An Intrusion Detection Technique Based on Discrete Binary Communication Channels

Enterprise networks are the main targets for hackers or intruders due to the fact that most financial transactions take place online and the networks also handle vast amounts of data and other resources (Satti & Garner, 2001). Handling transactions online is on the increase everyday because it makes life easier for both the customers as well as the enterprises offering services (Jou et al., 2000; Yau & Xinyu Zhang, 1999; Ko, 2003; Tront & Marchany, 2004). Enterprise networks also have lots of bandwidth, which is very attractive to hackers because they take advantage of that by using those networks as launching pads to attack others (Tront & Marchany, 2004; Janakiraman et al., 2003). It therefore becomes very difficult for the IDSs and IPSs at the receiving end to detect and prevent the attacks or hackers, since the packet header information will indicate legitimate senders. This is the main reason why most IPSs are easily bypassed by hackers (Tront & Marchany, 2004; Paulson, 2002; Weber, 1999). Intrusion prevention, which is a proactive technique, prevents the attacks from entering the network. Unfortunately, some of the attacks still bypass the intrusion prevention systems. Intrusion detection on the other hand, detects attacks only after they have entered the network. Although attacks are generally assumed to emanate from outside a given network, the most dangerous attacks actually emanate from the network itself. Those are really difficult to detect since most users of the network are assumed to be trusted people. The situation has necessitated drastic research work in the area of network security, especially in the development of intrusion detection and prevention systems intended to detect and prevent all possible attacks on a given network (Akujuobi & Ampah, 2007; Akujuobi et al., 2007a; Akujuobi et al., 2007b; Akujuobi et al., 2007c; Akujuobi & Ampah, 2009). These IDSs use either anomaly or signature-based detection techniques. Anomaly detection techniques detect both known and unknown attacks, but signature-based detection techniques detect only known attacks. The main approaches of anomaly detection techniques are statistical, predictive pattern generation, neural networks, and sequence matching and learning. The main approaches of signature-based detection techniques are expert systems, keystroke monitoring, model-based, state transition analysis, and pattern matching (Biermann et al., 2001). There is no existing IDS or IPS that can detect or prevent all intrusions. For example, configuring a firewall to be 100% foolproof compromises the very service provided by the

[1]  Ankit Fadia Network Security: A Hacker's Perspective, , 2006 .

[2]  Ke Ma,et al.  Design of Intrusion Detection System Based on Data Mining Algorithm , 2009, 2009 International Conference on Signal Processing Systems.

[3]  Vern Paxson,et al.  Work in Progress: Bro-LAN Pervasive Network Inspection and Control for LAN Traffic , 2006, 2006 Securecomm and Workshops.

[4]  Jizhou Sun,et al.  Honeypot and scan detection in intrusion detection system , 2004, Canadian Conference on Electrical and Computer Engineering 2004 (IEEE Cat. No.04CH37513).

[5]  Lorenzo Cavallaro,et al.  An Efficient Technique for Preventing Mimicry and Impossible Paths Execution Attacks , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[6]  Suraj C. Kothari,et al.  Eliminating SQL Injection Attacks - A Transparent Defense Mechanism , 2006, 2006 Eighth IEEE International Symposium on Web Site Evolution (WSE'06).

[7]  Stephan Olariu,et al.  A Weighted-Dissimilarity-Based Anomaly Detection Method for Mobile Wireless Networks , 2009, CSE.

[8]  S. Bose,et al.  An Intelligent Agent Based Approach for Intrusion Detection and Prevention in Adhoc Networks , 2007, 2007 International Conference on Signal Processing, Communications and Networking.

[9]  Barry E. Mullins,et al.  Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion , 2006, IEEE Security & Privacy.

[10]  W. Weber Firewall basics , 1999, 4th International Conference on Telecommunications in Modern Satellite, Cable and Broadcasting Services. TELSIKS'99 (Cat. No.99EX365).

[11]  T. Magedanz,et al.  Protecting IP Multimedia Subsystem (IMS) Service Delivery Platform from Time Independent Attacks , 2007 .

[12]  James Cannady Distributed Detection of Attacks in Mobile Ad Hoc Networks Using Learning Vector Quantization , 2009, 2009 Third International Conference on Network and System Security.

