Relevant bibliographies by topics / Signature-based intrusion detection / Journal articles
To see the other types of publications on this topic, follow the link: Signature-based intrusion detection.

Journal articles on the topic 'Signature-based intrusion detection'

Author: Grafiati
Published: 4 June 2021
Last updated: 30 January 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'Signature-based intrusion detection.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

V. Stetsenko, Inna, and Maksym Demydenko. "Signature-based Intrusion Detection Hardware-Software Complex." Information & Security: An International Journal 47, no. 2 (2020): 221–31. http://dx.doi.org/10.11610/isij.4715.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Panagiotou, Panos, Notis Mengidis, Theodora Tsikrika, Stefanos Vrochidis, and Ioannis Kompatsiaris. "Host-based Intrusion Detection Using Signature-based and AI-driven Anomaly Detection Methods." Information & Security: An International Journal 50 (2021): 37–48. http://dx.doi.org/10.11610/isij.5016.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Einy, Sajad, Cemil Oz, and Yahya Dorostkar Navaei. "The Anomaly- and Signature-Based IDS for Network Security Using Hybrid Inference Systems." Mathematical Problems in Engineering 2021 (March 12, 2021): 1–10. http://dx.doi.org/10.1155/2021/6639714.

Full text
Abstract:
With the expansion of communication in today’s world and the possibility of creating interactions between people through communication networks regardless of the distance dimension, the issue of creating security for the data and information exchanged has received much attention from researchers. Various methods have been proposed for this purpose; one of the most important methods is intrusion detection systems to quickly detect intrusions into the network and inform the manager or responsible people to carry out an operational set to reduce the amount of damage caused by these intruders. The main challenge of the proposed intrusion detection systems is the number of erroneous warning messages generated and the low percentage of accurate detection of intrusions in them. In this research, the Suricata IDS/IPS is deployed along with the NN model for the metaheuristic’s manual detection of malicious traffic in the targeted network. For the metaheuristic-based feature selection, the neural network, and the anomaly-based detection, the fuzzy logic is used in this research paper. The latest stable version of Kali Linux 2020.3 is used as an attacking system for web applications and different types of operating systems. The proposed method has achieved 96.111% accuracy for detecting network intrusion.
APA, Harvard, Vancouver, ISO, and other styles
4

Kaur, Harpreet. "NETWORK INTRUSION DETECTION AND PREVENTION ATTACKS." INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY 2, no. 3 (June 30, 2012): 21–23. http://dx.doi.org/10.24297/ijct.v2i3a.2669.

Full text
Abstract:
Intrusion detection is an important technology in business sector as well as an active area of research. It is an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action. Today computers are part of networked; distributed systems that may span multiple buildings sometimes located thousands of miles apart. The network of such a system is a pathway for communication between the computers in the distributed system. The network is also a pathway for intrusion. This system is designed to detect and combat some common attacks on network systems. It follows the signature based IDs methodology for ascertaining attacks. A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. In this system the attack log displays the list of attacks to the administrator for evasive action. This system works as an alert device in the event of attacks directed towards an entire network.
APA, Harvard, Vancouver, ISO, and other styles
5

Kala, T. Sree, and A. Christy. "Signature Based Algorithms and Intrusion Detection Systems." International Journal of Web Technology 5, no. 1 (June 13, 2016): 9–12. http://dx.doi.org/10.20894/ijwt.104.005.001.003.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Anand, Saloni, and Kshitij Patne. "Network Intrusion Detection and Prevention." International Journal for Research in Applied Science and Engineering Technology 10, no. 6 (June 30, 2022): 3754–59. http://dx.doi.org/10.22214/ijraset.2022.44761.

Full text
Abstract:
Abstract: Intrusion Detection systems are now increasingly significant in network security. As the number of people using the internet grows, so does the chance of a cyberattack. People are adopting signature-based intrusion detection systems. Snort is a popular open-source signature-based intrusion detection system. It is widely utilised in the intrusion detection and prevention arena across the world. The aim of this research is to provide knowledge about intrusion detection systems, application vulnerabilities, and their prevention methods and to perform a comparison of the latest tools and mechanisms used to detect these threats and vulnerabilities.
APA, Harvard, Vancouver, ISO, and other styles
7

Sharma, Gaurav, and Anil Kumar Kapil. "INTRUSION DETECTION AND PREVENTION FRAMEWORK USING DATA MINING TECHNIQUES FOR FINANCIAL SECTOR." Acta Informatica Malaysia 5, no. 2 (September 29, 2021): 58–61. http://dx.doi.org/10.26480/aim.02.2021.58.61.

Full text
Abstract:
Security becomes the main concern when the resources are shared over a network for many purposes. For ease of use and time saving several services offered by banks and other financial companies are accessible over mobile apps and computers connected with the Internet. Intrusion detection (ID) is the act of detecting actions that attempt to compromise the confidentiality, integrity, or availability of a shared resource over a network. Intrusion detection does not include the prevention of intrusions. A different solution is required for intrusion prevention. The major intrusion detection technique is host-based where major accountabilities are taken by the server itself to detect relevant security attacks. In this paper, an intrusion detection algorithm using data mining is presented. The proposed algorithm is compared with the signature apriori algorithm for performance. The proposed algorithm observed better results. This framework may help to explore new areas of future research in increasing security in the banking and financial sector enabled by an intrusion detection system (IDS).
APA, Harvard, Vancouver, ISO, and other styles
8

Kwon, Hee-Yong, Taesic Kim, and Mun-Kyu Lee. "Advanced Intrusion Detection Combining Signature-Based and Behavior-Based Detection Methods." Electronics 11, no. 6 (March 9, 2022): 867. http://dx.doi.org/10.3390/electronics11060867.

