Search results
1 – 10 of over 1000A zero-day vulnerability is a complimentary ticket to the attackers for gaining entry into the network. Thus, there is necessity to device appropriate threat detection systems and…
Abstract
A zero-day vulnerability is a complimentary ticket to the attackers for gaining entry into the network. Thus, there is necessity to device appropriate threat detection systems and establish an innovative and safe solution that prevents unauthorised intrusions for defending various components of cybersecurity. We present a survey of recent Intrusion Detection Systems (IDS) in detecting zero-day vulnerabilities based on the following dimensions: types of cyber-attacks, datasets used and kinds of network detection systems.
Purpose: The study focuses on presenting an exhaustive review on the effectiveness of the recent IDS with respect to zero-day vulnerabilities.
Methodology: Systematic exploration was done at the IEEE, Elsevier, Springer, RAID, ESCORICS, Google Scholar, and other relevant platforms of studies published in English between 2015 and 2021 using keywords and combinations of relevant terms.
Findings: It is possible to train IDS for zero-day attacks. The existing IDS have strengths that make them capable of effective detection against zero-day attacks. However, they display certain limitations that reduce their credibility. Novel strategies like deep learning, machine learning, fuzzing technique, runtime verification technique, and Hidden Markov Models can be used to design IDS to detect malicious traffic.
Implication: This paper explored and highlighted the advantages and limitations of existing IDS enabling the selection of best possible IDS to protect the system. Moreover, the comparison between signature-based and anomaly-based IDS exemplifies that one viable approach to accurately detect the zero-day vulnerabilities would be the integration of hybrid mechanism.
Details
Keywords
A.S. Sodiya, H.O.D. Longe and A.T. Akinwale
Researchers have used many techniques in designing intrusion detection systems (IDS) and yet we still do not have an effective IDS. The interest in this work is to combine…
Abstract
Researchers have used many techniques in designing intrusion detection systems (IDS) and yet we still do not have an effective IDS. The interest in this work is to combine techniques of data mining and expert systems in designing an effective anomaly‐based IDS. Combining methods may give better coverage, and make the detection more effective. The idea is to mine system audit data for consistent and useful patterns of user behaviour, and then keep these normal behaviours in profiles. An expert system is used as the detection system that recognizes anomalies and raises an alarm. The evaluation of the intrusion detection system design was carried out to justify the importance of the work.
Details
Keywords
C.I. Ezeife, Jingyu Dong and A.K. Aggarwal
The purpose of this paper is to propose a web intrusion detection system (IDS), SensorWebIDS, which applies data mining, anomaly and misuse intrusion detection on web environment.
Abstract
Purpose
The purpose of this paper is to propose a web intrusion detection system (IDS), SensorWebIDS, which applies data mining, anomaly and misuse intrusion detection on web environment.
Design/methodology/approach
SensorWebIDS has three main components: the network sensor for extracting parameters from real‐time network traffic, the log digger for extracting parameters from web log files and the audit engine for analyzing all web request parameters for intrusion detection. To combat web intrusions like buffer‐over‐flow attack, SensorWebIDS utilizes an algorithm based on standard deviation (δ) theory's empirical rule of 99.7 percent of data lying within 3δ of the mean, to calculate the possible maximum value length of input parameters. Association rule mining technique is employed for mining frequent parameter list and their sequential order to identify intrusions.
Findings
Experiments show that proposed system has higher detection rate for web intrusions than SNORT and mod security for such classes of web intrusions like cross‐site scripting, SQL‐Injection, session hijacking, cookie poison, denial of service, buffer overflow, and probes attacks.
Research limitations/implications
Future work may extend the system to detect intrusions implanted with hacking tools and not through straight HTTP requests or intrusions embedded in non‐basic resources like multimedia files and others, track illegal web users with their prior web‐access sequences, implement minimum and maximum values for integer data, and automate the process of pre‐processing training data so that it is clean and free of intrusion for accurate detection results.
Practical implications
Web service security, as a branch of network security, is becoming more important as more business and social activities are moved online to the web.
Originality/value
Existing network IDSs are not directly applicable to web intrusion detection, because these IDSs are mostly sitting on the lower (network/transport) level of network model while web services are running on the higher (application) level. Proposed SensorWebIDS detects XSS and SQL‐Injection attacks through signatures, while other types of attacks are detected using association rule mining and statistics to compute frequent parameter list order and their maximum value lengths.