[13]  C. M. Akujuobi,et al.  Enterprise network intrusion detection and prevention system (ENIDPS) , 2007, SPIE Defense + Commercial Sensing.

[14]  Malcolm I. Heywood,et al.  On dataset biases in a learning system with minimum a priori information for intrusion detection , 2004, Proceedings. Second Annual Conference on Communication Networks and Services Research, 2004..

[15]  Hamid Haj Seyyed Javadi,et al.  Design an Efficient System for Intrusion Detection via Evolutionary Fuzzy System , 2009, 2009 11th International Conference on Computer Modelling and Simulation.

[16]  Linda Dailey Paulson Stopping Intruders Outside the Gates , 2002, Computer.

[17]  Miguel Eduardo Torres Moreno,et al.  Laocoonte: An agent based Intrusion Detection System , 2009, 2009 International Symposium on Collaborative Technologies and Systems.

[18]  Karl N. Levitt,et al.  System health and intrusion monitoring (SHIM): project summary , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[19]  Allan Leinwand,et al.  Network Management: A Practical Perspective , 1993 .

[20]  Joseph G. Tront,et al.  Internet Security: Intrusion Detection and Prevention in Mobile Systems , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[21]  M. J. Paulik,et al.  A discrete wavelet model for target recognition , 1996, Proceedings of the 39th Midwest Symposium on Circuits and Systems.

[22]  Matthew N. O. Sadiku,et al.  An Intrusion Detection Technique Based on Change in Hurst Parameter with Application to Network Security , 2007 .

[23]  K.B. Bignell Authentication in an Internet Banking Environment; Towards Developing a Strategy for Fraud Detection , 2006, International Conference on Internet Surveillance and Protection (ICISP’06).

[24]  Taghi M. Khoshgoftaar,et al.  Resource-sensitive intrusion detection models for network traffic , 2004, Eighth IEEE International Symposium on High Assurance Systems Engineering, 2004. Proceedings..

[25]  M.N.O. Sadiku,et al.  Application of Signal Detection and Estimation Theory to Network Security , 2007, 2007 IEEE International Symposium on Consumer Electronics.

[26]  Svein J. Knapskog,et al.  Attribute Normalization in Network Intrusion Detection , 2009, 2009 10th International Symposium on Pervasive Systems, Algorithms, and Networks.

[27]  N.C. Rowe,et al.  A Methodology for Evaluation of Host-Based Intrusion Prevention Systems and Its Application , 2006, 2006 IEEE Information Assurance Workshop.

[28]  Fernando C. Colón Osorio Using Byzantine Agreement in the Design Of IPS Systems , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[29]  Dan Zhu,et al.  Research on SVM Based Network Intrusion Detection Classification , 2009, 2009 Sixth International Conference on Fuzzy Systems and Knowledge Discovery.

[30]  Lucas M. Venter,et al.  A comparison of Intrusion Detection systems , 2001, Comput. Secur..

[31]  M. M. Satti,et al.  Information security on Internet enterprise managed intrusion detection system (EMIDS) , 2001, Proceedings. IEEE International Multi Topic Conference, 2001. IEEE INMIC 2001. Technology for the 21st Century..

[32]  Ali A. Ghorbani,et al.  Toward a feature classification scheme for network intrusion detection , 2006, 4th Annual Communication Networks and Services Research Conference (CNSR'06).

[33]  Shi-Ru Zhou,et al.  Community intrusion detection system based on wavelet neural network , 2009, 2009 International Conference on Machine Learning and Cybernetics.

[34]  R.J. Enbody,et al.  Arbitrary Copy: Bypassing Buffer-Overflow Protections , 2006, 2006 IEEE International Conference on Electro/Information Technology.

[35]  Qi Zhang,et al.  Indra: a peer-to-peer approach to network intrusion detection and prevention , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[36]  Radu State,et al.  VoIP Honeypot Architecture , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[37]  Liu Yun,et al.  A Pattern matching based Network Intrusion Detection System , 2006, 2006 9th International Conference on Control, Automation, Robotics and Vision.

[38]  G.S.V.R.K. Rao,et al.  A Hybrid Approach to Intrusion Detection and Prevention for Business Intelligence Applications , 2006, 2006 International Symposium on Communications and Information Technologies.