Full text
Abstract:
Recently, devices in real-time systems, such as residential facilities, vehicles, factories, and social infrastructure, have been increasingly connected to communication networks. Although these devices provide administrative convenience and enable the development of more sophisticated control systems, critical cybersecurity concerns and challenges remain. In this paper, we propose a hybrid anomaly detection method that combines statistical filtering and a composite autoencoder to effectively detect anomalous behaviors possibly caused by malicious activity in order to mitigate the risk of cyberattacks. We used the SWaT dataset, which was collected from a real water treatment system, to conduct a case study of cyberattacks on industrial control systems to validate the performance of the proposed approach. We then evaluated the performance of the proposed hybrid detection method on a dataset with two time window settings for the composite autoencoder. According to the experimental results, the proposed method improved the precision, recall, and F1-score by up to 0.008, 0.067, and 0.039, respectively, compared to an autoencoder-only approach. Moreover, we evaluated the computational cost of the proposed method in terms of execution time. The execution time of the proposed method was reduced by up to 8.03% compared to that of an autoencoder-only approach. Through the experimental results, we show that the proposed method detected more anomalies than an autoencoder-only detection approach and it also operated significantly faster.
APA, Harvard, Vancouver, ISO, and other styles
9

Roka, Sanjay, and Santosh Naik. "SURVEY ON SIGNATURE BASED INTRUCTION DETECTION SYSTEM USING MULTITHREADING." International Journal of Research -GRANTHAALAYAH 5, no. 4RACSIT (April 30, 2017): 58–62. http://dx.doi.org/10.29121/granthaalayah.v5.i4racsit.2017.3352.

Full text
Abstract:
The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective. Many intrusion detection techniques have been developed on fixed wired networks but have been turned to be inapplicable in this new environment. We need to search for new architecture and mechanisms to protect computer networks. Signature-based Intrusion Detection System matches network packets against a pre-configured set of intrusion signatures. Current implementations of IDS employ only a single thread of execution and as a consequence benefit very little from multi-processor hardware platforms. A multi-threaded technique would allow more efficient and scalable exploitation of these multi-processor machines.
APA, Harvard, Vancouver, ISO, and other styles
10

Antunes, Mário, Luís Oliveira, Afonso Seguro, João Veríssimo, Ruben Salgado, and Tiago Murteira. "Benchmarking Deep Learning Methods for Behaviour-Based Network Intrusion Detection." Informatics 9, no. 1 (March 20, 2022): 29. http://dx.doi.org/10.3390/informatics9010029.

Full text
Abstract:
Network security encloses a wide set of technologies dealing with intrusions detection. Despite the massive adoption of signature-based network intrusion detection systems (IDSs), they fail in detecting zero-day attacks and previously unseen vulnerabilities exploits. Behaviour-based network IDSs have been seen as a way to overcome signature-based IDS flaws, namely through the implementation of machine-learning-based methods, to tolerate new forms of normal network behaviour, and to identify yet unknown malicious activities. A wide set of machine learning methods has been applied to implement behaviour-based IDSs with promising results on detecting new forms of intrusions and attacks. Innovative machine learning techniques have emerged, namely deep-learning-based techniques, to process unstructured data, speed up the classification process, and improve the overall performance obtained by behaviour-based network intrusion detection systems. The use of realistic datasets of normal and malicious networking activities is crucial to benchmark machine learning models, as they should represent real-world networking scenarios and be based on realistic computers network activity. This paper aims to evaluate CSE-CIC-IDS2018 dataset and benchmark a set of deep-learning-based methods, namely convolutional neural networks (CNN) and long short-term memory (LSTM). Autoencoder and principal component analysis (PCA) methods were also applied to evaluate features reduction in the original dataset and its implications in the overall detection performance. The results revealed the appropriateness of using the CSE-CIC-IDS2018 dataset to benchmark supervised deep learning models. It was also possible to evaluate the robustness of using CNN and LSTM methods to detect unseen normal activity and variations of previously trained attacks. The results reveal that feature reduction methods decreased the processing time without loss of accuracy in the overall detection performance.
APA, Harvard, Vancouver, ISO, and other styles
11

Ayachi, Yassine, Youssef Mellah, Mohammed Saber, Noureddine Rahmoun, Imane Kerrakchou, and Toumi Bouchentouf. "A survey and analysis of intrusion detection models based on information security and object technology-cloud intrusion dataset." IAES International Journal of Artificial Intelligence (IJ-AI) 11, no. 4 (December 1, 2022): 1607. http://dx.doi.org/10.11591/ijai.v11.i4.pp1607-1614.

