Even when the benefits of using knowledge representation and management techniques have been already acknowledged by the intrusion detection community, little has been done to enable security technologies with them. We present an ontology-based multiagent architecture that implements Outbound Intrusion Detection, an intrusion detection approach concerned not with protecting local hosts from bei...

This paper describes a hybrid design for intrusion detection that combines anomaly detection with misuse detection. The proposed method includes an ensemble feature selecting classifier and a data mining classifier. The former consists of four classifiers using different sets of features and each of them employs a machine learning algorithm named fuzzy belief k-NN classification algorithm. The ...

Masqueraders who impersonate other users pose serious threat to computer security. Unfortunately, firewalls or misuse-based intrusion detection systems are generally ineffective in detecting masquerades. Although anomaly detection techniques have long been considered as an effective approach to complement misuse detection techniques, they are not widely used in practice due to poor accuracy and...

It is well-known that the primary threat against misuse of private data about individuals is present within the organisation. This paper proposes a system that uses Intrusion Detection System (IDS) technologies to help safeguard such private information. It is assumed that the private information is stored in a central networked repository (using, for example, network-attached storage). The pro...

The aim of this article is to explain how features of attacks could be extracted from the packets. It also explains how vectors could be built and then applied to the input of any analysis stage. For analyzing, the work deploys the Feedforward-Back propagation neural network to act as misuse intrusion detection system. It uses ten types if attacks as example for training and testing the neural ...

Intrusion Detection Systems are increasingly a key part of systems defense. Various approaches to Intrusion Detection are currently being used, but they are relatively ineffective. Artificial Intelligence plays a driving role in security services. This paper proposes a dynamic model Intelligent Intrusion Detection System, based on specific AI approach for intrusion detection. The techniques tha...

Network intrusion detection is the problem of detecting unauthorised use of, or access to, computer systems over a network. Two broad approaches exist to tackle this problem: anomaly detection and misuse detection. An anomaly detection system is trained only on examples of normal connections, and thus has the potential to detect novel attacks. However, many anomaly detection systems simply repo...

Intrusion detection is considered to be an effective technique to detect attacks that violate the security policy of systems. There are basically three different kinds of intrusion detection: Anomaly detection, misuse detection and specification-based intrusion detection [MB02]. Specification-based intrusion detection differs from the others by describing the desired functionalities of security...

Intrusion detection systems (IDSs) are based on two fundamental approaches first the recognition of anomalous activities as it turns from usual behavior and second misuse detection by observing those "signatures" of those recognized malicious assaults and classification vulnerabilities. Anomaly (behavior-based) IDSs presume the difference of normal behavior beneath attacks and achieve abnormal ...