INTRUSION PREVENTION SYSTEM: A SURVEY

For the last few years, the Internet has experience d tremendous growth. Along with the widespread evolution of new emerging services, the quantity and impact of attac ks have been continuously increasing. Defence syste m and network monitoring has become an essential component of computer security to predict and prevent attacks. Thi s article presents a survey, open issues on early detection, and response toward prevention network intrusion. R oadmap of intrusion prevention of current approach is also pr esented. Furthermore, relevant issues and challenge s in this field are subsequently discussed and illustrated. This resea rch is expected to obtain learning phase. Finally, this work concludes with an analysis of the challenges that still remai n to be resolved.

[1]  Ying Chen,et al.  Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[2]  Ali A. Ghorbani,et al.  Network Intrusion Detection and Prevention - Concepts and Techniques , 2010, Advances in Information Security.

[3]  Wahyu Kusuma,et al.  Journal of Theoretical and Applied Information Technology , 2012 .

[4]  Deris Stiawan,et al.  Classification of habitual activities in behavior-based network detection , 2010 .

[5]  Paul C. van Oorschot,et al.  Improving Security Visualization with Exposure Map Filtering , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[6]  Abdul Hanan Abdullah,et al.  The Prevention Threat of Behavior-based Signature using Pitcher Flow Architecture , 2010 .

[7]  A. Salah,et al.  Surviving cyber warfare with a hybrid multiagent-base intrusion prevention system , 2010, IEEE Potentials.

[8]  Jun Li,et al.  Early statistical anomaly intrusion detection of DOS attacks using MIB traffic parameters , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[9]  Deris Stiawan,et al.  The trends of Intrusion Prevention System network , 2010, 2010 2nd International Conference on Education Technology and Computer.

[10]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[11]  Wenbin Zheng,et al.  Intrusion prevention system design , 2004, The Fourth International Conference onComputer and Information Technology, 2004. CIT '04..

[12]  Maria Papadaki,et al.  An investigation and survey of response options for Intrusion Response Systems (IRSs) , 2010, 2010 Information Security for South Africa.

[13]  Xuedou Yu A new model of intelligent hybrid network intrusion detection system , 2010, 2010 International Conference on Bioinformatics and Biomedical Technology.

[14]  Yan Gao,et al.  IDGraphs: intrusion detection and analysis using stream compositing , 2006, IEEE Computer Graphics and Applications.

[15]  Donald F. Towsley,et al.  The monitoring and early detection of Internet worms , 2005, IEEE/ACM Transactions on Networking.

[16]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[17]  Reiner W. Hartenstein,et al.  Field Programmable Logic and Applications , 1999, Lecture Notes in Computer Science.

[18]  Haifeng Liu,et al.  Analysis of Response Factors in Intrusion Response Decision-Making , 2010, 2010 Third International Joint Conference on Computational Science and Optimization.

[19]  Jianhua Li,et al.  Building network attack graph for alert causal correlation , 2008, Comput. Secur..

[20]  Edward Ray,et al.  The future of intrusion prevention , 2007 .

[21]  Sushil Jajodia,et al.  Multiple coordinated views for network attack graphs , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[22]  Tiecheng Song,et al.  A High-Performance URL Lookup Engine for URL Filtering Systems , 2010, 2010 IEEE International Conference on Communications.

[23]  Alok N. Choudhary,et al.  Real-time feature extraction for high speed networks , 2005, International Conference on Field Programmable Logic and Applications, 2005..

[24]  Robert A. Martin Managing Vulnerabilities in Networked Systems , 2001, Computer.

[25]  Gunter Ollmann IPS: Intrusion Prevention Systems (IPS) destined to replace legacy routers , 2003 .

[26]  Won Suk Lee,et al.  An anomaly intrusion detection method by clustering normal user behavior , 2003, Comput. Secur..

[27]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[28]  Andreas Fuchsberger,et al.  Intrusion Detection Systems and Intrusion Prevention Systems , 2005, Inf. Secur. Tech. Rep..

[29]  Sushil Jajodia,et al.  Advances in Topological Vulnerability Analysis , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[30]  Huang,et al.  Study of Intrusion Detection Systems , 2012 .

[31]  K. Vimal Kumar Securing communication using function extraction technology for malicious code behavior analysis , 2009, Comput. Secur..

[32]  Avishai Wool,et al.  The use and usability of direction-based filtering in firewalls , 2004, Comput. Secur..

[33]  Khaled Salah,et al.  Performance evaluation comparison of Snort NIDS under Linux and Windows Server , 2010, J. Netw. Comput. Appl..

