Distributed Anomaly-based Intrusion Detection System
نویسنده
چکیده
Intrusion Detection Systems (IDS) are software or hardware systems, which automatically monitor network traffic looking for suspicious signs of intrusions. Their aim is to recognise already on-going attacks, and possibly block them, in co-operation with other tools like firewalls, as well. According to data processing, one family of IDS-s is anomaly based intrusion detection systems, which assume that an attack causes abnormal behaviour, which can be detected. Thus they log user profiles, and if the difference of stored and monitored behaviour exceeds a threshold, an alarm is generated and other steps can be taken. The greatest advantage of anomaly detection is the ability of recognising new, unknown attacks. Though it is advisable not to use it as a stand-alone system, only with other security tools, for it can easier be eluded than other IDS-s.
منابع مشابه
Moving dispersion method for statistical anomaly detection in intrusion detection systems
A unified method for statistical anomaly detection in intrusion detection systems is theoretically introduced. It is based on estimating a dispersion measure of numerical or symbolic data on successive moving windows in time and finding the times when a relative change of the dispersion measure is significant. Appropriate dispersion measures, relative differences, moving windows, as well as tec...
متن کاملAssessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing
Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...
متن کاملA Hybrid Framework for Building an Efficient Incremental Intrusion Detection System
In this paper, a boosting-based incremental hybrid intrusion detection system is introduced. This system combines incremental misuse detection and incremental anomaly detection. We use boosting ensemble of weak classifiers to implement misuse intrusion detection system. It can identify new classes types of intrusions that do not exist in the training dataset for incremental misuse detection. As...
متن کاملAudit Records Statistical Anomaly Detection Rule-based Intrusion Detection the Base-rate Fallacy Distributed Intrusion Detection Honeypots Intrusion Detection Exchange Format
20.1 Intruders Intruder Behavior Patterns Intrusion Techniques 20.2 Intrusion Detection Audit Records Statistical Anomaly Detection Rule-Based Intrusion Detection The Base-Rate Fallacy Distributed Intrusion Detection Honeypots Intrusion Detection Exchange Format 20.3 Password Management Password Protection Password Selection Strategies 20.4 Recommended Reading and Web Sites 20.5 Key Terms, Revi...
متن کاملA Survey of Anomaly Detection Approaches in Internet of Things
Internet of Things is an ever-growing network of heterogeneous and constraint nodes which are connected to each other and the Internet. Security plays an important role in such networks. Experience has proved that encryption and authentication are not enough for the security of networks and an Intrusion Detection System is required to detect and to prevent attacks from malicious nodes. In this ...
متن کاملA New Intrusion Detection System to deal with Black Hole Attacks in Mobile Ad Hoc Networks
By extending wireless networks and because of their different nature, some attacks appear in these networks which did not exist in wired networks. Security is a serious challenge for actual implementation in wireless networks. Due to lack of the fixed infrastructure and also because of security holes in routing protocols in mobile ad hoc networks, these networks are not protected against attack...
متن کامل