Full text
Abstract:
Nowadays society, economy, and critical infrastructures have become principally dependent on computers, networks, and information technology solutions, on the other side, cyber-attacks are becoming more sophisticated and thus presenting increasing challenges in accurately detecting intrusions. Failure to prevent intrusions could compromise data integrity, confidentiality, and availability. Different detection methods are proposed to tackle computer security threats, which can be broadly classified into anomaly-based intrusion detection systems (AIDS) and signature-based intrusion detection systems (SIDS). One of the most preferred AIDS mechanisms is the machine learning-based approach which provides the most relevant results ever, but it still suffers from disadvantages like unrepresentative dataset, indeed, most of them were collected during a limited period of time, in some specific networks and mostly don't contain up-to-date data. Additionally, they are imbalanced and do not hold sufficient data for all types of attacks, especially new attack types. For this reason, upto-date datasets such as information security and object technology-cloud intrusion dataset (ISOT-CID) are very convenient to train predictive models on a cloud-based intrusion detection approach. The dataset has been collected over a sufficiently long period and involves several hours of attack data, culminating into a few terabytes. It is large and diverse enough to accommodate machine-learning studies.
APA, Harvard, Vancouver, ISO, and other styles
12

Kim, Jiyeon, and Hyong S. Kim. "Intrusion Detection Based on Spatiotemporal Characterization of Cyberattacks." Electronics 9, no. 3 (March 9, 2020): 460. http://dx.doi.org/10.3390/electronics9030460.

Full text
Abstract:
As attack techniques become more sophisticated, detecting new and advanced cyberattacks with traditional intrusion detection techniques based on signature and anomaly is becoming challenging. In signature-based detection, not only do attackers bypass known signatures, but they also exploit unknown vulnerabilities. As the number of new signatures is increasing daily, it is also challenging to scale the detection mechanisms without impacting performance. For anomaly detection, defining normal behaviors is challenging due to today’s complex applications with dynamic features. These complex and dynamic characteristics cause much false positives with a simple outlier detection. In this work, we detect intrusion behaviors by looking at number of computing elements together in time and space, whereas most of existing intrusion detection systems focus on a single element. In order to define the spatiotemporal intrusion patterns, we look at fundamental behaviors of cyberattacks that should appear in any possible attacks. We define these individual behaviors as basic cyberattack action (BCA) and develop a stochastic graph model to represent combination of BCAs in time and space. In addition, we build an intrusion detection system to demonstrate the detection mechanism based on the graph model. We inject numerous known and possible unknown attacks comprising BCAs and show how the system detects these attacks and how to locate the root causes based on the spatiotemporal patterns. The characterization of attacks in spatiotemporal patterns with expected essential behaviors would present a new effective approach to the intrusion detection.
APA, Harvard, Vancouver, ISO, and other styles
13

Afzal, Shehroz, and Jamil Asim. "Systematic Literature Review over IDPS, Classification and Application in its Different Areas." STATISTICS, COMPUTING AND INTERDISCIPLINARY RESEARCH 3, no. 2 (December 31, 2021): 189–223. http://dx.doi.org/10.52700/scir.v3i2.58.

Full text
Abstract:
Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). Network security is vital for any organization connected to the Internet. Rock solid network security is a major challenge that can be overcome by strengthening the network against threats such as hackers, malware, botnets, data thieves, etc. Firewalls, antivirus, and intrusion detection systems are used to protect the network. The firewall can control network traffic, but reliance on this type of security alone is not enough. Attackers use open ports such as port 80 of the web server (http) and port 110 of the POP server to infiltrate networks. The Intrusion Detection System (IDS) minimizes security breaches and improves network security by scanning network packets to filter out malicious packets. Real-time detection with prevention using Intrusion Detection and Prevention Systems (IDPS) has elevated network security to an advanced level by strengthening the network against malicious activities. In this Survey paper focuses on Classifying various kinds of IDS with the major types of attacks based on intrusion methods. Presenting a classification of network anomaly IDS evaluation metrics and discussion on the importance of the feature selection. Evaluation of available IDS datasets discussing the challenges of evasion techniques.
APA, Harvard, Vancouver, ISO, and other styles
14

Afzal, Shehroz, and Jamil Asim. "Systematic Literature Review over IDPS, Classification and Application in its Different Areas." STATISTICS, COMPUTING AND INTERDISCIPLINARY RESEARCH 3, no. 2 (December 31, 2021): 189–223. http://dx.doi.org/10.52700/scir.v3i2.58.

Full text
Abstract:
Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). Network security is vital for any organization connected to the Internet. Rock solid network security is a major challenge that can be overcome by strengthening the network against threats such as hackers, malware, botnets, data thieves, etc. Firewalls, antivirus, and intrusion detection systems are used to protect the network. The firewall can control network traffic, but reliance on this type of security alone is not enough. Attackers use open ports such as port 80 of the web server (http) and port 110 of the POP server to infiltrate networks. The Intrusion Detection System (IDS) minimizes security breaches and improves network security by scanning network packets to filter out malicious packets. Real-time detection with prevention using Intrusion Detection and Prevention Systems (IDPS) has elevated network security to an advanced level by strengthening the network against malicious activities. In this Survey paper focuses on Classifying various kinds of IDS with the major types of attacks based on intrusion methods. Presenting a classification of network anomaly IDS evaluation metrics and discussion on the importance of the feature selection. Evaluation of available IDS datasets discussing the challenges of evasion techniques.
APA, Harvard, Vancouver, ISO, and other styles
15

Park, Sang-No, A.-Yong Kim, and Hoe-Kyung Jung. "A Study on Signature-based Wireless Intrusion Detection Systems." Journal of the Korea Institute of Information and Communication Engineering 18, no. 5 (May 31, 2014): 1122–27. http://dx.doi.org/10.6109/jkiice.2014.18.5.1122.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

Alviana, Sopian, and Irfan Dwiguna Sumitra. "ANALISIS PENGUKURAN PENGGUNAAN SUMBER DAYA KOMPUTER PADA INTRUSION DETECTION SYSTEM DALAM MEMINIMALKAN SERANGAN JARINGAN." Komputa : Jurnal Ilmiah Komputer dan Informatika 7, no. 1 (March 19, 2018): 27–34. http://dx.doi.org/10.34010/komputa.v7i1.2533.

