The Prevention Threat of Behavior-based Signature using Pitcher Flow Architecture

In recent years, Intrusion Prevention System (IPS) has been widely implemented to prevent suspicious threats. Unlike the traditional Intrusion Detection System, IPS has additional features to secure the computer network system. IPS is an access control device with a prevention function, which enforces a network security policy, is a helpful device that allows for more granular blocking action. In this paper, we propose a new prediction and prevention method with behavior-based detection, this method is called pitcher flow. We describes the habitual activity of the performance an overall network with a new algorithm for identifying and recognizing the normal behavior of user activities in the internal network. First, we define behavior activity by duration of activity conducted and active connection. Second, we categorize packets into class/type, identifying parameters by classifying the packets. Finally, we use the pitcher flow mechanism to identify and recognize suspicious threats. This paper also describes an algorithm for the complexity of the suspicious response.

[1]  Jun Murai,et al.  Behavior rule based intrusion detection , 2009, Co-Next Student Workshop '09.

[2]  Yuan-Cheng Lai,et al.  Extracting Attack Sessions from Real Traffic with Intrusion Prevention Systems , 2009, 2009 IEEE International Conference on Communications.

[3]  Young U. Ryu,et al.  Self-efficacy in information security: Its influence on end users' information security practice behavior , 2009, Comput. Secur..

[4]  A. Piskozub,et al.  Real-Time Intrusion Prevention and Anomaly Analyze System for Corporate Networks , 2007, 2007 4th IEEE Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[5]  Rubo Zhang,et al.  A new intrusion detection method based on behavioral model , 2004, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788).

[6]  Michalis Faloutsos,et al.  BLINC: multilevel traffic classification in the dark , 2005, SIGCOMM '05.

[7]  Matthew V. Mahoney,et al.  Network traffic anomaly detection based on packet bytes , 2003, SAC '03.