Network defense: Approaches, methods and techniques

To defend a network from intrusion is a generic problem of all time. It is important to develop a defense mechanism to secure the network from anomalous activities. This paper presents a comprehensive survey of methods and systems introduced by researchers in the past two decades to protect network resources from intrusion. A detailed pros and cons analysis of these methods and systems is also reported in this paper. Further, this paper also provides a list of issues and research challenges in this evolving field of research. We believe that this knowledge will help to create a defense system.

[1]  Wenbin Zheng,et al.  Intrusion prevention system design , 2004 .

[2]  Andrew H. Sung,et al.  Feature Selection for Intrusion Detection with Neural Networks and Support Vector Machines , 2003 .

[3]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[4]  Dhruba K. Bhattacharyya,et al.  Network Anomaly Detection: A Machine Learning Perspective , 2013 .

[5]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[6]  Chao Lan,et al.  Anomaly Detection , 2018, Encyclopedia of GIS.

[7]  Siegfried Gottwald,et al.  Fuzzy Sets and Fuzzy Logic , 1993 .

[8]  V Jyothsna,et al.  A Review of Anomaly based Intrusion Detection Systems , 2011 .

[9]  Robert S. Boyer,et al.  A fast string searching algorithm , 1977, CACM.

[10]  Jugal K. Kalita,et al.  Network attacks: Taxonomy, tools and systems , 2014, J. Netw. Comput. Appl..

[11]  Anja Feldmann,et al.  Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection , 2006, USENIX Security Symposium.

[12]  Hervé Debar,et al.  Processing intrusion detection alert aggregates with time series modeling , 2009, Inf. Fusion.

[13]  Jugal K. Kalita,et al.  A Survey of Outlier Detection Methods in Network Anomaly Identification , 2011, Comput. J..

[14]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[15]  Nong Ye,et al.  A Markov Chain Model of Temporal Behavior for Anomaly Detection , 2000 .

[16]  Philip K. Chan,et al.  Detecting novel attacks by identifying anomalous network packet headers , 2001 .

[17]  Wei-Yang Lin,et al.  Intrusion detection by machine learning: A review , 2009, Expert Syst. Appl..

[18]  Jitendra Singh Rathore Survey on Intrusion Detection and Prevention System and Proposed Cost Effective Solution Using Software Agent , 2012 .

[19]  Richard A. Kemmerer,et al.  State Transition Analysis: A Rule-Based Intrusion Detection Approach , 1995, IEEE Trans. Software Eng..

[20]  Yiguo Qiao,et al.  Anomaly intrusion detection method based on HMM , 2002 .

[21]  Jingtao Yao,et al.  A study on fuzzy intrusion detection , 2005, SPIE Defense + Commercial Sensing.

[22]  A Saritha,et al.  A system for detecting network intruders in real-time , 2016 .

[23]  C. K. Un,et al.  Performance of dynamic rate leaky bucket algorithm , 1993 .

[24]  L. F. Wilson,et al.  Analysis of distributed intrusion detection systems using Bayesian methods , 2002, Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference (Cat. No.02CH37326).

[25]  Ferenc Szidarovszky,et al.  A game theory based risk and impact analysis method for Intrusion Defense Systems , 2009, 2009 IEEE/ACS International Conference on Computer Systems and Applications.

[26]  Salman Naseer,et al.  A Survey of Intrusion Detection & Prevention Techniques , 2011 .

[27]  Martin T. Hagan,et al.  Neural network design , 1995 .

[28]  Vineet Richhariya,et al.  Survey of Current Network Intrusion Detection Techniques , 2013 .

[29]  Azzedine Boukerche,et al.  Neural Fraud Detection in Mobile Phone Operations , 2000, IPDPS Workshops.

[30]  Giovanni Vigna,et al.  NetSTAT: a network-based intrusion detection approach , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[31]  Richard A. Kemmerer,et al.  Penetration state transition analysis: A rule-based intrusion detection approach , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.

[32]  Luigi V. Mancini,et al.  A Host Intrusion Prevention System for Windows Operating Systems , 2004, ESORICS.

[33]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[34]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[35]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[36]  Phillip A. Porras,et al.  STAT -- A State Transition Analysis Tool For Intrusion Detection , 1993 .

[37]  Monika Darji,et al.  Survey of Intrusion Detection and Prevention System in MANETs based on Data Gathering Techniques , 2012 .

[38]  Douglas G. Conorich Monitoring Intrusion Detection Systems: From Data to Knowledge , 2004, Inf. Secur. J. A Glob. Perspect..

[39]  Sebastian Klüft,et al.  Alarm management for intrusion detection systems - Prioritizing and presenting alarms from intrusion detection systems , 2012 .

[40]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[41]  Wei Du,et al.  A Multi-Agent-Based Distributed Intrusion Detection System , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[42]  Ali A. Ghorbani,et al.  Research on Intrusion Detection and Response: A Survey , 2005, Int. J. Netw. Secur..

