A study on network security monitoring for the hybrid classification-based intrusion prevention systems

Abstract

The current state of network security has reached alarming levels of intrusions because of newer types of complex attacks. The network security landscape demands better network monitoring tools and processes to cope with these threats. Intrusion prevention systems (IPSs) are among the tools that provide a proactive approach to monitoring, analysing and mitigating ongoing attacks. Although IPSs are a valuable and needed asset for protection, their success is based on how well their intrusion detection and false positive rates are. In this work, we present a modern reliable, scalable and robust framework, which uses a classification-based hybrid IPS that can manage the processing of authentication logs from different IPSs in the network. Also, it provides the means to intervene in real time, mitigating ongoing attacks. Moreover, we show various scenarios emulated in Dockemu, which provides a smoother way for attack implementation in a controlled environment.