Network Intrusion Detection & Prevention Research Papers (original) (raw)

With the increasing utilization of the Internet and its provided services, an increase in cyber-attacks to exploit the information occurs. A technology to store and maintain user's information that is mostly used for its simplicity and low-cost services is cloud computing (CC). Also, a new model of computing that is noteworthy today is mobile cloud computing (MCC) that is used to reduce the limitations of mobile devices by allowing them to offload certain computations to the remote cloud. The cloud environment may consist of critical or essential information of an organization; therefore, to prevent this environment from possible attacks a security solution is needed. An intrusion detection system (IDS) is a solution to these security issues. An IDS is a hardware or software device that can examine all inside and outside network activities and recognize doubtful patterns that may demonstrate a network attack and automatically alert the network (or system) administrator. Because of the ability of an IDS to detect known/unknown (inside/outside) attacks, it is an excellent choice for securing cloud computing. Various methods are used in an intrusion detection system to recognize attacks more accurately. Unlike survey papers presented so far, this paper aims to present a comprehensive survey of intrusion detection systems that use computational intelligence (CI) methods in a (mobile) cloud environment. We firstly provide an overview of CC and MCC paradigms and service models, also reviewing security threats in these contexts. Previous literature is critically surveyed, highlighting the advantages and limitations of previous work. Then we define a taxonomy for IDS and classify CI-based techniques into single and hybrid methods. Finally, we highlight open issues and future directions for research on this topic.

- by
- •
- Machine Learning, Computational Intelligence, Network Security, Computer Networks

As ad-hoc networks have different characteristics from a wired network, the intrusion detection techniques used for wired networks are no longer sufficient and effective when adapted directly to a wireless ad-hoc network. In this article, first the security challenges in intrusion detection for ad-hoc networks are identified and the related work for anomaly detection is discussed. We then propose a layered intrusion detection framework, which consists of collection, detection and alert modules that are handled by local agents. The collection, detection and alert modules are uniquely enabled with the main operations of ad-hoc networking, which are found at the OSI link and network layers. The proposed modules are based on interpolating polynomials and linear threshold schemes. An experimental evaluation of these modules shows their efficiency for several attack scenarios, such as route logic compromise, traffic patterns distortion and denial of service attacks.

- by Christos Douligeris and +1
- •
- Mobile Ad Hoc Networks, Authenticity, AdHoc Networks, Intrusion Detection Systems

Data mining and machine learning technology has been extensively applied in network intrusion detection and prevention systems by discovering user behavior patterns from the network traffic data. Some commercial tools for collecting... more

- by Enrique Vazquez
- •
- Assessment, Network Security, Security, Anomaly Detection

Among various cyber threats, a DDoS attack is one of the major Internet threats that can affect anyone and even cause tremendous financial damage to organization that uses cloud-based services, while the mitigation of this threat can be highly difficult considering the complex infrastructure that it uses to perform its malicious activities. For that purpose it’s important to think proactively rather than reactively when addressing the protection against this type of attacks. The overview of botnets and some of the countermeasures against this threat were discussed in this paper.

Wireless (Wi-Fi) networks based on IEEE 802.11 1 family of standards have been spreading its coverage last years and this trend is expected to grow. Every day more and more people use this type of networks to access Internet, company or other types of networks. Today's wireless networks are vulnerable in many ways (rogue access points, hijacking sessions, eavesdropping, illegal use, unauthorized access, denial of service attacks, floods, stealing data and other types of misuse and attacks etc). People are worried about unknowingly exposing their computers to illegal access through the air, from an undefined location. On wired networks the intruder can access by wire, but in wireless environments the intruder can access the network from anywhere in the neighborhood. At the present time there are IDS's but mostly deployed on wired networks, and based on rules and signatures of already known and analyzed intrusions. These systems can't answer the demand in environments where new intrusions are occurring every day due their legacy IDS's limitations. Intrusion detection agent presented in this paper is part of WIDSwireless intrusion detection system. WIDS Agent is software installed on mobile computer device. It detects intrusions and attacks by analyzing traffic and making conclusions and denies it. It works as standalone module or coupled (in contribution) with WIDS Sensor and Server that are also part of this system. Position of application is on personal computer (PC), including Pocket PC (PPC), other PDA devices and similar computerized and mobile devices. This system has capabilities such as: self learning, autonomy and decision, self-decision and self defense including alerting. This is multidimensional system in development which is intended to cover most of wireless networks specific vulnerabilities and intrusion. It should work in real-time and defend user i.e. his computer or system against majority of intrusions nevertheless of fact if they are already known or new kind of attacks. System is integrated in clients and performs local data collection and filtering, works as local detection engine cooperating with neighboring WIDS agents (cooperative detection engine). It provides local response and/or global response against intrusion. Also, this system works in the closest relationship with firewall software and devices, antivirus software, network management and other security tools.