Details
Keywords
Rod Hart, Darren Morgan and Hai Tran
Defines and categorizes the types of intrusions that can be made on information systems. Characterizes a good intrusion detection system and examines and compares commercial…
Abstract
Defines and categorizes the types of intrusions that can be made on information systems. Characterizes a good intrusion detection system and examines and compares commercial intrusion detection products. Reports on continuing intrusion detection.
Details
Keywords
Joseph S. Sherif and Rod Ayers
This paper is part II of a previous article of the same title: Intrusion detection. Part II is concerned with intrusion threats, attacks, defense, models, methods and systems.
Abstract
This paper is part II of a previous article of the same title: Intrusion detection. Part II is concerned with intrusion threats, attacks, defense, models, methods and systems.
Details
Keywords
C.J. Tucker, S.M. Furnell, B.V. Ghita and P.J. Brooke
The purpose of this paper is to propose a new taxonomy for intrusion detection systems as a way of generating further research topics focussed on improving intrusion system…
Abstract
Purpose
The purpose of this paper is to propose a new taxonomy for intrusion detection systems as a way of generating further research topics focussed on improving intrusion system performance.
Design/methodology/approach
The paper shows that intrusion systems are characterised by the type of output they are capable of producing, such as intrusion/non‐intrusion declarations, through to intrusion plan determination. The output type is combined with the data scale used to undertake the intrusion determination, to produce a two‐dimensional intrusion matrix.
Findings
The paper finds that different approaches to intrusion detection can produce different footprints on the intrusion matrix. Qualitative comparison of systems can be undertaken by examining the area covered within the footprint and the footprint overlap between systems. Quantitative comparison can be achieved in the areas of overlap.
Research limitations/implications
The paper shows that the comparison of systems based on their footprint on the intrusion matrix may allow a deeper understanding of the limits of performance to be developed. The separation of what was previously understood as “detection” into the three areas of Detection, Recognition and Identification may provide further impetus for the development of a theoretical framework for intrusion systems.
Practical implications
The paper shows that the intrusion matrix can be divided into areas in which the achievement of arbitrarily high performance is relatively easily achievable. Other areas within the matrix, such as the Prosecution and Enterprise regions, present significant practical difficulties and therefore are opportunities for further research.
Originality/value
The use of a taxonomy based on the type of output produced by an intrusion system is new to this paper, as is the combination with data scale to produce an intrusion matrix. The recognition that the network data scale should also be split to differentiate trusted and untrusted networks is new and presents challenging opportunities for further research topics.
Details
Keywords
Raman Singh, Harish Kumar, Ravinder Kumar Singla and Ramachandran Ramkumar Ketti
The paper addresses various cyber threats and their effects on the internet. A review of the literature on intrusion detection systems (IDSs) as a means of mitigating internet…
Abstract
Purpose
The paper addresses various cyber threats and their effects on the internet. A review of the literature on intrusion detection systems (IDSs) as a means of mitigating internet attacks is presented, and gaps in the research are identified. The purpose of this paper is to identify the limitations of the current research and presents future directions for intrusion/malware detection research.
Design/methodology/approach
The paper presents a review of the research literature on IDSs, prior to identifying research gaps and limitations and suggesting future directions.
Findings
The popularity of the internet makes it vulnerable against various cyber-attacks. Ongoing research on intrusion detection methods aims to overcome the limitations of earlier approaches to internet security. However, findings from the literature review indicate a number of different limitations of existing techniques: poor accuracy, high detection time, and low flexibility in detecting zero-day attacks.
Originality/value
This paper provides a review of major issues in intrusion detection approaches. On the basis of a systematic and detailed review of the literature, various research limitations are discovered. Clear and concise directions for future research are provided.
Details
Keywords
A.S. Sodiya, H.O.D. Longe and A.T. Akinwale
The goal of our work is to discuss the fundamental issues of privacy and anomaly‐based intrusion detection systems (IDS) and to design an efficient anomaly‐based intrusion IDS…
Abstract
Purpose
The goal of our work is to discuss the fundamental issues of privacy and anomaly‐based intrusion detection systems (IDS) and to design an efficient anomaly‐based intrusion IDS architecture where users' privacy is maintained.