[34]  Risto Vaarandi,et al.  A data clustering algorithm for mining patterns from event logs , 2003, Proceedings of the 3rd IEEE Workshop on IP Operations & Management (IPOM 2003) (IEEE Cat. No.03EX764).

[35]  Hu Zhengbing,et al.  Study of Intrusion Detection Systems (IDSs) in Network Security , 2008, 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing.

[36]  Urjita Thakar,et al.  HoneyAnalyzer – Analysis and Extraction of Intrusion Detection Patterns & Signatures Using Honeypot , 2005 .

[37]  Hassan Artail,et al.  A hybrid honeypot framework for improving intrusion detection systems in protecting organizational networks , 2006, Comput. Secur..

[38]  Joachim Biskup,et al.  Towards Early Warning Systems - Challenges, Technologies and Architecture , 2009, CRITIS.

[39]  Barry E. Mullins,et al.  Alert Verification Evasion Through Server Response Forging , 2007, RAID.

[40]  Meharouech Sourour,et al.  Adaptive IDS Alerts Correlation according to the traffic type and the attacks properties , 2009, 2009 IEEE International Advance Computing Conference.

[41]  Deris Stiawan,et al.  Survey on Heterogeneous Data for Recognizing Threat , 2011 .

[42]  Andrew Blyth,et al.  A Unified Approach to Network Traffic and Network Security Visualisation , 2009, 2009 IEEE International Conference on Communications.

[43]  Qi Zhang,et al.  Indra: A Distributed Approach to Network Intrusion Detection and Prevention , 2001 .

[44]  A. Halim Zaim,et al.  A hybrid intrusion detection system design for computer network security , 2009, Comput. Electr. Eng..

[45]  E. Eugene Schultz Intrusion prevention , 2004, Comput. Secur..

[46]  Lei Li,et al.  A novel signature searching for Intrusion Detection System using data mining , 2009, 2009 International Conference on Machine Learning and Cybernetics.

[47]  Jan H. P. Eloff,et al.  A taxonomy for information security technologies , 2003, Comput. Secur..

[48]  Wan Li,et al.  An ontology-based intrusion alerts correlation system , 2010, Expert Syst. Appl..

[49]  Huwaida Tagelsir Elshoush,et al.  Alert correlation in collaborative intelligent intrusion detection systems - A survey , 2011, Appl. Soft Comput..

[50]  Liang Hu,et al.  The Design and Implementation of Trusted Communication Protocol for Intrustion Prevention System , 2011 .

[51]  Sean W. Smith,et al.  Nymble: Blocking Misbehaving Users in Anonymizing Networks , 2011, IEEE Transactions on Dependable and Secure Computing.

[52]  Ehab Al-Shaer,et al.  Alert prioritization in Intrusion Detection Systems , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[53]  Bo Yan,et al.  An Intrusion Detection Approach Based on System Call Sequences and Rules Extraction , 2010, 2010 2nd International Conference on E-business and Information System Security.

[54]  Ram Dantu,et al.  Network risk management using attacker profiling , 2009, Secur. Commun. Networks.

[55]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[56]  Anoop Singhal Data Warehousing and Data Mining Techniques for Cyber Security , 2006, Advances in Information Security.

[57]  John A. Clark,et al.  Intrusion Detection: Towards scalable intrusion detection , 2009 .

[58]  Marc Dacier,et al.  Towards a taxonomy of intrusion-detection systems , 1999, Comput. Networks.

[59]  A. Piskozub,et al.  Real-Time Intrusion Prevention and Anomaly Analyze System for Corporate Networks , 2007, 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[60]  Y. Weinsberg,et al.  High performance string matching algorithm for a network intrusion prevention system (NIPS) , 2006, 2006 Workshop on High Performance Switching and Routing.

[61]  Te-Shun Chou,et al.  Hybrid Classifier Systems for Intrusion Detection , 2009, 2009 Seventh Annual Communication Networks and Services Research Conference.

[62]  Andy Johnston,et al.  Network intrusion investigation - Preparation and challenges , 2006, Digit. Investig..

[63]  V.V. Phoha,et al.  Dimension reduction using feature extraction methods for real-time misuse detection systems , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[64]  Andrew J. Clark,et al.  Data preprocessing for anomaly based network intrusion detection: A review , 2011, Comput. Secur..

[65]  Seppo Puuronen,et al.  HIDSUR: a hybrid intrusion detection system based on real-time user recognition , 2000, Proceedings 11th International Workshop on Database and Expert Systems Applications.