Internet of Things (IoT) constitutes a pivotal contributor to the Industry 4.0 (I 4.0) vision, technologically transforming production and societies. It enables novel services through the seamless integration of devices, such as motes carrying sensors, with the Internet. However, the broad adoption of IoT technologies is facing security issues due to the direct access to the devices from the Internet, the broadcasting nature of the wireless media, and the potential unattended operation of relevant deployments. In particular, the Routing over Low Power and Lossy Networks (RPL) protocol, a prominent IoT solution, is vulnerable to a large number of attacks, both of general-purpose and RPL-specific nature, while the resource-constraints of the corresponding devices are making attack mitigation even more challenging, e.g., in terms of involved control overhead and detection accuracy. In this paper, we introduce ASSET, a novel Intrusion Detection System (IDS) for RPL with diverse profiles to tackle the above issues that mitigate at least 13 attacks. At the same time, other solutions go up to eight. ASSET, inspired by the network softwarization paradigm, supports a novel, extendable workflow, bringing together three anomaly-detection and four RPL specification-based mechanisms, a novel attacker identification process, as well as multiple attack mitigation strategies. Our IDS also supports an adaptable control & monitoring protocol, trading overhead for accuracy, depending on the network conditions. The proof-ofconcept experiments show that ASSET entails a low overhead for the different modes of operation it supports (i.e., 6.28 percent on average) compared to other solutions reaching up to 30 percent. At the same time, it also keeps the power consumption at acceptable levels (from 0.18 up to 1.54 percent more). Moreover, it provides 100 percent accuracy for specific attacks and can identify the attacker in far more attacks than any other similar solution.

Network traffic generation is one of the primary techniques that is used to design and analyze the performance of network security systems. However, due to the diversity of IoT networks in terms of devices, applications and protocols, the traditional network traffic generator tools are unable to generate the IoT specific protocols traffic. Hence, the traditional traffic generator tools cannot be used for designing and testing the performance of IoT-specific security solutions. In order to design an IoT-based traffic generation framework, two main challenges include IoT device modelling and generating the IoT normal and attack traffic simultaneously. Therefore, in this work, we propose an open-source framework for IoT traffic generation which supports the two widely used IoT application layer protocols, i.e., MQTT and CoAP. The proposed framework allows a user to create an IoT use case, add customized IoT devices into it and generate normal and malicious IoT traffic over a real-time network. Furthermore, we set up a real-time IoT smart home use case to manifest the applicability of the proposed framework for developing the security solutions for IoT smart home by emulating the real world IoT devices. The experimental results demonstrate that the proposed framework can be effectively used to develop better security solutions for IoT networks without physically deploying the real-time use case.

- by Faisal Hussain and +1
- •
- Artificial Intelligence, Network Security, Wireless Sensor Networks, Network Intrusion Detection & Prevention

