Intrusion Detection System Management Research Articles

Designing framework to secure data using K Means clustering based outlier Detection (KCOD) algorithm

The objective of the research work is to propose an intrusion detection system in a cloud environment using K-Means clustering-based outlier detection. In the open access and dispersed cloud architecture, the main problem is security and confidentiality because these are easily susceptible to intruders. Intrusion Detection System (IDS) is a commonly used method to identify the various attacks on the cloud which is easy to access from a remote area. The existing process can’t provide the data to transmit securely. This work describes and notifies the modernly established IDS and alarm management methods by giving probable responses to notice and inhibit the intrusions in the cloud computing environment and to overcome the security and privacy issue. Proposed K-means Clustering based Outlier Detection (KmCOD) is used to detect the intruders and efficiently secure the data from malicious activity, where it is formulated respectively to increase the trustworthiness of the system by using applying intrusion detection techniques to virtual machines thus keeping the system safe and free from intrusion also provides system reliability. The parametric measures such as the detection rate, trace preprocessing, and correctly identified and incorrectly identified malicious activity are chosen. The performance analysis shows the accuracy of outlier detection as 81%, detection rate achieves 76%, packet arrival rate reaches 79%, pre-processing trace achieves 74%, and malicious activity rate of 21%.

A CONTROL NODE FOR INTRUSION DETECTION SYSTEMS MANAGEMENT

Currently, several systems for Intrusion Detection System (IDS) management exist, however they are suffering from numerous downfalls; the fact they mostly focus on the visualization of gathered data and not on the management itself (which is, in fact, the critical part) being the main one. The goal of this work is to develop a solution for IDS management that would simplify the usage and provide greater efficiency when detecting intrusions, thus providing the overall improvement of the system security. This article concerns about the analysis of current IDS solutions and their management tools, the architecture of our solution and the evaluation of the solution based on this architecture. The expected results improve the efficiency of an IDS system and also of the whole system security itself.

Traffic flooding attack detection with SNMP MIB using SVM

Recently, as network flooding attacks such as DoS/DDoS and Internet Worm have posed devastating threats to network services, rapid detection and proper response mechanisms are the major concern for secure and reliable network services. However, most of the current Intrusion Detection Systems (IDSs) focus on detail analysis of packet data, which results in late detection and a high system burden to cope with high-speed network traffic. Little or no integration exists between IDS and SNMP-based network management, in spite of the extensive monitoring and statistical information provided by SNMP agents implemented on network devices and systems. In this paper we propose a lightweight and fast detection mechanism for traffic flooding attacks. Firstly, we use SNMP MIB statistical data gathered from SNMP agents, instead of raw packet data from network links. The involved SNMP MIB variables are selected by an effective feature selection mechanism and gathered effectively by the MIB update time prediction mechanism. Secondly, we use a machine learning approach based on a Support Vector Machine (SVM) for attack classification. Using MIB and SVM, we achieved fast detection with high accuracy, the minimization of the system burden, and extendibility for system deployment. The proposed mechanism is constructed in a hierarchical structure, which first distinguishes attack traffic from normal traffic and then determines the type of attacks in detail. Using MIB datasets collected from real experiments involving a DDoS attack, we validate the possibility of our approaches. It is shown that network attacks are detected with high efficiency, and classified with low false alarms.

Cost effective management frameworks for intrusion detection systems

This paper discusses the financial benefit of intrusion detection systems (IDS) deployment techniques and addresses the problems of bridging the gap between technical security solutions and the business need for it. This is an area of interest to both the research and the business community; most IDSes balance host and network monitoring, but the decision about how to adjust usage of each technique tends to be made in a rather ad-hoc way, or based upon effectiveness of detection only without regard to cost of technique. In practice, selections based on how well a strategy helps a company to perform are preferable and methodologies supporting a selection process of this type will assist an Information Technology officer to explain security mechanism selections more effectively to CEOs. In this context, the approach we propose could be applied when choosing one intrusion detection system over another based on which has a better or higher return on investment for the company.Through a case study, we illustrate the benefits of a better IDS management that leads to a positive Return on Investment (ROI) for IDS deployment. We conceive strategies and approaches to support effective decision-making about which techniques are appropriate for the cost effective management of the IDS in a given environment. It is our intent that this research will serve as a foundation for the formal description of cost structures, analysis, and selection of effective implementation approaches to support the management of IDS deployments.