Search results

Intrusions exploit vulnerabilities and introduce external disturbances into information systems to compromise security attributes of information systems such as availability, integrity, and confidentiality. Intrusions into information systems cause faults of software and hardware components in information systems, which then lead to errors and failures of system performance. Intrusion tolerance requires information systems to function correctly in a timely manner even under impact of intrusions. In this paper, we discuss causes, chain effects and barriers of intrusions into information systems, and reveal roles that various information security techniques play in intrusion tolerance. We present two robust intrusion tolerance methods through fault masking: Taguchi’s robust method for system configuration and sharing of resources via an information infrastructure for redundancy.

When employees complete their work tasks, they often experience intrusions stemming from the work (professional intrusions) or the home domain (personal intrusions). Yet, little is known about the respective implications of these two types of intrusions for employees’ productivity. This paper aims to investigate how professional and personal intrusions at work relate to the bright (perceived performance) and dark (procrastination) sides of employees' productivity. Based on recent advances in Self-Determination Theory, the authors also examined the mediating role of psychological need unfulfillment in these relations.

The authors relied on a cross-sectional survey design. A total of 229 French employees took part in the study.

Results from structural equation modelling indicated that need unfulfillment mediated the negative association between personal intrusions and employees’ performance and the positive relation between personal intrusions and procrastination. Professional intrusions were positively related to the soldiering dimension of procrastination only.

This study sheds light on the differentiated effects of personal and professional intrusions, while uncovering the psychological mechanisms at play. Personal intrusions, by triggering employees’ need unfulfillment, were found to have more extended detrimental consequences than professional intrusions. To the best of the authors’ knowledge, this research is also the first to demonstrate the mediating role of need unfulfillment in the relations between socio-contextual characteristics and individual functioning, and thus contributes to Self-Determination Theory.

A zero-day vulnerability is a complimentary ticket to the attackers for gaining entry into the network. Thus, there is necessity to device appropriate threat detection systems and establish an innovative and safe solution that prevents unauthorised intrusions for defending various components of cybersecurity. We present a survey of recent Intrusion Detection Systems (IDS) in detecting zero-day vulnerabilities based on the following dimensions: types of cyber-attacks, datasets used and kinds of network detection systems.

Purpose: The study focuses on presenting an exhaustive review on the effectiveness of the recent IDS with respect to zero-day vulnerabilities.

Methodology: Systematic exploration was done at the IEEE, Elsevier, Springer, RAID, ESCORICS, Google Scholar, and other relevant platforms of studies published in English between 2015 and 2021 using keywords and combinations of relevant terms.

Findings: It is possible to train IDS for zero-day attacks. The existing IDS have strengths that make them capable of effective detection against zero-day attacks. However, they display certain limitations that reduce their credibility. Novel strategies like deep learning, machine learning, fuzzing technique, runtime verification technique, and Hidden Markov Models can be used to design IDS to detect malicious traffic.

Implication: This paper explored and highlighted the advantages and limitations of existing IDS enabling the selection of best possible IDS to protect the system. Moreover, the comparison between signature-based and anomaly-based IDS exemplifies that one viable approach to accurately detect the zero-day vulnerabilities would be the integration of hybrid mechanism.

Addresses specific problems within the area of performing computer system intrusion detection, and presents the reader with an effective decision model to addressing these problems. Current intrusion detection analysis methods are reluctant to properly evaluate the results of decisions made based on their analysis outcomes. These analysis outcomes influence the decision making process involved in response to an intrusion. Utilizing basic decision modeling methods we can develop a model that is both effective and easy to use. To form this model we must have the following within our environment; standard analysis procedure and the classification of information elements. These will feed into our structured decision model and aid in our final decision outcome.

Defines and categorizes the types of intrusions that can be made on information systems. Characterizes a good intrusion detection system and examines and compares commercial intrusion detection products. Reports on continuing intrusion detection.

The purpose of this paper is to propose a web intrusion detection system (IDS), SensorWebIDS, which applies data mining, anomaly and misuse intrusion detection on web environment.

SensorWebIDS has three main components: the network sensor for extracting parameters from real‐time network traffic, the log digger for extracting parameters from web log files and the audit engine for analyzing all web request parameters for intrusion detection. To combat web intrusions like buffer‐over‐flow attack, SensorWebIDS utilizes an algorithm based on standard deviation (δ) theory's empirical rule of 99.7 percent of data lying within 3δ of the mean, to calculate the possible maximum value length of input parameters. Association rule mining technique is employed for mining frequent parameter list and their sequential order to identify intrusions.