Majority of mobile device users will prefer to preserve the privacy of their SMS communication from mass government surveillance and other adversaries using mobile device SMS encryption solutions. The mobile devices in use however, are highly constrained in terms of memory, power and computing capability to utilize the current SMS encryption solutions. There is therefore, a room for improvement in term of optimality of the SMS encryption schemes currently propose for use on mobile devices. This research proposes an optimal end-to-end SMS encryption scheme ideal for use on mobile devices using a combination of cryptographic algorithms: asymmetric encryption algorithm (NTRU) with NTRU Signature Scheme (NSS), symmetric encryption algorithm (Blowfish) and key exchange mechanism (Elliptic Curve Diffie Hellman Ephemeral with Elliptic Curve Digital Signature Algorithm (ECDHE-ECDSA)). The proposed solution’s encryptions and decryptions times, digital signatures signing and verification times as well as keys generation times, shall be measured on three different real android mobile devices with varying computing power and storage capability and evaluated with the work of Al-bakri and Kiah to prove its optimality. This proposed scheme will provides an optimal end-to-end encryption of SMS ideal for use on constrained mobile devices. The proposed solution is therefore an improvement to the currently used SMS encryption techniques on constrained mobile devices for it will provide the most optimal possible means.

The Internet of Things (IoT) is one of the main research fields in the Cybersecurity domain. This is due to (a) the increased dependency on automated device, and (b) the inadequacy of general purpose Intrusion Detection Systems (IDS) to be deployed for special purpose networks usage. Numerous lightweight protocols are being proposed for IoT devices communication usage. One of the recent IoT machine-to-machine communication protocols is Message Queuing Telemetry Transport (MQTT) protocol. However, as per the authors best knowledge, there are no available IDS datasets that include MQTT benign or attack instances and thus, no IDS experimental results available. In this paper, we evaluate the effectiveness of six Machine Learning (ML) techniques to detect MQTT-based attacks. Three abstraction levels of features are assessed, namely, packet-based, uni-directional flow, and bi-directional flow features. An MQTT simulated dataset is generated and used for the training and evaluation processes. The dataset is released with an open access licence to help the research community further analyse the challenges. The experimental results demonstrated the adequacy of the proposed ML models to suit MQTT-based networks IDS requirements. Moreover, the results emphasise on the importance of using flow-based features to discriminate MQTT-based attacks from benign traffic, while packet-based features are sufficient for traditional networking attacks .

- by Xavier Bellekens and +1
- •
- Data Mining, Wireless Communications, Network Security, Computer Networks
- by Mustafizur SHAHID
- •
- Machine Learning, Network Security, The Internet of Things, Computer Security

With the increased dependence of organizations on technological solutions, the cyber threats have become some of the major concerns for the very existence of the businesses. Thus, the security measures to be implemented need to go beyond a simple presence of a firewall and anti-malware. In this work, an overview of two Intrusion Detection and Prevention systems (IDPS) was performed. Namely, the architecture of Snort and Suricata IDPS engines was discussed.

Intrusion detection has attracted a considerable interest from researchers and industries. The community, after many years of research, still faces the problem of building reliable and efficient IDS that are capable of handling large quantities of data, with changing patterns in real time situations. The work presented in this manuscript classifies intrusion detection systems (IDS). Moreover, a taxonomy and survey of shallow and deep networks intrusion detection systems is presented based on previous and current works. This taxonomy and survey reviews machine learning techniques and their performance in detecting anomalies. Feature selection which influences the effectiveness of machine learning (ML) IDS is discussed to explain the role of feature selection in the classification and training phase of ML IDS. Finally, a discussion of the false and true positive alarm rates is presented to help researchers model reliable and efficient machine learning based intrusion detection systems.

- by Xavier Bellekens
- •
- Mathematics, Algorithms, Information Security, Machine Learning

Security have become an issue ever since the birth of cloud computing. Cloud computing like every computer network has security vulnerabilities. A network intrusion is any unauthorized activity on a computer network by an attacker. Intrusion detection system proffers a layer of defence, monitoring network traffic for suspicious predefined activities / pattern and alerting network administrators when suspicious traffic is detected. This paper seeks to address these vulnerabilities and reviews some open source tools that can be implemented to help secure the cloud computing environment. Open source tools that are reviewed include Snort, Bro, Suricata, Open WIPS and Security Onion.