Full text
Abstract:
Pemanfaatan intrusion detection system sebagai salah satu Teknik yang dapat mendeteksi serangan lebih dini dalam jaringan komputer. Dalam mendeteksi setiap serangan intrusion detection system menggunakan dua Teknik yaitu dengan anomaly based dan signature based. Pada penelitian ini akan mengukur penggunaan sumber daya komputer yang digunakan dalam mendeteksi serangan baik oleh anomaly based maupun signature based. Teknik pengukuran menggunakan experimental metode dengan memberikan sistem dengan serangan secara terus menerus dan bervariasi dari serangan yang bersifat anomali maupun bersifat signature, kemudian mengukur penggunaan sumber daya baik memori maupun penggunaan processor, serta waktu responsi oleh signature based maupun anomaly based. Berdasarkan analisis pengukuran terhadap respon deteksi metode anomaly based mempunyai keunggulan deteksi lebih cepat dengan membutuhkan 7 detik dibandingkan dengan signature based. Sedangkan, penggunaan processor metode signature based mengkonsumsi processor lebih rendah mencapai 69% dibandingkan anomaly based 75%, dan anomaly based cenderung lebih kecil dalam penggunaan memori dengan 60% dibandingkan signature based yang mengkonsumsi memory sebesar 62%.
APA, Harvard, Vancouver, ISO, and other styles
17

Mohammadi, Shahriar, and Fatemeh Amiri. "An Efficient Hybrid Self-Learning Intrusion Detection System Based on Neural Networks." International Journal of Computational Intelligence and Applications 18, no. 01 (March 2019): 1950001. http://dx.doi.org/10.1142/s1469026819500019.

Full text
Abstract:
An intrusion detection system (IDS) is an immunizing system that identifies the hostile activities in a network, and alerts the network administrator in case of detecting suspicious behaviors. Signature-based systems are the most common methods for intrusion detection, but however, they are not able to detect new attacks on the network. The main problem of these systems is to keep up to date the database of already containing known attack signatures. Neural networks have a high ability to learn and are generalizable. This study present as follow: A new intrusion detection system that is a hybrid of self-organizing map algorithm (SOM), radial basis function (RBF) and perceptron networks is proposed to solve this problem. For the first time, The Imperialist Competitive Algorithm is used to calculate the parameters of the Perceptron neural network. The proposed approach uses a hybrid architecture that tries to increase the quality of warnings. Signature-based systems using this method can detect new attacks as a self-learner. The results indicated better performance of the proposed hybrid algorithm compared to earlier methods.
APA, Harvard, Vancouver, ISO, and other styles
18

Kalinin, Maxim, Dmitry Zegzhda, Vasiliy Krundyshev, Daria Lavrova, Dmitry Moskvin, and Evgeny Pavlenko. "Application of Bioinformatics Algorithms for 3RO\PRUSKLF Cyberattacks Detection." Informatics and Automation 20, no. 4 (August 3, 2021): 820–44. http://dx.doi.org/10.15622/ia.20.4.3.

Full text
Abstract:
The functionality of any system can be represented as a set of commands that lead to a change in the state of the system. The intrusion detection problem for signature-based intrusion detection systems is equivalent to matching the sequences of operational commands executed by the protected system to known attack signatures. Various mutations in attack vectors (including replacing commands with equivalent ones, rearranging the commands and their blocks, adding garbage and empty commands into the sequence) reduce the effectiveness and accuracy of the intrusion detection. The article analyzes the existing solutions in the field of bioinformatics and considers their applicability for solving the problem of identifying polymorphic attacks by signature-based intrusion detection systems. A new approach to the detection of polymorphic attacks based on the suffix tree technology applied in the assembly and verification of the similarity of genomic sequences is discussed. The use of bioinformatics technology allows us to achieve high accuracy of intrusion detection at the level of modern intrusion detection systems (more than 0.90), while surpassing them in terms of cost-effectiveness of storage resources, speed and readiness to changes in attack vectors. To improve the accuracy indicators, a number of modifications of the developed algorithm have been carried out, as a result of which the accuracy of detecting attacks increased by up to 0.95 with the level of mutations in the sequence up to 10%. The developed approach can be used for intrusion detection both in conventional computer networks and in modern reconfigurable network infrastructures with limited resources (Internet of Things, networks of cyber-physical objects, wireless sensor networks).
APA, Harvard, Vancouver, ISO, and other styles
19

Pietro Spadaccino and Francesca Cuomo. "Intrusion detection systems for IoT: Opportunities and challenges offered by edge computing." ITU Journal on Future and Evolving Technologies 3, no. 2 (September 22, 2022): 408–20. http://dx.doi.org/10.52953/wnvi5792.

Full text
Abstract:
Key components of current cybersecurity methods are the Intrusion Detection Systems (IDSs), where different techniques and architectures are applied to detect intrusions. IDSs can be based either on cross-checking monitored events with a database of known intrusion experiences, known as signature-based, or on learning the normal behavior of the system and reporting whether anomalous events occur, named anomaly-based. This work is dedicated to the application of IDS to the Internet of Things (IoT) networks, where also edge computing is used to support IDS implementation. Specific attention is given to IDSs which leverage device classification at the edge. New challenges that arise when deploying an IDS in an edge scenario are identified and remedies are proposed.
APA, Harvard, Vancouver, ISO, and other styles
20

Khraisat, Gondal, Vamplew, Kamruzzaman, and Alazab. "A novel Ensemble of Hybrid Intrusion Detection System for Detecting Internet of Things Attacks." Electronics 8, no. 11 (October 23, 2019): 1210. http://dx.doi.org/10.3390/electronics8111210.