Experiments show that proposed system has higher detection rate for web intrusions than SNORT and mod security for such classes of web intrusions like cross‐site scripting, SQL‐Injection, session hijacking, cookie poison, denial of service, buffer overflow, and probes attacks.

Future work may extend the system to detect intrusions implanted with hacking tools and not through straight HTTP requests or intrusions embedded in non‐basic resources like multimedia files and others, track illegal web users with their prior web‐access sequences, implement minimum and maximum values for integer data, and automate the process of pre‐processing training data so that it is clean and free of intrusion for accurate detection results.

Web service security, as a branch of network security, is becoming more important as more business and social activities are moved online to the web.

Existing network IDSs are not directly applicable to web intrusion detection, because these IDSs are mostly sitting on the lower (network/transport) level of network model while web services are running on the higher (application) level. Proposed SensorWebIDS detects XSS and SQL‐Injection attacks through signatures, while other types of attacks are detected using association rule mining and statistics to compute frequent parameter list order and their maximum value lengths.

The purpose of this paper is to develop and validate a numerical model to study the effect of changing hydraulic parameters on saltwater intrusion in coastal aquifers.

The numerical model SEAWAT is validated and applied to a hypothetical case (Henry problem) and a real case study (Biscayne aquifer, Florida, USA) for different values of hydraulic parameters including; hydraulic conductivity, porosity, dispersion, diffusion, fluid density and solute concentration. The dimensional analysis technique is used to correlate these parameters with the intrusion length.

The results show that the hydraulic parameters have a clear effect on saltwater intrusion as they increase the intrusion in some cases and decrease it in some other cases. The results indicate that changing hydraulic parameters may be used as a control method to protect coastal aquifers from saltwater intrusion.

The results of the application of the model to the Biscayne aquifer in Florida showed that the intrusion can be reduced to 50 percent when the hydraulic conductivity is reduced to 50 percent. Decreasing hydraulic conductivity by injecting some relatively cheap materials such as bentonite can help to reduce the intrusion of saltwater. So the saltwater intrusion can be reduced with relatively low cost through changing some hydraulic parameters.

A relationship to calculate intrusion length in coastal aquifer is developed and the impact of different hydraulic parameters on saltwater intrusion is highlighted. Control of saltwater intrusion using relatively cheap method is presented.

This paper is part II of a previous article of the same title: Intrusion detection. Part II is concerned with intrusion threats, attacks, defense, models, methods and systems.

Researchers have used many techniques in designing intrusion detection systems (IDS) and yet we still do not have an effective IDS. The interest in this work is to combine techniques of data mining and expert systems in designing an effective anomaly‐based IDS. Combining methods may give better coverage, and make the detection more effective. The idea is to mine system audit data for consistent and useful patterns of user behaviour, and then keep these normal behaviours in profiles. An expert system is used as the detection system that recognizes anomalies and raises an alarm. The evaluation of the intrusion detection system design was carried out to justify the importance of the work.

The purpose of this paper is to propose a new taxonomy for intrusion detection systems as a way of generating further research topics focussed on improving intrusion system performance.

The paper shows that intrusion systems are characterised by the type of output they are capable of producing, such as intrusion/non‐intrusion declarations, through to intrusion plan determination. The output type is combined with the data scale used to undertake the intrusion determination, to produce a two‐dimensional intrusion matrix.

The paper finds that different approaches to intrusion detection can produce different footprints on the intrusion matrix. Qualitative comparison of systems can be undertaken by examining the area covered within the footprint and the footprint overlap between systems. Quantitative comparison can be achieved in the areas of overlap.

The paper shows that the comparison of systems based on their footprint on the intrusion matrix may allow a deeper understanding of the limits of performance to be developed. The separation of what was previously understood as “detection” into the three areas of Detection, Recognition and Identification may provide further impetus for the development of a theoretical framework for intrusion systems.

The paper shows that the intrusion matrix can be divided into areas in which the achievement of arbitrarily high performance is relatively easily achievable. Other areas within the matrix, such as the Prosecution and Enterprise regions, present significant practical difficulties and therefore are opportunities for further research.

The use of a taxonomy based on the type of output produced by an intrusion system is new to this paper, as is the combination with data scale to produce an intrusion matrix. The recognition that the network data scale should also be split to differentiate trusted and untrusted networks is new and presents challenging opportunities for further research topics.