- by Augustine C Onuora and +2
- •
- Computer Science, Computer Security, Cloud Computing, Network Intrusion Detection & Prevention

An efficient Intrusion Detection System has to be given high priority while connecting systems with a network to prevent the system before an attack happens. It is a big challenge to the network security group to prevent the system from a variable types of new attacks as technology is growing in parallel. In this paper, an efficient model to detect Intrusion is proposed to predict attacks with high accuracy and less false-negative rate by deriving custom features UNSW-CF by using the benchmark intrusion dataset UNSW-NB15. To reduce the learning complexity, Custom Features are derived and then Significant Features are constructed by applying meta-heuristic FPA (Flower Pollination algorithm) and MRMR (Minimal Redundancy and Maximum Redundancy) which reduces learning time and also increases prediction accuracy. ENC (ElasicNet Classifier), KRRC (Kernel Ridge Regression Classifier), IGBC (Improved Gradient Boosting Classifier) is employed to classify the attacks in the datasets UNSW-CF, UNSW and recorded that UNSW-CF with derived custom features using IGBC integrated with FPA provided high accuracy of 97.38% and a low error rate of 2.16%. Also, the sensitivity and specificity rate for IGB attains a high rate of 97.32% and 97.50% respectively.

Over recent years, we have observed a significant increase in the number and the sophistication of cyber attacks targeting home users, businesses, government organizations and even critical infrastructure. In many cases, it is important to detect attacks at the very early stages, before significant damage can be caused to networks and protected systems, including accessing sensitive data. To this end, cybersecurity researchers and professionals are exploring the use of Software-Defined Networking (SDN) technology for efficient and real-time defense against cyberattacks. SDN enables network control to be logically centralised by decoupling the control plane from the data plane. This feature enables network programmability and has the potential to almost instantly block network traffic when some malicious activity is detected. In this work, we design and implement an Intrusion Detection and Prevention System (IDPS) using SDN. Our IDPS is a software-application that monitors networks and systems for malicious activities or security policy violations and takes steps to mitigate such activity. We specifically focus on defending against port-scanning and Denial of Service (DoS) attacks. However , the proposed design and detection methodology has the potential to be expanded to a wide range of other malicious activities. We have implemented and tested two connection-based techniques as part of the IDPS, namely the Credit-Based Threshold Random Walk (CB-TRW) and Rate Limiting (RL). As a mechanism to defend against port-scanning, we outline and test our Port Bingo (PB) algorithm. Furthermore, we include QoS as a DoS attack mitigation, which relies on flow-statistics from a network switch. We conducted extensive experiments in a purpose-built testbed environment. The experimental results show that the launched port-scanning and DoS attacks can be detected and stopped in real-time. Finally, the rate of false positives can be kept sufficiently low by tuning the threshold parameters of the detection algorithms.

Information Systems and Networks are subject to electronic attacks. Attempts to breach information security are rising
every day, along with the availability of the Vulnerability Assessment tools that are widely available on the internet, for
free, as well as for a commercial use. Tools such as SubSeven, BackOrifce, Nmaps, L0ftCrack, can all be used to scan,
identify, probe, and penetrate systems on the network. Firewalls are put in place to prevent unauthorized access to the
Enterprise Networks. Unfortunately, firewalls alone are not enough to protect our systems. This paper describes the
characteristics of Network-Base IDPS technologies, outlines the necessity of the implementation of Intrusion Detection
Systems in the enterprise environment and a brief evaluation of Snort® Freeware technology

- by sh shirini
- •
- Artificial Intelligence, Machine Learning, Data Mining, Fuzzy Logic

— This paper presents a comprehensive survey of some modern and most popular intrusion detection techniques. It is unrealistic to prevent security breaches completely using the existing security technologies. Detecting the presence of intruder is very crucial for maintaining the network security. It is found that most of the current intrusion detection systems (IDSs) are signature based systems. The signature based intrusion detection system are based on matching a signature with the network details. Provided with the signatures or patterns they can detect many or all known attack patterns but they are of little use for as yet unknown attacks. Rate of false positives is close to nil but these types of systems are poor at detecting new attacks or variation of known attacks or attacks that can be masked as normal behavior. The other type of IDS i.e. Statistical Based Intrusion detection System (SBIDS) can overcome many of the aforementioned limitations of signature based intrusion detection systems. The statistical based intrusion detection systems performs better than signature based intrusion detection system for novelty detection i.e. detection of new attack is very important for intrusion detection system. Researchers have implemented various classification algorithms for intrusion detection.

