CFP last date
20 January 2025
Reseach Article

Parameterized Analysis of Intrusion Detection and Prevention Systems and their Implications on Attack Alerts and Event Co-relation

by Shalvi Dave, Bhushan Trivedi, Jimit Mahadevia
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 65 - Number 9
Year of Publication: 2013
Authors: Shalvi Dave, Bhushan Trivedi, Jimit Mahadevia
10.5120/10954-5914

Shalvi Dave, Bhushan Trivedi, Jimit Mahadevia . Parameterized Analysis of Intrusion Detection and Prevention Systems and their Implications on Attack Alerts and Event Co-relation. International Journal of Computer Applications. 65, 9 ( March 2013), 30-36. DOI=10.5120/10954-5914

@article{ 10.5120/10954-5914,
author = { Shalvi Dave, Bhushan Trivedi, Jimit Mahadevia },
title = { Parameterized Analysis of Intrusion Detection and Prevention Systems and their Implications on Attack Alerts and Event Co-relation },
journal = { International Journal of Computer Applications },
issue_date = { March 2013 },
volume = { 65 },
number = { 9 },
month = { March },
year = { 2013 },
issn = { 0975-8887 },
pages = { 30-36 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume65/number9/10954-5914/ },
doi = { 10.5120/10954-5914 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:18:24.999822+05:30
%A Shalvi Dave
%A Bhushan Trivedi
%A Jimit Mahadevia
%T Parameterized Analysis of Intrusion Detection and Prevention Systems and their Implications on Attack Alerts and Event Co-relation
%J International Journal of Computer Applications
%@ 0975-8887
%V 65
%N 9
%P 30-36
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defence against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have continuously increased, attackers continuously find vulnerabilities at various levels, from the network itself to operating system and applications, exploit them to crack system and services. Network defence and network monitoring has become an essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Detection and Prevention System (IDPS) have additional features to secure computer networks. In this paper, we present a detailed study of how architecture of an IDPS plays a key role in its performance and the ability to co-relate known as well as unknown attacks. We categorize IDPS based on architecture as local or distributed. A detailed comparison is shown in this paper and finally we justify our proposed solution, which deploys agents at host-level locally to give better performance in terms of better attack co-relation and accurate detection and prevention.

References
  1. Usman Asghar Sandhu, Sajjad Haider, Salman Naseer, and Obaid Ullah Ateeb, A Study of the Novel Approaches Used in Intrusion, International Journal of Information and Education Technology, Vol. 1, No. 5, December 2011 Detection and Prevention Systems
  2. Cheng-Yuan Ho; Yuan-Cheng Lai; I-Wei Chen; Fu-Yu Wang; Wei-Hsuan Tai; , "Statistical analysis of false positives and false negatives from real traffic with intrusion detection/prevention systems," Communications Magazine, IEEE , vol. 50, no. 3, pp. 146-154, March 2012
  3. Sourour, M. ; Adel, B. ; Tarek, A. ;, "Security Implications of Network Address Translation on Intrusion Detection and Prevention Systems," IEEE International Conference on Network and Service Security, 2009. N2S '09. , vol. , no. , pp. 1-5, 24-26 June 2009
  4. P. G. Neumann and P. A. Porras. EMERALD: Event monitoring enabling responses to anomalous live disturbances. In NCSC '97: Proc. 20th NIST National Information Systems Security Conference, pages 353–365, 1997.
  5. Ken Deeter, Kapil Singh, Steve Wilson, Luca Filipozzi and Son Vuong, "APHIDS: A Mobile Agent-Based Programmable Hybrid Intrusion Detection System", Mobility Aware Technologies and Applications, Lecture Notes in Computer Science, Springer, 2004, Volume 3284/2004, 244-253, DOI: 10. 1007/978-3-540-30178-3_23
  6. Thomas Heyman, Bart De Win, Christophe Huygens, and Wouter Joosen, "Improving Intrusion Detection through Alert Verification", IEEE Transaction on Dependable and Secure Computing, 2004.
  7. Koller, R. ; Rangaswami, R. ; Marrero, J. ; Hernandez, I. ; Smith, G. ; Barsilai, M. ; Necula, S. ; Sadjadi, S. M. ; Tao Li; Merrill, K. ; , "Anatomy of a Real-Time Intrusion Prevention System," International Conference on Autonomic Computing, 2008. ICAC '08. , vol. , no. , pp. 151-160, 2-6 June 2008
  8. Ramana Rao Kompella, Sumeet Singh, and George Varghese, On Scalable Attack Detection in the Network, IEEE/ACM transactions on networking, vol. 15, no. 1, february 2007
  9. Konstantinos Xinidis, Ioannis Charitakis, Spiros Antonatos, Kostas G. Anagnostakis, and Evangelos P. Markatos, An Active Splitter Architecture for Intrusion Detection and Prevention, IEEE transactions on dependable and secure computing, vol. 3, no. 1, january-march 2006
  10. Uwe Aickelin, Jamie Twycross and Thomas Hesketh-Roberts, Rule Generalisation in Intrusion Detection Systems using SNORT, International Journal of Electronic Security and Digital Forensics (IJESDF), (1), pp 101-116, 2007
  11. Kai Hwang, Min Cai, Ying Chen, Min Qin, Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes, IEEE transactions on dependable and secure computing, vol. 4, no. 1, January-March 2007
  12. Sumit A. Khandelwal, Shoba. A. Ade, Amol A. Bhosle and Radha S. Shirbhate, A Simplified Approach to Identify Intrusion in Network with Anti Attacking Using . net Tool. , International Journal of Computer and Electrical Engineering, Vol. 3, No. 3, June 2011
  13. Khalid Alsubhi, Nizar Bouabdallah, Raouf Boutaba, Performance analysis in Intrusion Detection and Prevention Systems, Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management, IM 2011, Dublin, Ireland, May 2011,pages 369-376
  14. Ke Yun; Zhu Jian Mei; , "Research of Hybrid Intrusion Detection and Prevention System for IPv6 Network," 2011 International Conference on Internet Technology and Applications (iTAP), , vol. , no. , pp. 1-3, 16-18 Aug. 2011
Index Terms

Computer Science
Information Sciences

Keywords

Intrusion Prevention IDPS sensors/agents attack and event co-relation architecture information source relevance of attacks