A Framework for the Rapid Development of Anomaly Detection Algorithms in Network Intrusion Detection Systems (original) (raw)
2012
Most current Network Intrusion Detection Systems (NIDS) perform detection by matching traffic to a set of known signatures. These systems have well defined mechanisms for the rapid creation and deployment of new signatures. However, despite their support for anomaly detection, this is usually limited and often requires a full recompilation of the system to deploy new algorithms. As a result, anomaly detection algorithms are time consuming, difficult and cumbersome to develop. This paper presents an alternative system which permits the deployment of anomaly detection algorithms without the need to even restart the NIDS. This system is, therefore, suitable for the rapid development of new algorithms, or in environments where high-availability is required.
Related papers
A Survey on Anomaly-Based Network Intrusion Detection Systems
The significance of system security has become enormously and various gadgets have been acquainted with enhance the security of a system. System Intrusion Detection Systems (NIDS) are among the most broadly sent such framework. Prevalent NIDS utilize an accumulation of marks of known security dangers and infections, which are utilized to sweep every parcel's payload. Most IDSs do not have the capacity to identify novel or beforehand obscure assaults. An uncommon sort of IDSs, called Anomaly Detection Systems, create models taking into account typical framework or system conduct, with the objective of recognizing both known and obscure assaults. Oddity location frameworks face numerous issues including high rate of false alert, capacity to work in online mode, and versatility. This paper shows a specific study of incremental methodologies for recognizing abnormality in ordinary framework and system activity.
Network Intrusion Detection System (NIDS
IEEE Xplore, 2008
This paper introduces the Network Intrusion Detection System (NIDS), which uses a suite of data mining techniques to automatically detect attacks against computer networks and systems. This paper focuses on two specific contributions: (i) an unsupervised anomaly detection technique that assigns a score to each network connection that reflects how anomalous the connection is, and (ii) an association pattern analysis based module that summarizes those network connections that are ranked highly anomalous by the anomaly detection module. Experimental results show that our anomaly detection techniques are successful in automatically detecting several intrusions that could not be identified using popular signature-based tools .Furthermore, given the very high volume of connections observed per unit time, association pattern based summarization of novel attacks is quite useful in enabling a security analyst to understand and characterize emerging threats.
A Survey on Intrusion Detection Systems
With the advent of anomaly based intrusion detection systems, many approaches and techniques have been developed to track novel attacks on the systems. Though anomaly based approaches are efficient, signature based detection is preferred for mainstream implementation of intrusion detection systems. As a variety of anomaly detection techniques were suggested, it is difficult to compare the strengths, weaknesses of these methods. The reason why industries don?t favor the anomaly based intrusion detection methods can be well understood by validating the efficiencies of the all the methods. To investigate this issue, the current state of the experiment practice in the field of anomaly based intrusion detection is reviewed and survey recent studies in this. This paper contains summarization study and identification of the drawbacks of formerly surveyed works.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.