Design/methodology/approach
In this work, any information that can link intrusion detection activity to a user is encrypted so as to pseudonyze the sensitive information. A database of encrypted information would then be created which becomes the source database for the IDS. The design makes use of dynamic key generation algorithm that generates key randomly when an intrusion is detected. The keys are only released when an intrusion occurs and immediately swapped to protect harm access to the mapping database.
Findings
The result after testing the new privacy maintained IDS architecture on an application package shows greater improvement over the ordinary IDSs. Privacy complaints reduced considerably from between 8 and 16 per week to about 1‐2.
Research limitations/implications
We only tested the new privacy maintained IDS on a package, it would also be interesting to test the design on some other systems. There is a possibility that time to detection would increase because of the encryption/decryption part of the new design. All the same, we have designed an IDS architecture where privacy of users on the systems is guaranteed.
Practical implications
This work provides a background for researchers in IDS and it requires further improvements and extensions.
Originality/value
The work shows that it is possible to design an IDS architecture for maintaining privacy of users on the network. The result shows the originality of the new design.
Details
Keywords
Ammar Alazab, Michael Hobbs, Jemal Abawajy, Ansam Khraisat and Mamoun Alazab
The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most…
Abstract
Purpose
The purpose of this paper is to mitigate vulnerabilities in web applications, security detection and prevention are the most important mechanisms for security. However, most existing research focuses on how to prevent an attack at the web application layer, with less work dedicated to setting up a response action if a possible attack happened.
Design/methodology/approach
A combination of a Signature-based Intrusion Detection System (SIDS) and an Anomaly-based Intrusion Detection System (AIDS), namely, the Intelligent Intrusion Detection and Prevention System (IIDPS).
Findings
After evaluating the new system, a better result was generated in line with detection efficiency and the false alarm rate. This demonstrates the value of direct response action in an intrusion detection system.
Research limitations/implications
Data limitation.
Originality/value
The contributions of this paper are to first address the problem of web application vulnerabilities. Second, to propose a combination of an SIDS and an AIDS, namely, the IIDPS. Third, this paper presents a novel approach by connecting the IIDPS with a response action using fuzzy logic. Fourth, use the risk assessment to determine an appropriate response action against each attack event. Combining the system provides a better performance for the Intrusion Detection System, and makes the detection and prevention more effective.
Details
Keywords
Adel Abdallah, Mohamed M. Fouad and Hesham N. Ahmed
The purpose of this paper is to introduce a novel intensity-modulated fiber optic sensor for real-time intrusion detection using a fiber-optic microbend sensor and an optical…
Abstract
Purpose
The purpose of this paper is to introduce a novel intensity-modulated fiber optic sensor for real-time intrusion detection using a fiber-optic microbend sensor and an optical time-domain reflectometer (OTDR).
Design/methodology/approach
The proposed system is tested using different scenarios using person/car as intruders. Experiments are conducted in the lab and in the field. In the beginning, the OTDR trace is obtained and recorded as a reference signal without intrusion events. The second step is to capture the OTDR trace with intrusion events in one or multiple sectors. This measured signal is then compared to the reference signal and processed by matrix laboratory to determine the intruded sector. Information of the intrusion is displayed on an interactive screen implemented by Visual basic. The deformer is designed and implemented using SOLIDWORKS three-dimensional computer aided design Software.
Findings
The system is tested for intrusions by performing two experiments. The first experiment is performed for both persons (>50 kg) in the lab and cars in an open field with a car moving at 60 km/h using two optical fiber sectors of lengths 200 and 500 m. For test purposes, the deformer length used in the experiment is 2 m. The used signal processing technique in the first experiment has some limitations and its accuracy is 70% after measuring and recording 100 observations. To overcome these limitations, a second experiment with another technique of signal processing is performed.
Research limitations/implications
The system can perfectly display consecutive intrusions of the sectors, but in case of simultaneous intrusions of different sectors, which is difficult to take place in real situations, there will be the ambiguity of the number of intruders and the intruded sector. This will be addressed in future work. Suitable and stable laser power is required to get a suitable level of backscattered power. Optimization of the deformer is required to enhance the sensitivity and reliability of the sensor.
Practical implications
The proposed work enables us to benefit from the ease of implementation and the reduced cost of the intensity-modulated fiber optic sensors because it overcomes the constraints that prevent using the intensity-modulated fiber optic sensors for intrusion detection.
Originality/value
The proposed system is the first time long-range intensity-modulated fiber optic sensor for intrusion detection.
Details