Full text
Abstract:
The Internet of Things (IoT) has been rapidly evolving towards making a greater impact on everyday life to large industrial systems. Unfortunately, this has attracted the attention of cybercriminals who made IoT a target of malicious activities, opening the door to a possible attack to the end nodes. Due to the large number and diverse types of IoT devices, it is a challenging task to protect the IoT infrastructure using a traditional intrusion detection system. To protect IoT devices, a novel ensemble Hybrid Intrusion Detection System (HIDS) is proposed by combining a C5 classifier and One Class Support Vector Machine classifier. HIDS combines the advantages of Signature Intrusion Detection System (SIDS) and Anomaly-based Intrusion Detection System (AIDS). The aim of this framework is to detect both the well-known intrusions and zero-day attacks with high detection accuracy and low false-alarm rates. The proposed HIDS is evaluated using the Bot-IoT dataset, which includes legitimate IoT network traffic and several types of attacks. Experiments show that the proposed hybrid IDS provide higher detection rate and lower false positive rate compared to the SIDS and AIDS techniques.
APA, Harvard, Vancouver, ISO, and other styles
21

Arip Winanto, Eko, Mohd Yazid Idris, Deris Stiawan, and Mohammad Sulkhan Nurfatih. "Designing consensus algorithm for collaborative signature-based intrusion detection system." Indonesian Journal of Electrical Engineering and Computer Science 22, no. 1 (April 1, 2021): 485. http://dx.doi.org/10.11591/ijeecs.v22.i1.pp485-496.

Full text
Abstract:
<span>Signature-based collaborative intrusion detection system (CIDS) is highly depends on the reliability of nodes to provide IDS attack signatures. Each node in the network is responsible to provide new attack signature to be shared with other node. There are two problems exist in CIDS highlighted in this paper, first is to provide data consistency and second is to maintain trust among the nodes while sharing the attack signatures. Recently, researcher find that blockchain has a great potential to solve those problems. Consensus algorithm in blockchain is able to increase trusts among the node and allows data to be inserted from a single source of truth. In this paper, we are investigating three blockchain consensus algorithms: proof of work (PoW), proof of stake (PoS), and hybrid PoW-PoS chain-based consensus algorithm which are possibly to be implemented in CIDS. Finally, we design an extension of hybrid PoW-PoS chain-based consensus algorithm to fulfill the requirement. This extension we name it as proof of attack signature (PoAS).</span>
APA, Harvard, Vancouver, ISO, and other styles
22

Shafi, Kamran, and Hussein A. Abbass. "An adaptive genetic-based signature learning system for intrusion detection." Expert Systems with Applications 36, no. 10 (December 2009): 12036–43. http://dx.doi.org/10.1016/j.eswa.2009.03.036.

Full text
APA, Harvard, Vancouver, ISO, and other styles
23

Li, Wenjuan, Steven Tug, Weizhi Meng, and Yu Wang. "Designing collaborative blockchained signature-based intrusion detection in IoT environments." Future Generation Computer Systems 96 (July 2019): 481–89. http://dx.doi.org/10.1016/j.future.2019.02.064.

Full text
APA, Harvard, Vancouver, ISO, and other styles
24

Alhadithy, Alaa Khalil, and Awezan Aso Omar. "Online Database Intrusion Detection System Based on Query Signatures." Journal of University of Human Development 3, no. 1 (March 31, 2017): 282. http://dx.doi.org/10.21928/juhd.v3n1y2017.pp282-287.

Full text
Abstract:
SQL injection (SQLI) is a major type of attack that threatens the integrity, confidentiality and authenticity or functionality of any database driven web application. It allows the attacker to gain unauthorized access to the back-end database by exploiting the vulnerabilities within the system in order to commit an attack and access resources. Database Intrusion Detection System (DIDS) is the defense against SQLI that is used as a detection and prevention technique to protect any database driven web application. In this paper a proposed system is presented to protect the web application from SQLI. This proposed system uses a new technique of signature- based detection. It depends on secure hash algorithm (SHA-1), which is used to check the signature for the submitted queries and to decide whether these queries are valid, or not. The proposed system can distinguish and prevent hacking attempts by detecting the attacker, blocking his/her request, and preventing him/her from accessing the web application again. The proposed system was tested using Sqlmapproject attacking tool. Sqlmapproject was used to attack the web application (built using PHP and MySQL server) before and after protection. The results show that the proposed system works correctly and it can protect the web application system with good performance and high efficiency.
APA, Harvard, Vancouver, ISO, and other styles
25

Wang, Yu, Weizhi Meng, Wenjuan Li, Jin Li, Wai-Xi Liu, and Yang Xiang. "A fog-based privacy-preserving approach for distributed signature-based intrusion detection." Journal of Parallel and Distributed Computing 122 (December 2018): 26–35. http://dx.doi.org/10.1016/j.jpdc.2018.07.013.

