International Journal of Computer Applications |
Foundation of Computer Science (FCS), NY, USA |
Volume 65 - Number 9 |
Year of Publication: 2013 |
Authors: Shalvi Dave, Bhushan Trivedi, Jimit Mahadevia |
10.5120/10954-5914 |
Shalvi Dave, Bhushan Trivedi, Jimit Mahadevia . Parameterized Analysis of Intrusion Detection and Prevention Systems and their Implications on Attack Alerts and Event Co-relation. International Journal of Computer Applications. 65, 9 ( March 2013), 30-36. DOI=10.5120/10954-5914
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks. In this paper, we present a detailed study of how architecture of an IDPS plays a key role in its performance and the ability to co-relate known as well as unknown attacks. We categorize IDPS based on architecture as local or distributed. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level locally to give better performance in terms of better attack co-relation and accurate detection and prevention.