The paper describes security agent architecture, called CIDS, which is useful as an administrative tool for intrusion detection. Specifically, it is an agent-based monitoring and detection system, which is developed to detect malfunctions, faults, abnormalities, misuse, deviations, intrusions, and provide recommendations (in the form of common intrusion detection language). The CIDS can simulta...

The aim of the present work was to design and develop of a Data mining based Network Intrusion Detection System which can detect intrusions based on misuse detection technique and learning algorithm. The work also aimed at reducing number of false alarms by characterizing the target network with appropriate network parameters and analyzing them with mathematical models. This project proposed th...

Ad hoc networks mostly operate over open environments and are hence vulnerable to a large body of threats. This calls for coupling preventive mechanisms, e.g., firewall, with advanced intrusion detection. To meet this requirement, we introduce IDAR, a signatureand log-based distributed intrusion detector dedicated to ad hoc routing protocols. Contrary to existing systems that observe packets, I...

This paper introduces the Trust Obstacle Mitigation Model (TOMM), which uses the concept of trust assumptions to derive security obstacles, and the concept of misuse cases to model obstacles. The TOMM allows a development team to anticipate malicious behaviour with respect to the operational database application and to document a priori how this malicious behaviour should be mitigated.

Generally, a computer using a wireless network will communicate to other computers through a base station. The base station transmits and receives packets wirelessly, but also connects to a landline and a wired network (ie. the Internet). However, there are situations where a base station does not exist, but users still wish to transmit to other computers. Situations like this include Native Am...

An effective method for detecting computer misuse is the automatic monitoring and analysis of on-line user activity. During the past year, Los Alamos 1 enhanced its Network Anomaly Detection and Intrusion Reporter (NADIR) to include analysis of user activity on Los Alamos' UNICOS Crays. In near real-time, NADIR compares user activity to historical profiles and tests activity against expert rule...

This article proposes an optimization of using Genetic Algorithms for the Security Audit Trail Analysis Problem, which was proposed by L. Mé in 1995 and improved by Pedro A. Diaz-Gomez and Dean F. Hougen in 2005. This optimization consists in filtering the attacks. So, we classify attacks in “Certainly not existing attacks class”, “Certainly existing attacks class” and “Uncertainly existing att...

In recent years, wireless sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system (IDS) needs to be introduced. In this paper we prop...

This paper describes a generic model of matching that can be usefully applied to misuse intrusion detection. The model is based on Colored Petri Nets. Guards define the context in which signatures are matched. The notion of start and final states, and paths between them define the set of event sequences matched by the net. Partial order matching can also be specified in this model. The main ben...