[39]  Kui Zhang,et al.  A Danger Model Based Anomaly Detection Method for Wireless Sensor Networks , 2009, 2009 Second International Symposium on Knowledge Acquisition and Modeling.

[40]  Feiyi Wang,et al.  Design and implementation of a scalable intrusion detection system for the protection of network infrastructure , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[41]  Alexander Krizhanovsky,et al.  An Approach for Adaptive Intrusion Prevention Based on The Danger , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[42]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[43]  Prabir Bhattacharya,et al.  A Cooperative Approach for Analyzing Intrusions in Mobile Ad hoc Networks , 2007, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07).

[44]  L. Vokorokos,et al.  Network Security on the Intrusion Detection System Level , 2006, 2006 International Conference on Intelligent Engineering Systems.

[45]  Dong Zhang,et al.  Study on Joint Prevention Technique of Information Security in SAN , 2006, 2006 International Conference on Machine Learning and Cybernetics.

[46]  Pablo García Bringas Intensive Use of Bayesian Belief Networks for the Unified, Flexible and Adaptable Analysis of Misuses and Anomalies in Network Intrusion Detection and Prevention Systems , 2007, 18th International Workshop on Database and Expert Systems Applications (DEXA 2007).

[47]  Luca Spalazzi,et al.  IRSS: Incident Response Support System , 2006, International Symposium on Collaborative Technologies and Systems (CTS'06).

[48]  Aikaterini Mitrokotsa,et al.  Intrusion Detection with Neural Networks and Watermarking Techniques for MANET , 2007, IEEE International Conference on Pervasive Services.

[49]  Zhaoyu Liu,et al.  A Dynamic Countermeasure Method for Large-Scale Network Attacks , 2006, 2006 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing.

[50]  Yang Xiao,et al.  Detection of Fraudulent Usage in Wireless Networks , 2007, IEEE Transactions on Vehicular Technology.

[51]  Evangelos P. Markatos,et al.  An active splitter architecture for intrusion detection and prevention , 2006, IEEE Transactions on Dependable and Secure Computing.

[52]  Cajetan M. Akujuobi,et al.  Modeling Intrusion Detection with Self Similar Traffic in Enterprise Networks , 2009 .

[53]  Jing Zhao,et al.  Applications of HMM in Protocol Anomaly Detection , 2009, 2009 International Joint Conference on Computational Sciences and Optimization.

[54]  Richard A. Wasniowski,et al.  Data Fusion Support for Intrusion Detection and Prevention , 2007, Fourth International Conference on Information Technology (ITNG'07).

[55]  M.N.O. Sadiku,et al.  Application of Wavelets and Self-similarity to Enterprise Network Intrusion Detection and Prevention Systems , 2007, 2007 IEEE International Symposium on Consumer Electronics.

[56]  Benoit M. Macq,et al.  Multiresolution lossless compression scheme , 1996, Proceedings of 3rd IEEE International Conference on Image Processing.

[57]  M.F. Zafar,et al.  A Proposed Preventive Information Security System , 2007, 2007 International Conference on Electrical Engineering.

[58]  Rodger E. Ziemer,et al.  Principles of communications : systems, modulation, and noise , 1985 .

[59]  S. Ventura,et al.  SIP intrusion detection and prevention: recommendations and prototype implementation , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[60]  R.J. Enbody,et al.  Buffer-Overflow Protection: The Theory , 2006, 2006 IEEE International Conference on Electro/Information Technology.

[61]  Ihn-Han Bae,et al.  A Weighted-Dissimilarity-Based Anomaly Detection Method for Mobile Wireless Networks , 2009, 2009 International Conference on Computational Science and Engineering.

[62]  Stephen S. Yau,et al.  Computer network intrusion detection, assessment and prevention based on security dependency relation , 1999, Proceedings. Twenty-Third Annual International Computer Software and Applications Conference (Cat. No.99CB37032).

[63]  G.A. Jacoby,et al.  Monitoring Mobile Device Vitals for Effective Reporting (ER) , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[64]  Y. Weinsberg,et al.  High performance string matching algorithm for a network intrusion prevention system (NIPS) , 2006, 2006 Workshop on High Performance Switching and Routing.