- by Manu Bijone
- •
- Software Engineering, Information Security, Computer Engineering, Network Security

With the growth of cyber-attacks as observed over the last couple of decades safety, protection and privacy of information has become a major concern for organizations across the globe. Intrusion detection systems (IDSs) have thus gained important place and play a key role in detecting large number of attacks. There are a number of intrusion detection systems in market and most of them have the problem of having a relatively large number of false positives. Hence a need has arisen in the networking society of addressing the issue of false alarm and false positives and has resulted in an interest for researchers in IDS area. The main motivation of this research is in enhancing the performance of different data mining techniques to handle the alerts, reduce them and classify real attacks and reduce false positives .In this paper, the authors propose a novel hybrid model of RT and PART as to lower the rate of false positives. The algorithms are first trained for detecting attacks on KDD99 Dataset and then are tested on live traffic to classify whether the flow is normal or there are attacks. Random Tree (RT) and PART algorithms statistically validate the experimental results. The Hybrid framework on comparative analysis outperforms its counterparts and may lead to improved intelligent intrusion detection.

- by Madhuri Joshi and +1
- •
- Information Systems, Computer Science, Information Technology, Information Security

The paper provides an
introduction to the basic concepts of intrusion detection and genetic algorithms. The generic implementation of genetic
algorithms using pseudo code is presented. Pseudo code for genetic algorithm based intrusion detection method is also
included for clear understanding. The paper also provides an overview of the advantages and disadvantages of genetic
algorithms in general, and as applied to intrusion detection in particular. This survey will provide helpful insight into the
related literature and implementation of genetic algorithms in intrusion detection systems. It will also be a good source of
information for people interested in the genetic algorithms based intrusion detection systems.

- by Sahar Selim
- •
- Artificial Intelligence, Information Security, Machine Learning, Data Mining
- by Peter M Titus
- •
- Operating Systems, Information Security, Linux Kernel, Cyber Warfare

As network attacks have increased in number and severity over the past few years, intrusion detection system (IDS) is increasingly becoming a critical component to secure the network. Due to large volumes of security audit data as well as complex and dynamic properties of intrusion behaviors, optimizing performance of IDS becomes an important open problem that is receiving more and more attention from the research community. The uncertainty to explore if certain algorithms perform better for certain attack classes constitutes the ...

- by Troop Leader
- •
- Network Intrusion Detection & Prevention

Abstract: The exponential growth of the internet and new technology lead today's world in a hectic situation both positive as well as the negative module. Cybercriminals gamble in the dark net using numerous techniques. This leads to cybercrime. Cyber threats like Malware attempt to infiltrate the computer or mobile device offline or internet, chat(online), and anyone can be a potential target. Malware is also known as malicious software is often used by cybercriminals to achieve their goal by tracking internet activity, capturing sensitive information, or blocking computer access. Reverse engineering is one of the best ways to prevent and is a powerful tool to keep the fight against cyber attacks. Most people in the cyber world see it as a black hat—It is said as being used to steal data and intellectual property. But when it is in the hands of cybersecurity experts, reverse engineering dons the white hat of the hero. Looking at the program from the outside in –often by a third party that had no hand in writing the code. It allows those who practice it to understand how a given program or system works when no source code is available. Reverse engineering accomplishing several tasks related to cybersecurity: finding system vulnerabilities, researching malware &analyzing the complexity of restoring core software algorithms that can further protect against theft. It is hard to hack certain software.
Keywords: Malware, threat, vulnerablity, detection, reverse engineering, analysis.
Title: Malware analysis and detection using reverse Engineering
Author: B.Rashmitha, J. Alwina Beauty Angelin, E.R. Ramesh
International Journal of Computer Science and Information Technology Research
ISSN 2348-1196 (print), ISSN 2348-120X (online)
Vol. 10, Issue 2, Month: April 2022 - June 2022
Page: (1-4)
Published Date: 01-April-2022
Research Publish Journals
Available at website: www.researchpublish.com
You can download full research paper at given below link:
https://www.researchpublish.com/papers/malware-analysis-and-detection-using-reverse-engineering