Full text
APA, Harvard, Vancouver, ISO, and other styles
26

Gaur, Riddhi, and Uma Kumari. "Hybrid Intrusion Detection System for Private Cloud & Public Cloud." Oriental journal of computer science and technology 10, no. 2 (May 15, 2017): 438–45. http://dx.doi.org/10.13005/ojcst/10.02.26.

Full text
Abstract:
Internet based applications and data storage services can be easily acquired by the end users by the permission of Cloud computing. Providing security to the cloud computing environment has become important issue with the increased demand of cloud computing. Other than the traditional security methods, additional methods like control access, confidentiality, firewalls and user authentication are required in order to provide security to the cloud computing environment. One of the needful components in terms of cloud security is Intrusion Detection System (IDS). To detect various attacks on cloud, Intrusion Detection System (IDS) is the most commonly used mechanism. This paper discusses about the intrusion detection and different intrusion detection techniques namely anomaly based techniques and signature based techniques.
APA, Harvard, Vancouver, ISO, and other styles
27

Javidi, Mohammad Masoud. "Network Attacks Detection by Hierarchical Neural Network." Computer Engineering and Applications Journal 4, no. 2 (June 18, 2015): 119–32. http://dx.doi.org/10.18495/comengapp.v4i2.108.

Full text
Abstract:
Intrusion detection is an emerging area of research in the computer security and net-works with the growing usage of internet in everyday life. Most intrusion detection systems (IDSs) mostly use a single classifier algorithm to classify the network traffic data as normal behavior or anomalous. However, these single classifier systems fail to provide the best possible attack detection rate with low false alarm rate. In this paper,we propose to use a hybrid intelligent approach using a combination of classifiers in order to make the decision intelligently, so that the overall performance of the resul-tant model is enhanced. The general procedure in this is to follow the supervised or un-supervised data filtering with classifier or cluster first on the whole training dataset and then the output are applied to another classifier to classify the data. In this re- search, we applied Neural Network with Supervised and Unsupervised Learning in order to implement the intrusion detection system. Moreover, in this project, we used the method of Parallelization with real time application of the system processors to detect the systems intrusions.Using this method enhanced the speed of the intrusion detection. In order to train and test the neural network, NSLKDD database was used. Creating some different intrusion detection systems, each of which considered as a single agent, we precisely proceeded with the signature-based intrusion detection of the network.In the proposed design, the attacks have been classified into 4 groups and each group is detected by an Agent equipped with intrusion detection system (IDS).These agents act independently and report the intrusion or non-intrusion in the system; the results achieved by the agents will be studied in the Final Analyst and at last the analyst reports that whether there has been an intrusion in the system or not.Keywords: Intrusion Detection, Multi-layer Perceptron, False Positives, Signature- based intrusion detection, Decision tree, Nave Bayes Classifier
APA, Harvard, Vancouver, ISO, and other styles
28

AlYousef, Mutep Y., and Nabih T. Abdelmajeed. "Dynamically Detecting Security Threats and Updating a Signature-Based Intrusion Detection System’s Database." Procedia Computer Science 159 (2019): 1507–16. http://dx.doi.org/10.1016/j.procs.2019.09.321.

Full text
APA, Harvard, Vancouver, ISO, and other styles
29

Cepheli, Özge, Saliha Büyükçorak, and Güneş Karabulut Kurt. "Hybrid Intrusion Detection System for DDoS Attacks." Journal of Electrical and Computer Engineering 2016 (2016): 1–8. http://dx.doi.org/10.1155/2016/1075648.

Full text
Abstract:
Distributed denial-of-service (DDoS) attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS), for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.
APA, Harvard, Vancouver, ISO, and other styles
30

Uddin, Mueen, Kamran Khowaja, and Azizah Abdul Rehman. "Dynamic Multi-Layer Signature Based Intrusion Detection System Using Mobile Agents." International Journal of Network Security & Its Applications 2, no. 4 (October 22, 2010): 129–41. http://dx.doi.org/10.5121/ijnsa.2010.2411.

Full text
APA, Harvard, Vancouver, ISO, and other styles
31

Gascon, Hugo, Agustin Orfila, and Jorge Blasco. "Analysis of update delays in signature-based network intrusion detection systems." Computers & Security 30, no. 8 (November 2011): 613–24. http://dx.doi.org/10.1016/j.cose.2011.08.010.

Full text
APA, Harvard, Vancouver, ISO, and other styles
32

Han, Hong, Xian Liang Lu, Jun Lu, Chen Bo, and Ren Li Yong. "Data mining aided signature discovery in network-based intrusion detection system." ACM SIGOPS Operating Systems Review 36, no. 4 (October 2002): 7–13. http://dx.doi.org/10.1145/583800.583801.

Full text
APA, Harvard, Vancouver, ISO, and other styles
33

Abbas, Umar Farouk, and Abdulrahman Abdulkarim. "PERFORMANCE ANALYSIS OF CAPTCHA BASED BLOCKING AND RESPONSE OF AN INTRUSION DETECTION MODEL USING SIGNATURE." FUDMA JOURNAL OF SCIENCES 6, no. 3 (July 6, 2022): 248–53. http://dx.doi.org/10.33003/fjs-2022-0603-998.

