Analysis and Management of Intrusion Data Collection
نویسنده
چکیده
This paper expands upon our prior work [2] to examine the different data sources available for analysis in the identification of intrusions and misuses. Subsequently, we examine the different mechanisms by which data can be collected and the potential impacts this may have on the effectiveness of the analysis algorithms. Additionally, we examine the performance implications of such a data collection paradigm as is incorporated in our prior work. Examination and analysis of these performance impact results will aid determination of the most appropriate level of monitoring for a given environment or system. The goal is to identify information that must be collected everywhere versus that which should only be collected on critical systems and servers. By better arming systems and network administrators with the appropriate information they can make more adequate choices of their monitoring requirements and notify users of expected impacts and ramifications.
منابع مشابه
A Hybrid Machine Learning Method for Intrusion Detection
Data security is an important area of concern for every computer system owner. An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Already various techniques of artificial intelligence have been used for intrusion detection. The main challenge in this area is the running speed of the available implemen...
متن کاملComparison of Two Sampling-Based Data Collection Mechanisms for Intrusion Detection System
Data collection mechanism is a crucial factor for the performance of intrusion detection system (IDS). Simple random sampling and Stratified random sampling techniques of statistics are introduced to the procedure of data collection for IDS, and formulas used to calculate the sample size of packets based on these sampling techniques are presented. The implementation of packets sampling is provi...
متن کاملMoving Towards an Adaptive Enterprise Intrusion Detection and Prevention System
In this paper, we describe our plans to create a smarter network defense system through the collection and analysis of network signatures generated by real security threats. To meet this goal, we plan to create software agents interconnected to a central behavior analysis database service where each software agent records attack meta-information collected during previous intrusion attempts. The...
متن کاملTechniques of Building a Scalable, Efficient Intrusion Monitoring Architecture
To perform effective intrusion analysis in higher bandwidth network, this paper studies the data collecting techniques and proposes a scalable efficient intrusion monitoring architecture (SEIMA) for network intrusion detection system (NIDS). In the architecture of SEIMA, scaling network intrusion detection to high network speeds can be achieved using multiple sensors operating in parallel coupl...
متن کاملIntrusion Detection Using Evolutionary Hidden Markov Model
Intrusion detection systems are responsible for diagnosing and detecting any unauthorized use of the system, exploitation or destruction, which is able to prevent cyber-attacks using the network package analysis. one of the major challenges in the use of these tools is lack of educational patterns of attacks on the part of the engine analysis; engine failure that caused the complete training, ...
متن کاملIntrusion Detection in IOT based Networks Using Double Discriminant Analysis
Intrusion detection is one of the main challenges in wireless systems especially in Internet of things (IOT) based networks. There are various attack types such as probe, denial of service, remote to local and user to root. In addition to known attacks and malicious behaviors, there are various unknown attacks that some of them have similar behavior with respect to each other or mimic the norma...
متن کامل