- by Saugat Chetry
- •
- Data Mining, Computational Complexity, Active Learning, Fault Detection
- by Shaun Moon
- •
- Situation awareness, Infovis, Network Intrusion Detection & Prevention

The enormous increase in the use of the Internet in daily life has provided an opportunity for the intruder attempt to compromise the security principles of availability, confidentiality, and integrity. As a result, organizations are working to increase the level of security by using attack detection techniques such as Network Intrusion Detection System (NIDS), which monitors and analyzes network flow and attacks detection. There are a lot of researches proposed to develop the NIDS and depend on the dataset for the evaluation. Datasets allow evaluating the ability in detecting intrusion behavior. This paper introduces a detailed analysis of benchmark and recent datasets for NIDS. Specifically, we describe eight well-known datasets that include: KDD99, NSL-KDD, KYOTO 2006+, ISCX2012, UNSW-NB 15, CIDDS-001, CICIDS2017, and CSE-CIC-IDS2018. For each dataset, we provide a detailed analysis of its instances, features, classes, and the nature of the features. The main objective of this pa...

Fuelled to bring the Internet of Things concept to real life, the Internet Engineering Task Force is working
on 6LoWPAN, in which the standard allows a vast number of smart objects to be deployed in local wireless
sensor networks (WSNs) using the huge address space of IPv6 for data and information harvesting through
the Internet. From the security point of view, 6LoWPAN/WSN will be open to security threats from the local
network itself and the Internet. Cryptography techniques applied as the front line of defence or deterrent can
easily be broken because of the weak secure nature of LoWPAN devices and the wireless environment.
Compromised nodes could lead to insider attacks without being detected by any cryptography checking.
An intrusion detection system (IDS) is, primarily needed as a second line of defence to monitor the network
operations and raise an alarm in case of any anomaly. This paper analyses potential security threats
in 6LoWPAN and reviews the current countermeasures, in particular, the IDS-based solutions for countering
insider/internal threats. Additionally, it discovers three novel QoS-related security threats, namely rank
attack, local repair attack, and resource depleting attack, which are more seriously affecting the routing
protocol for low-power and lossy network, the routing protocol used to establish 6LoWPAN network
topology. A new two-layer IDS concept is introduced as a countermeasure method for securing the routing
protocol for low-power and lossy network-built network topology from the internal QoS attacks. Potential
research works are also presented to provide baseline reference to researchers in this field.

Researchers working on anomaly-based network intrusion detection immediately face a first, somewhat surprising problem: The lack of good, recent datasets that could be employed for evaluation of their methods. Datasets publicly available are usually obsolete in both anomaly types and background, legitimate Internet traffic. There are a number of causes for this unfortunate phenomena and we try to discuss them in the paper. There are two main goals of the paper: First, we would like to overview the current state of the art with respect to available datasets. The second goal is to encourage the research community and institutions that possess valuable datasets to increase efforts to make them available in some form, which would facilitate research on network anomaly detection. This would, hopefully, lead to a more secure global network.

- by Przemysław Bereziński and +1
- •
- Network Security, Network Intrusion Detection & Prevention, Malware Detection, Dataset

The distributed and open structure of cloud computing and services becomes an attractive target for potential cyber-attacks by intruders. IPS or intrusion prevention system is the next level of security technology with its capability to provide security at all system levels from the operating system to network data packets. It widely deploys to manipulate cloud security, with the latter providing additional prevention capabilities. This paper investigates into the inner workings of which cloud-based IPS brand is effective and efficient the most, and also to compare it with other cyber network security options. Considering the desired characteristics of an successful cloud-based IPS, Intel Security McAfee NSP offers the best products and unified defense architecture because it strongly supports the criteria and standard of an effectual cloud-based IPS which strengthen threat defense lifecycle through integration, automation and orchestration. With supporting the criteria, the product which the researchers promote is McAfee Server Security Suite Advanced for consistent and continuous protection across physical, virtual, and cloud deployments.