Full text
Abstract:
Intrusion Detection System is the process of intelligently monitoring the events occurring in a computer system or network, analyzing them for signs of violations of a security policy. Its primary aim is to protect the availability, confidentiality and integrity of critical networked information systems. This paper considered and reviewed a CAPTCHA based intrusion detection model. A method of incorporating signature was used along with the CAPTCHA in the intrusion detection model to clear the controversy identified in the existing model. The signature provides a means of identifying intruders that are able to by-pass the system as legitimate users. The model was implemented using a website hosted online. Dataset obtained from the site was analyzed based on Naïve Bayes classification model using confusion matrices. Implementation of the data analysis was carried out using RStudio software package. Analyzed results shows a better Detection Rate (DR), Accuracy (CR) and False Positive Rate (FPR). This shows that the developed system has significant capability of identifying intelligent spywares targeted at breaking CAPTCHA
APA, Harvard, Vancouver, ISO, and other styles
34

Prakash N Kalavadekar, Mr, and Dr Shirish S. Sane. "Effect of Mutation and Crossover Probabilities on Genetic Algorithm and Signature Based Intrusion Detection System." International Journal of Engineering & Technology 7, no. 4.19 (November 27, 2018): 1011. http://dx.doi.org/10.14419/ijet.v7i4.19.28277.

Full text
Abstract:
Conventional methods of intrusion prevention like firewalls, cryptography techniques or access management schemes, have not provided complete protection to computer systems and networks from refined malwares and attacks. Intrusion Detection Systems (IDS) are giving the right solution to the current issues and became an important part of any security management system to detect these threats and will not generate widespread harm. The basic goal of IDS is to detect attacks and their nature that may harm the computer system. Several different approaches for intrusion detection have been reported in the literature. The signature based concept using genetic algorithm as features selection and, J48 as classifier to detect attack is proposed in this paper. The system was evaluated on KDD Cup 99, NSL-KDD and Kyoto 2006+ datasets.
APA, Harvard, Vancouver, ISO, and other styles
35

Iliyasu, Auwal Sani. "A Survey of Network Intrusion Detection Techniques Using Deep Learning." International Journal of Engineering Research in Computer Science and Engineering 9, no. 8 (August 6, 2022): 93–97. http://dx.doi.org/10.36647/ijercse/09.08.art017.

Full text
Abstract:
Network intrusion detection has been studied for long time, with many techniques such as signature-based methods and classical machine learning methods currently available. Recently, DL techniques have received considerable attention for use in intrusion detection systems, due to their inherent advantages such as automatic feature learning. This paper gives an overview about DL techniques employed in intrusion detection to enable new researchers who wish to begin research in the field to be conversant with the state-of-the-art methods as well as unexplored areas.
APA, Harvard, Vancouver, ISO, and other styles
36

Abdulameer, Hasan, Inam Musa, and Noora Salim Al-Sultani. "Three level intrusion detection system based on conditional generative adversarial network." International Journal of Electrical and Computer Engineering (IJECE) 13, no. 2 (April 1, 2023): 2240. http://dx.doi.org/10.11591/ijece.v13i2.pp2240-2258.

Full text
Abstract:
<span lang="EN-US">Security threat protection is important in the internet of things (IoT) applications since both the connected device and the captured data can be hacked or hijacked or both at the same time. To tackle the above-mentioned problem, we proposed three-level intrusion detection system conditional generative adversarial network (3LIDS-CGAN) model which includes four phases such as first-level intrusion detection system (IDS), second-level IDS, third-level IDS, and attack type classification. In first-level IDS, features of the incoming packets are extracted by the firewall. Based on the extracted features the packets are classified into three classes such as normal, malicious, and suspicious using support vector machine and golden eagle optimization. Suspicious packets are forwarded to the second-level IDS which classified the suspicious packets as normal or malicious. Here, signature-based intrusions are detected using attack history information, and anomaly-based intrusions are detected using event-based semantic mapping. In third-level IDS, adversary packets are detected using CGAN which automatically learns the adversarial environment and detects adversary packets accurately. Finally, proximal policy optimization is proposed to detect the attack type. Experiments are conducted using the NS-3.26 network simulator and performance is evaluated by various performance metrics which results that the proposed 3LIDS-CGAN model outperforming other existing works.</span>
APA, Harvard, Vancouver, ISO, and other styles
37

Pao, Derek, Nga Lam Or, and Ray C. C. Cheung. "A memory-based NFA regular expression match engine for signature-based intrusion detection." Computer Communications 36, no. 10-11 (June 2013): 1255–67. http://dx.doi.org/10.1016/j.comcom.2013.03.002.

Full text
APA, Harvard, Vancouver, ISO, and other styles
38

Ouarda, Lounis, Bourenane Malika, Nacer Eddine Yousfi, and Bouderah Brahim. "Improving the efficiency of intrusion detection in information systems." Journal of Intelligent Systems 31, no. 1 (January 1, 2022): 835–54. http://dx.doi.org/10.1515/jisys-2022-0059.

Full text
Abstract:
Abstract Policy Interaction Graph Analysis is a Host-based Intrusion Detection tool that uses Linux MAC Mandatory access control policy to build the licit information flow graph and uses a detection policy defined by the administrator to extract illicit behaviour from the graph. The main limitation of this tool is the generation of a huge signature base of illicit behaviours; hence, this leads to the use of huge memory space to store it. Our primary goal in this article is to reduce this memory space while keeping the tool’s efficiency in terms of intrusion detection rate and false generated alarms. First, the interactions between the two nodes of the graph were grouped into a single interaction. The notion of equivalence class was used to classify the paths in the graph and was compressed by using a genetic algorithm. Such an approach showed its efficiency compared to the approach proposed by Pierre Clairet, by which the detection rate obtained was 99.9%, and no false-positive with a compression rate of illicit behaviour signature database reached 99.44%. Having these results is one of the critical aspects of realizing successful host-based intrusion detection systems.
APA, Harvard, Vancouver, ISO, and other styles
39

Usman, Saifudin, Idris Winarno, and Amang Sudarsono. "SDN-Based Network Intrusion Detection as DDoS defense system for Virtualization Environment." EMITTER International Journal of Engineering Technology 9, no. 2 (December 30, 2021): 252–67. http://dx.doi.org/10.24003/emitter.v9i2.616.

