A Hybrid Model for Network Security Systems: Integrating Intrusion Detection System with Survivability

Computer networks are now necessities of modern organisations and network security has become a major concern for them. In this paper we have proposed a holistic approach to network security with a hybrid model that includes an Intrusion Detection System (IDS) to detect network attacks and a survivability model to assess the impacts of undetected attacks. A neural network-based IDS has been proposed, where the learning mechanism for the neural network is evolved using genetic algorithm. Then the case where an attack evades the IDS and takes the system into a compromised state is discussed. We propose a stochastic model which enables us to do a cost/benefit analysis for systems security. This integrated approach allows systems managers to make more informed decisions regarding both intrusion detection and system protection.

[1]  Andrew Blyth,et al.  Cost effective management frameworks: the impact of IDS deployment technique on threat mitigation , 2004, Inf. Softw. Technol..

[2]  Salvatore J. Stolfo,et al.  A Multiple Model Cost-Sensitive Approach for Intrusion Detection , 2000, ECML.

[3]  Tung Bui,et al.  Cost-effectiveness modeling for a decision support system in computer security , 1987, Comput. Secur..

[4]  Fred Cohen A Mathematical Structure of Simple Defensive Network Deception , 2000, Comput. Secur..

[5]  David J. Chalmers,et al.  The Evolution of Learning: An Experiment in Genetic Connectionism , 1991 .

[6]  Jeannette M. Wing Survivability analysis of networked systems , 2000, FORTE.

[7]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[8]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[9]  John McHugh,et al.  Survivable Network Analysis Method , 2000 .

[10]  Xiaoning Zhang,et al.  Data Mining for Network Intrusion Detection: A Comparison of Alternative Methods , 2001, Decis. Sci..

[11]  John R. Koza,et al.  Genetic programming - on the programming of computers by means of natural selection , 1993, Complex adaptive systems.

[12]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[13]  Somesh Jha,et al.  Survivability analysis of networked systems , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[14]  Nancy R. Mead,et al.  Case Study in Survivable Network System Analysis , 1998, ArXiv.

[15]  A.M. Cansian,et al.  Neural networks applied in intrusion detection systems , 1998, 1998 IEEE International Joint Conference on Neural Networks Proceedings. IEEE World Congress on Computational Intelligence (Cat. No.98CH36227).

[16]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[17]  Suresh L. Konda,et al.  A Simulation Model for Managing Survivability of Networked Information Systems , 2000 .

[18]  M. Gordeev Intrusion Detection: Techniques and Approaches , 2003 .

[19]  E. Sandstrom,et al.  Cyber security , 2005, International Symposium CIGRE/IEEE PES, 2005..

[20]  S. V. Raghavan,et al.  Intrusion detection through learning behavior model , 2001, Comput. Commun..

[21]  Ramesh Sharda,et al.  Bankruptcy prediction using neural networks , 1994, Decis. Support Syst..

[22]  Edward Amoroso,et al.  Cyber Security , 2006 .

[23]  David E. Goldberg,et al.  Genetic Algorithms in Search Optimization and Machine Learning , 1988 .

[24]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[25]  Fred Cohen,et al.  Information system attacks: A preliminary classification scheme , 1997, Comput. Secur..

[26]  David A. Fisher,et al.  Emergent algorithms-a new method for enhancing survivability in unbounded systems , 1999, Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers.

[27]  D. E. Goldberg,et al.  Genetic Algorithms in Search , 1989 .

[28]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[29]  John C. Knight,et al.  Towards Survivable Intrusion Detection , 2000 .

[30]  Suresh L. Konda,et al.  An empirical investigation of network attacks on computer systems , 2004, Comput. Secur..

[31]  John H. Holland,et al.  Adaptation in Natural and Artificial Systems: An Introductory Analysis with Applications to Biology, Control, and Artificial Intelligence , 1992 .