Intrusion detection system

About: Intrusion detection system is a research topic. Over the lifetime, 28444 publications have been published within this topic receiving 509530 citations. The topic is also known as: Intrusion Detection System & IDS.

Distributed intrusion detection system for scada protocols

Abstract: This paper presents an innovative, distributed, multilayer approach for detecting known and unknown attacks on industrial control systems The approach employs process event correlation, critical state detection and critical state aggregation The paper also describes a prototype implementation and provides experimental results that validate the intrusion detection approach

Cloud Resource Monitoring for Intrusion Detection

Abstract: We present a novel security monitoring framework for intrusion detection in IaaS cloud infrastructures. The framework uses statistical anomaly detection techniques over data monitored both inside and outside each Virtual Machine instance. We present the architecture of our monitoring framework and describe the implementation of the real-time monitors and detectors. We also describe how the framework is used in three different attack scenarios. For each of the three attack scenarios, we describe how the attack itself works and how it could be detected. We describe what data is monitored in our framework and how the detection is conducted using anomaly detection methods. We also present evaluation of the detection using synthetic and real data sets. Our experimental evaluation across all three scenarios shows that our tools perform well in practical situations and provide a promising direction for future research.

Critical Episode Mining in Intrusion Detection Alerts

Abstract: One of the most important steps in attack detection using Intrusion Detection Systems (IDSs) is dealing with huge number of alerts that can be either critical single alerts and multi-step attack scenarios or false alerts and non-critical ones. In this paper we try to address the problem of managing alerts via a multi-layer alert correlation and Itering that can identify critical alerts after each step of correlation and Itering. After applying the approach on LL DDoS 1.0 data set, we achieved very good results in terms of critical alert detection rates, running time of approach and its memory usage. Our method could extract all of critical and multi-step attacks in LL DDoS 1.0 data set while we had almost 90% reduction in number of alerts.

Design and Implementation of the HoneyPot System with Focusing on the Session Redirection

Abstract: In this paper, we implement a HoneyPot system equipped with several sub systems for their use. Obtaining the new knowledge on the access skills of intruder allows us to make a policy more precisely and quickly to protect a system from the new attacks. Our implementation presents an HoneyPot System cooperates with firewall and management server. In this system, firewall redirects a session from an abnormal user to HoneyPot to learn the advanced intrusion skills and to respond more effectively.