Host Intrusion Detection System Research Articles

Finding a new approach to SIEM to suit the SME environment

While compliance requirements drive many small and medium businesses to Security Information and Event Management (SIEM) products, the complexity of traditional SIEM may frustrate many SMEs. SMEs invariably lack the large security staff (who are typically found in larger enterprises) needed for deployment, configuration, monitoring and reporting of SIEM solutions. And you need to add to that the fact that it's often not just a SIEM that is needed to meet compliance requirements – asset detection and inventory, intrusion detection systems (IDS), host IDS, file integrity monitoring and vulnerability scanning are also necessary. While compliance requirements drive many small and medium businesses to Security Information and Event Management (SIEM) products, the complexity of traditional SIEM may frustrate many SMEs. Patrick Bedwell of AlienVault looks at the technical underpinnings of SIEM and log management, highlighting the problems with traditional SIEM for SMEs, and explaining how unified security management can provide the security and compliance capabilities SMEs need, while keeping in mind the significant budgetary and resource constraints typical of these smaller organisations.

SOM and PSO Based Alerts Clustering in Intrusion Detection System

With the growing deployment of host and network intrusion detection systems (IDSs), thousands of alerts are generally generated from them per day. Managing these alerts becomes critically important. In this paper, a hybrid alert clustering method based on self-Organizing maps (SOM) and particle swarm optimization (PSO) is presented. We firstly select the important features through binary particle swarm optimization (BPSO) and mutual information (MI) and get a dimension reduced dataset. SOM is used to cluster the dataset. PSO is used to evolve the weights for SOM to improve the clustering result. The algorithm is based on a type of unsupervised machine learning algorithm that infers relationships from data without the need to train the algorithm with expertly labelled data. The approach is validated using the 2000 DARPA intrusion detection datasets and comparative results between the canonical SOM and our scheme are presented.

IDS in Telecommunication Network using PCA

Data Security has become a very serious part of any organizational information system. Internet threats have become more intelligent so it can deceive the basic security solutions such as firewalls and antivirus scanners. To enhance the overall security of the network an additional security layer such as intrusion detection system (IDS) has to be added. The anomaly detection IDS is a type of IDS that can differentiate between normal and abnormal in the data monitored. This paper proposes two types of IDS, one of them can be used as a network intrusion detection system (NIDS) with overall success (0.9161) and high detection rate (0.9288) and the other type can also be used as a host intrusion detection system (HIDS) with overall success (0.8493) and very high detection rate (0.9628) using NSL-KDD data set.

A Review on Hybrid Intrusion Detection System using Artificial Immune System Approaches

With the growing advances in the technology the uses of computer systems and the internet is also growing at a rapid rate, and with the increase in their usage vulnerabilities and threats are also increasing tremendously. A large number of approaches have been proposed till now for improving the security of a host system and a network. One of the proposed approach is an Intrusion Detection System (IDS). An IDS works for a system is referred as Host IDS and the one that works for a network is referred as Network IDS. But their functionality is specific to particular host and a network, one does not work as an alternative to another. Thus, an IDS is needed that overcomes the drawbacks of both the systems and combines their advantages to form a Hybrid Intrusion Detection System. An Hybrid IDS captures both host and network data and thereby apply an analysis approach. In order to make these systems robust and effective biologically inspired Artificial Immune System (AIS) approaches can be used that makes the system flexible enough to work in every scenario. This paper provides a review of various IDS and application of various AIS approaches to them.