An intrusion is defined as a violation of the security policy of the system, and hence, intrusion detection mainly refers to the mechanisms that are developed to detect violations of system security policy. Recently, data mining techniques have gained importance in providing the valuable information which in turn can help to enhance the decision on identifying the intrusions (attacks). In this paper; we evaluate the performance of various rule based classifiers like: JRip, RIDOR, NNge and decision table using ensemble approach in order to build an efficient network intrusion detection system. We use KDDCup'99, intrusion detection benchmark dataset (which is a part of DARPA evaluation program) for our experimentation. It can be observed from the results that the proposed approach is accurate in detecting network intrusions, provides low false positive rate, simple, reliable and faster in building an efficient network intrusion system.

- by Herbert Bos
- •
- Engineering, Technology, Remote Sensing, Computer Networks

Intrusion Detection systems (IDS) are an essential element for Network Security Infrastructure and play an important role in detecting large number of attacks. Intrusion Prevention System (IPS) is a tool that is used to prevent spywares from getting intrusion into a system and one of the techniques used in IPS is Completely Automated Public Turning test to tell Computers and Human Apart (CAPTCHA). In order to detect illegal access of the web from the intruder, IDS, IPS can be implemented with the use of honeypot to track the IP address, location and country or region of the attacker in order to block the attacker from accessing the system. Different techniques have been adopted by different researchers using IDS, IPS and honeypot to protect their system against illegal attacks. As discovered in the existing systems CAPTCHA was not employed in IDS to detect spywares capable of breaking and having access to the system. To increase and maintain the security in a Network the combination of IDS with CAPTCHA, IPS and a dummy Honeypot can be employed. This work proposes a CAPTCHA –based Intrusion Detection Model with a redirector in order to identify the intelligent spywares that are capable of breaking CAPTCHA in IPS. Also using a dummy honeypot with circular hyperlinks so as to lewd the software that infiltrated the system in order to capture its IP address and other important information about the spywares such as the country or region it's coming from, web browser used and date and time of intrusion so as to block and prevent illegal access by intruders. This paper focuses on capturing the intelligent spywares capable to break through the new CAPTCHA trap IDS so as to gather information about it and necessary action can be taken against it. A security model was designed having having CAPTCHA IDS with a redirector, IPS and a honeypot cable of detecting intrusion by intelligent spyware With this model the network will be more secured against intrusion by spywares.

In this paper, a novel hybrid method is proposed for intrusion detection in computer networks using combination of misuse-based and anomaly-based detection models with the aim of performance improvement. In the proposed hybrid approach, a set of algorithms and models is employed. The selection of input features is performed using shuffled frog-leaping (SFL) algorithm. The misuse detection module is implemented using decision tree. The anomaly detection module is implemented using radial-basis function neural network (RBFNN) or support vector machine (SVM). The optimum training parameters of RBFNN are obtained using particle swarm optimization or genetic algorithms. The proposed method is evaluated by conducting experiments using the NSL-KDD intrusion dataset. The experimental results show the superior performance of the proposed method as compared to misuse-based and anomaly-based systems. In addition, the combination of decision tree and SVM can achieve detection rate (DR) of 97.4 percent using 10 selected input features by SFL algorithm. However, other hybrid systems tested on NSL-KDD achieved DR of 82.3 percent and 83.1 percent by using 33 and 14 selected features, respectively. The execution time of the proposed method is 28 times lower than other competitive simulated models in this paper, as well.

Abstract: - The rapid growth of computers transformed the way in which information and data was stored. With this new paradigm of data access, comes the threat of this information being exposed to unauthorized and unintended users. Many systems have been developed which scrutinize the data for a deviation from the normal behavior of a user or system, or search for a known signature within the data. These systems are termed as Intrusion Detection Systems (IDS). Intrusion Detection is the process of monitoring and identifying attempted unauthorized systems access or manipulation. Successful High Performance Computing (HPC) requires a combination of technical innovation as well as political and operational experience to balance out the many (sometimes contradictory) pressures encountered in this field. This is particularly true with respect to operational field. In this paper we try to summarize the various types of Intrusion detection systems available and explain some key points for each particular type of IDS available in the market today and also insight IDS on High Performance Computing (HPC) environment.
Keywords- High Performance Computing, HIDS, Hybrid IDS, Intrusion Detection System, Intrusion Prevention, NIDS.