Intrusion Detection System (IDS) plays a vital factor in providing security to the networks through detecting malicious activities. Due to the extensive advancements in the computer networking, IDS has become an active area of research to determine various types of attacks in the networks. A large number of intrusion detection approaches are available in the literature using several traditional...

An Intrusion Detection System (IDS) seeks to identify unauthorized access to computer systems' resources and data. The most common analysis tool that these modern systems apply is the operating system audit trail that provides a ngerprint of system events over time. In this research, the Basic Security Module auditing tool of Sun's Solaris operating environment was used in both an anomoly and m...

The existing well-known network based intrusion detection/ prevention techniques such as the misuse detection technique, etc, are widely used. However, because the misuse detection based intrusion prevention system is proportionally depending on the detection rules, it causes excessive large false alarm which is linked to wrong correspondence. This study suggests an intrusion prevention system ...

– The goal of this research was to design a multi-layered architecture for the detection of a wide range of existing and new botnets. By not relying on a single technique but rather building in the ability to support multiple techniques, the goal is to be able to detect a wider array of bots and botnets than is possible with a single technique. The open architecture and API will allow any techn...

While more and more applications require higher network bandwidth, there is also a tendency that large portions of this bandwidth are misused for dubious purposes, such as unauthorized VoIP, file sharing, or criminal botnet activity. Automatic intrusion detection methods can detect a large portion of such misuse, but novel patterns can only be detected by humans. Moreover, interpretation of lar...

In addition to preventive mechanisms intrusion detection systems (IDS) are an important instrument to protect computer systems. Most IDSs used today realize the misuse detection approach. These systems analyze monitored events for occurrences of defined patterns (signatures), which indicate security violations. Up to now only little attention has been paid to the analysis efficiency of these sy...

Most intrusion detection systems deployed today apply misuse detection as detection procedure. Misuse detection compares the recorded audit data with predefined patterns, i.e. signatures. A signature is usually empirically developed based on experience and expert knowledge. Methods for a systematic development are scarcely reported yet. Automated approaches to reusing design and modeling decisi...

Prevention of security breaches completely using the existing security technologies is unrealistic. As a result, intrusion detection is an important component in network security. However, many current intrusion detection systems (IDSs) are signature-based systems, The signature based IDS also known as misuse detection looks for a specific signature to match, signalling an intrusion. Provided w...

In this paper a novel hybrid model is being proposed for misuse and anomaly detection. C4.5 based binary decision trees are used for misuse and CBA (Classification Based Association) based classifier is used for anomaly detection. Firstly, the C4.5 based decision tree separates the network traffic into normal and attack categories. The normal traffic is sent to anomaly detector and parallel att...

Anomaly detection, detection of deviations from what is considered normal, is an important complement to misuse detection based on attack signatures. Anomaly detection in real-time places hard requirements on the algorithms used, making many proposed data mining techniques less suitable. ADWICE (Anomaly Detection With fast Incremental Clustering) uses the first phase of the existing BIRCH clust...