[43]  Sugata Sanyal,et al.  Adaptive neuro-fuzzy intrusion detection systems , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[44]  Markus Leitner,et al.  Fault Management based on peer-to-peer paradigms; A case study report from the CELTIC project Madeira , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[45]  George J. Klir,et al.  Fuzzy sets and fuzzy logic , 1995 .

[46]  A. Murali,et al.  A Survey on Intrusion Detection Approaches , 2005, 2005 International Conference on Information and Communication Technologies.

[47]  Anup K. Ghosh,et al.  A Study in Using Neural Networks for Anomaly and Misuse Detection , 1999, USENIX Security Symposium.

[48]  Alfonso Valdes,et al.  Next-generation Intrusion Detection Expert System (NIDES)A Summary , 1997 .

[49]  Christopher Leckie,et al.  A survey of coordinated attacks and collaborative intrusion detection , 2010, Comput. Secur..

[50]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[51]  Giovanni Vigna,et al.  STATL: An Attack Language for State-Based Intrusion Detection , 2002, J. Comput. Secur..

[52]  Ali Moeini,et al.  NFIDS: a neuro-fuzzy intrusion detection system , 2003, 10th IEEE International Conference on Electronics, Circuits and Systems, 2003. ICECS 2003. Proceedings of the 2003.

[53]  A. Abraham,et al.  Intrusion Detection Systems Using Decision Trees and Support Vector Machines , 2004 .

[54]  Douglas S. Reeves,et al.  Sleepy Watermark Tracing: An Active Network-Based Intrusion Response Framework , 2001, SEC.

[55]  Donald E. Knuth,et al.  Fast Pattern Matching in Strings , 1977, SIAM J. Comput..

[56]  Giovanni Vigna,et al.  Testing network-based intrusion detection signatures using mutant exploits , 2004, CCS '04.

[57]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[58]  tionChristopher Kruegel,et al.  Using de ision treesto improve signature-based intrusion dete , 2003 .

[59]  Yuebin Bai,et al.  Intrusion Detection Systems: technology and development , 2003, 17th International Conference on Advanced Information Networking and Applications, 2003. AINA 2003..

[60]  Gordon A. Manson,et al.  Networks security measures using neuro-fuzzy agents , 2003, Inf. Manag. Comput. Secur..

[61]  Yuxin Ding,et al.  Host-based intrusion detection using dynamic and static behavioral models , 2003, Pattern Recognit..

[62]  Klaus Julisch,et al.  Clustering intrusion detection alarms to support root cause analysis , 2003, TSEC.

[63]  Ahmed Patel,et al.  An intrusion detection and prevention system in cloud computing: A systematic review , 2013, J. Netw. Comput. Appl..

[64]  Peter G. Neumann,et al.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances , 1997, CCS 2002.

[65]  Christopher Krügel,et al.  Using Decision Trees to Improve Signature-Based Intrusion Detection , 2003, RAID.

[66]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[67]  Wanlei Zhou,et al.  Trace IP packets by flexible deterministic packet marking (FDPM) , 2004, 2004 IEEE International Workshop on IP Operations and Management.

[68]  Johnny S. Wong,et al.  A taxonomy of intrusion response systems , 2007, Int. J. Inf. Comput. Secur..

[69]  Ahmed Patel,et al.  A survey of intrusion detection and prevention systems , 2010, Inf. Manag. Comput. Secur..

[70]  Salvatore J. Stolfo,et al.  FLIPS: Hybrid Adaptive Intrusion Prevention , 2005, RAID.

[71]  Sushil Jajodia,et al.  Abstraction-based misuse detection: high-level specifications and adaptable strategies , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[72]  Y. Weinsberg,et al.  High performance string matching algorithm for a network intrusion prevention system (NIPS) , 2006, 2006 Workshop on High Performance Switching and Routing.

[73]  Jugal K. Kalita,et al.  Surveying Port Scans and Their Detection Methodologies , 2011, Comput. J..

[74]  Yves Deswarte,et al.  Intrusion tolerance in distributed computing systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[75]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[76]  Sailesh Kumar,et al.  Survey of Current Network Intrusion Detection Techniques , 2007 .

[77]  Claudia Eckert,et al.  A Comparative Study of Real-Valued Negative Selection to Statistical Anomaly Detection Techniques , 2005, ICARIS.

[78]  Tadeusz Pietraszek,et al.  Data mining and machine learning - Towards reducing false positives in intrusion detection , 2005, Inf. Secur. Tech. Rep..

[79]  Jugal K. Kalita,et al.  Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions , 2014, Comput. J..

[80]  Vipin Kumar,et al.  Chapter 3 MINDS-Minnesota Intrusion Detection System , .

[81]  Richard A. Kemmerer,et al.  NSTAT: A Model-based Real-time Network Intrusion Detection System , 1998 .