Hierarchical SOMs are applied to the problem of host based intrusion detection on computer networks. Unlike systems based on operating system audit trails, the approach operates on real-time data without extensive off-line training and with minimal expert knowledge. Specific recommendations are made regarding the representation of time, network parameters and SOM architecture.

This research explores four experiments of adaptive host-based intrusion detection (ID) techniques in an attempt to develop systems that can detect novel exploits. The technique considered to have the most potential is adaptive critic designs (ACDs) because of their utilization of reinforcement learning, which allows learning exploits that are difficult to pinpoint in sensor data. Preliminary r...

The accuracy of detecting an intrusion within a network of intrusion detection systems (IDSes) depends on the efficiency of collaboration between member IDSes. The security itself within this network is an additional concern that needs to be addressed. In this paper, we present a trust-based framework for secure and effective collaboration within an intrusion detection network (IDN). In particu...

Cloud Computing has several major issues and concerns, such as expectations regulations, performance, trust, and data security issues. DDOS is a multiple hosts attacks made simultaneously in all network. DDoS attacks performed some vulnerable action in early stage such as low-frequency vulnerability scanning, multistep exploitation, and identifying the compromised vulnerable virtual machines as...

CardGuard is a signature detection system for intrusion detection and prevention that scans the entire payload of packets for suspicious patterns and is implemented in software on a network card equiped with an Intel IXP1200 network processor. One card can be used to protect either a single host, or a small group of machines connected to a switch. CardGuard is non-intrusive in the sense that no...

The ubiquity of the Internet poses serious concerns on the security of computer infrastructures and the integrity of sensitive data. Intrusion Detection Systems (IDS) aim at protecting networks and computers from malicious networkbased or host-based attacks. The underlying assumption of intrusion detection is an attack will noticeably affect system performance or behavior. Neural networks metho...

Network Intrusion Detection Systems (NIDS) are designed to differentiate malicious traffic from normal traffic on a network system to detect the presence of an attack. Traditionally, the approach around which these systems are designed is based upon an assumption made by Dorothy Denning in 1987 stating that malicious traffic should be statistically differentiable from normal traffic [1]; howeve...

Modern intrusion detection systems are comprised of three basically different approaches, host based, network based, and a third relatively recent addition called procedural based detection. The first two have been extremely popular in the commercial market for a number of years now because they are relatively simple to use, understand and maintain. However, they fall prey to a number of shortc...

In computer security, designing a robust intrusion detection system is one of the most fundamental and important problems. In this paper, we propose a system-call language-modeling approach for designing anomaly-based host intrusion detection systems. To remedy the issue of high false-alarm rates commonly arising in conventional methods, we employ a novel ensemble method that blends multiple th...