Classifying and responding to network intrusions
نویسنده
چکیده
Addressing security vulnerabilities and system intrusions can represent asignificant administrative overhead in current computer systems. Althoughtechnologies exist for both vulnerability scanning and for intrusion detection,the problems typically require some form of human intervention before theycan be rectified. Evidence suggests that, in many cases, this can lead toomissions or oversights in terms of protection, as administrators are forced toprioritise their attention to security amongst various other tasks (particularlywithin smaller organisations, where a dedicated security administrationfunction is unlikely to be foimd). As a result, mechanisms for automatedresponse to the issues are considered to be advantageous. The paper describesthe problems associated with vulnerability analysis and intriision response, andthen proceeds to consider how, at a conceptual level, the issues could beaddressed within the framework of a wider architecture for intrusionmonitoring. r 1 Ti 111 uTiiiaiiiiiiaianMaiiii 88Advances in Information Security Management & Small Systems Security
منابع مشابه
An Expert System-Based Site Security Officer
A Site Security Officer (SSO) who is a network security staff that responds to alarms from an Intrusion Detection System (IDS), is always faced with the critical problem of low response time when the network becomes big. Even a skilled SSO is hard-pressed and less productive when collecting and analyzing IDS output manually as the frequency of intrusion increases. In this work, an Expert System...
متن کاملMining Network Data for Intrusion Detection through Naïve Bayesian with Clustering
Network security attacks are the violation of information security policy that received much attention to the computational intelligence society in the last decades. Data mining has become a very useful technique for detecting network intrusions by extracting useful knowledge from large number of network data or logs. Naïve Bayesian classifier is one of the most popular data mining algorithm fo...
متن کاملEvolving Fuzzy Classifiers for Intrusion Detection
ISBN 555555555/$10.00 2002 IEEE Abstract – The normal and the abnormal behaviors in networked computers are hard to predict, as the boundaries cannot be well defined. This prediction process usually generates false alarms in many anomaly based intrusion detection systems. However, with fuzzy logic, the false alarm rate in determining intrusive activities can be reduced, where a set of fuzzy r...
متن کاملNetwork Security Using Linux Intrusion Detection System
Attacks on the nation’s computer infrastructures are becoming an increasingly serious problem. Firewalls provide a certain amount of security, but can be fooled at times by attacks like IP spoofing and the so called authorized users. So an intelligent system that can detect attacks and intrusions is required. The tool GRANT (Global Realtime Analysis of Network Traffic) being a Linux based Intru...
متن کاملSemi-supervised Random Forest for Intrusion Detection Network
In order to protect valuable computer systems, network data needs to be analyzed and classified so that possible network intrusions can be detected. Machine learning techniques have been used to classify network data. For supervised machine learning methods, they can achieve high accuracy at classifying network data as normal or malicious, but they require the availability of fully labeled data...
متن کامل