New Approach for Detecting Intrusions
نویسندگان
چکیده
This paper describes how multi-agent systems can help to solve a complex problem such as security and more precisely intrusion detection. Intrusion Detection System (I.D.S) is a component of the security infrastructure designed to detect violations of security policy. Most of the intrusions can be localized either by considering of models "pattern" of user activities (non-behavioral approach) or by considering the audit log (behavioral approach). False positives and false negatives are considered as the major disadvantages of these approaches. We consider that good I.D.S should respond to the characteristics of intelligent agents such as autonomy, distribution and
منابع مشابه
Retroactive auditing Citation
Retroactive auditing is a new approach for detecting past intrusions and vulnerability exploits based on security patches. It works by spawning two copies of the code that was patched, one with and one without the patch, and running both of them on the same inputs observed during the system’s original execution. If the resulting outputs differ, an alarm is raised, since the input may have trigg...
متن کاملA New Clustering Approach for Anomaly Intrusion Detection
Recent advances in technology have made our work easier compare to earlier times. Computer network is growing day by day but while discussing about the security of computers and networks it has always been a major concerns for organizations varying from smaller to larger enterprises. It is true that organizations are aware of the possible threats and attacks so they always prepare for the safer...
متن کاملA Rule-based Approach for Port Scanning Detection
Intrusion detection has been performed at network and host level for detecting various attacks. Port scanning could be classified as one of the network intrusions. This paper presents a method for detecting port scanning attacks using rule-based state diagram techniques. A set of rules corresponding with the appropriate thresholds was designed for intrusion decision. Experiment results under re...
متن کاملHybrid Intrusion Detection Architecture for Cloud Environment
The Cloud computing system can be easily threatened by various attacks, because most of the cloud computing systems provide service to so many people who are not proven to be trustworthy. Due to their distributed nature, cloud computing environment are easy targets for intruders[1]. Intrusions have been a major problem in terms of computing resources such as grid computing, ubiquitous computing...
متن کاملDoing intrusion detection using embedded sensors —
Intrusion detection systems have usually been developed using large host-based components. These components impose an extra load on the system where they run (sometimes even requiring a dedicated system) and are subject to tampering or disabling by an intruder. Additionally, intrusion detection systems have usually obtained information about host behavior through indirect means, such as audit t...
متن کامل