Moving towards an adaptive enterprise intrusion detection and prevention system

In this paper, we describe our plans to create a smarter network defense system through the collection and analysis of network signatures generated by real security threats. To meet this goal, we plan to create software agents interconnected to a central behavior analysis database service where each software agent records attack meta-information collected during previous intrusion attempts. The central database warehouses and analyzes the meta-information collected by the interconnected agents. The agents can then utilize both instantaneous and historical data by integrating rules derived from the data collection and analysis process into intrusion prevention policies. The result is a modular and scalable network defense system that should be more responsive and adaptable to imminent threats.

[1]  Emin Anarim,et al.  An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks , 2005, Expert Syst. Appl..

[2]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[3]  R. Saravanan,et al.  INTELLIGENT INTRUSION DETECTION SYSTEM FRAMEWORK USING MOBILE AGENTS , 2009 .

[4]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[5]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[6]  Ralph Kimball,et al.  The Data Warehouse Lifecycle Toolkit , 2009 .

[7]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[8]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[9]  C. Lucas,et al.  Intrusion detection using a fuzzy genetics-based learning algorithm , 2007, J. Netw. Comput. Appl..

[10]  Gregory Piatetsky-Shapiro,et al.  Advances in Knowledge Discovery and Data Mining , 2004, Lecture Notes in Computer Science.

[11]  Ajith Abraham,et al.  Modeling intrusion detection system using hybrid intelligent systems , 2007, J. Netw. Comput. Appl..

[12]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .