a high-performance network
intrusion detection system that combines the use of software-based network
intrusion detection sensors and a network processor board. The network
processor acts as a customized load balancing splitter that cooperates with a
set of modified content-based network intrusion detection sensors in processing
network traffic.

Full-text preview

Available from:
  • Source

    Preview · Article · May 2012
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The evolution of network services is closely connected to the understanding and modeling of their corresponding traffic. The obtained conclusions are related to a wide range of applications, like the design of the transfer lines‟ capacity, the scalar taxing of customers, the security violations and the spotting of errors and anomalies. Intrusion Detection Systems (IDS) monitor and analyze the events in traffic, to locate indications for potential intrusion and integrity violation attacks, resulting in the violation of trust and availability of information resources. They act in a complimentary mode with the existing security infrastructure, aiming in the early warning of the administrator, offering him details that will let him reach proper decisions and correction actions. This paper proposes a network-based online system, which uses minimum computational power to analyze only the basic characteristics of network flow, so as to spot the existence and the type of a potential network anomaly. It is a Hybrid Machine Learning Anomaly Detection System (HMLADS), which employs classification performed by Evolving Spiking Neural Networks (eSNN), in order to properly label a Potential Anomaly (PAN) in the net. On the other hand it uses a Multi-Layer Feed Forward (MLFF) ANN to classify the exact type of the intrusion.
    Full-text · Conference Paper · Dec 2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: In recent times Massive Multiplayer Online Game has appeared as a computer game that enables hundreds of players from all parts of the world to interact in a game world (common platform) at the same time instance. Current architecture used for MMOGs based on the classic tightly coupled distributed system. While, MMOGs are getting more interactive same time number of interacting users is increasing, classic implementation architecture may raise scalability and interdependence issues. This requires a loosely coupled service oriented architecture to support evolution in MMOG application. Data flow architecture, Event driven architecture and client server architecture are basic date orchestration approaches used by any service oriented architecture. Real time service is hottest issue for service oriented architecture. The basic requirement of any real time service oriented architecture is to ensure the quality of service. In this paper we have proposed a service oriented architecture for massive multiplayer online game and a specific middleware (based on open source DDS) in MMOGs for fulfilling real time constraints.
    Preview · Article · Jan 2014
Show more