In current scenario most of the intrusion detection systems (IDS) use one of the two detection methods, misused detection or Anomaly detection?both of them have their own limitations. Technology has developed the technique that combines misuse detection system with anomaly detection system (ADS) or network intrusion detection system and host-based intrusion detection system is known as hybrid i...

Most computerized information systems we use in our everyday lives provide very little protection against hostile manipulation. At the same time, there is a rapidly increasing dependence on services provided by these computer systems and networks, and security is thus not only an interesting and challenging research discipline but has indeed developed into a critical issue for society. This the...

The success and the acceptance of intrusion detection systems essentially depend on the accuracy of their analysis. Inaccurate signatures strongly trigger false alarms. In practice several thousands false alarms per month are reported which limit the successful deployment of intrusion detection systems. Most today deployed intrusion detection systems apply misuse detection as detection procedur...

This work presents a WEB-IDS that combine both anomaly and misuse detection approach. This mixed solution is really interesting because merges the two complementary methods used to recognize attacks; we solved the usual conflicts presented by this choice and obtained an higher results accuracy. Our tool starts with the misuse-based module and its results are passed to the anomaly detection modu...

We introduce a technique for detecting anomalous patterns in a categorical feature (one that takes values from a finite alphabet). It differs from most anomaly detection methods used to date in that it does not require attackfree training data, and it improves upon previous methods known to us in that it is aware when it is adequately trained to generate meaningful alerts, and it models data no...

The most acute problem for misuse detection method is its inability to detect new kinds of attacks. A new detection method based on data-oriented classification of attacks is proposed to solve this problem. After analyzing its significance, a practical scheme which uses relevant feature subset codes clustering is designed. Applying Concept Hierarchy Generation for attack Labels (CHGL), inductiv...

The exponential growth in wireless network faults, vulnerabilities, and attacks make the WLAN security management a challenging research area [29]. Data mining applied to intrusion detection is an active area of research. The main reason for using data mining techniques for intrusion detection systems is due to the enormous volume of existing and newly appearing network data that require proces...

Anomaly-based intrusion detection is a crucial research issue as it permits to identify attacks that does not necessarily have known signatures. However, approaches using anomalies often consume more resources than those based on misuse detection and have a higher false alarm rate. This paper presents an efficient anomaly analysis method that is proved to be more efficient and less complex than...

The efficacy of the aspect-oriented paradigm has been well established within several areas of software security as aspect-orientation facilitates the abstraction of these security-related tasks to reduce code complexity. The aim of this paper is to demonstrate that aspect-orientation may be used to monitor the information flows between objects in a system for the purposes of misuse detection. ...

The decrease in the costs of storage devices and the advances in data warehousing advocate a new area of research knowledge discovery in databases. There have been research e orts that apply these techniques to computer security. Unlike previous e orts which focus on operating system and network layer, we use data mining techniques to detect misuse in database systems at the application layer w...