Abstract
In this paper, an application-based intrusion detection and prevention (ID/IP) system coupled with data mining and mobile agent technologies is introduced. Under this approach, the ID/IP system consists of a core engine with data sensor, detector, configuration device and alert and response device as its main components. The data sensors posting as designated agents are to gather information from their respective sources in real time. The information gathered by the respective agent is fed into the detector where correlation methods and data mining techniques are employed to analyze and identify any intrusive activity or event. Since information is gathered from various sources by the respective agent, different type of profiles representing normal behavior such as network traffic, users, systems, applications, transactions, alarms and alerts can be built, and deviation from these profiles are considered to be intrusion. A rating model is then used to evaluate the intrusive activities. When an intrusion or attack is detected by the detector and evaluated to have a rating below the threshold value, the configuration device changes the status of the ID/IP system to alert mode and signal the alert and response device to take the necessary actions. Subsequently, mobile response agents are used to carry out response mechanisms at the target and the source
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