Full text
Abstract:
Nowadays, DDoS attacks are often aimed at cloud computing environments, as more people use virtualization servers. With so many Nodes and distributed services, it will be challenging to rely solely on conventional networks to control and monitor intrusions. We design and deploy DDoS attack defense systems in virtualization environments based on Software-defined Networking (SDN) by combining signature-based Network Intrusion Detection Systems (NIDS) and sampled flow (sFlow). These techniques are practically tested and evaluated on the Proxmox production Virtualization Environment testbed, adding High Availability capabilities to the Controller. The evaluation results show that it promptly detects several types of DDoS attacks and mitigates their negative impact on network performance. Moreover, it also shows good results on Quality of Service (QoS) parameters such as average packet loss about 0 %, average latency about 0.8 ms, and average bitrate about 860 Mbit/s.
APA, Harvard, Vancouver, ISO, and other styles
40

Modi, Chirag N., Dhiren R. Patel, Avi Patel, and Muttukrishnan Rajarajan. "Integrating Signature Apriori based Network Intrusion Detection System (NIDS) in Cloud Computing." Procedia Technology 6 (2012): 905–12. http://dx.doi.org/10.1016/j.protcy.2012.10.110.

Full text
APA, Harvard, Vancouver, ISO, and other styles
41

Masdari, Mohammad, and Hemn Khezri. "A survey and taxonomy of the fuzzy signature-based Intrusion Detection Systems." Applied Soft Computing 92 (July 2020): 106301. http://dx.doi.org/10.1016/j.asoc.2020.106301.

Full text
APA, Harvard, Vancouver, ISO, and other styles
42

Hubballi, Neminath, and Vinoth Suryanarayanan. "False alarm minimization techniques in signature-based intrusion detection systems: A survey." Computer Communications 49 (August 2014): 1–17. http://dx.doi.org/10.1016/j.comcom.2014.04.012.

Full text
APA, Harvard, Vancouver, ISO, and other styles
43

Athavale, Nachiket, Shubham Deshpande, Vikash Chaudhary, Jatin Chavan, and S. S. Barde. "Framework for Threat Analysis and Attack Modelling of Network Security Protocols." International Journal of Synthetic Emotions 8, no. 2 (July 2017): 62–75. http://dx.doi.org/10.4018/ijse.2017070105.

Full text
Abstract:
Nowadays everything is computerized including banking and personal records. Also, to boost business profits, businessmen have changed their way of operations from physical way to electronic way, for example Flipkart. But as these developments benefit the developer they also increase the chance of exposing all of customer's personal details to malicious users. Hackers can enter into the system and can steal crucial or sensitive information about other authentic users and in case of banks leads to frauds. Security thus, becomes an important issue for all companies and banks. Intrusion detection systems help such companies by detecting in real time whether an intrusion is carried on or not. Here the authors are developing a signature based intrusion detection system which will scan incoming packets and send a warning message to system administrator. Also, the authors are implementing a framework and provide it to all the users so that developing intrusion detection based system similar to ours. The advantage of using framework is that it can be upgraded and re-defined whenever it is needed.
APA, Harvard, Vancouver, ISO, and other styles
44

Almuhairi, Thani, Ahmad Almarri, and Khalid Hokal. "An Artificial Intelligence-based Intrusion Detection System." Journal of Cybersecurity and Information Management 07, no. 02 (April 1, 2021): 95–111. http://dx.doi.org/10.54216/jcim.07.02.04.

Full text
Abstract:
Intrusion detection systems have been used in many systems to avoid malicious attacks. Traditionally, these intrusion detection systems use signature-based classification to detect predefined attacks and monitor the network's overall traffic. These intrusion detection systems often fail when an unseen attack occurs, which does not match with predefined attack signatures, leaving the system hopeless and vulnerable. In addition, as new attacks emerge, we need to update the database of attack signatures, which contains the attack information. This raises concerns because it is almost impossible to define every attack in the database and make the process costly also. Recently, research in conjunction with artificial intelligence and network security has evolved. As a result, it created many possibilities to enable machine learning approaches to detect the new attacks in network traffic. Machine learning has already shown successful results in the domain of recommendation systems, speech recognition, and medical systems. So, in this paper, we utilize machine learning approaches to detect attacks and classify them. This paper uses the CSE-CIC-IDS dataset, which contains normal and malicious attacks samples. Multiple steps are performed to train the network traffic classifier. Finally, the model is deployed for testing on sample data.
APA, Harvard, Vancouver, ISO, and other styles
45

Latha, S., and Sinthu Janita Prakash. "A Signature Based Intrusion Detection System with HPFSM and Fuzzy Based Classification Method (IDSFSC)." Asian Journal of Engineering and Applied Technology 8, no. 2 (May 5, 2019): 23–29. http://dx.doi.org/10.51983/ajeat-2019.8.2.1144.

Full text
Abstract:
Securing a network from the attackers is a challenging task at present as many users involve in variety of computer networks. To protect any individual host in a network or the entire network, some security system must be implemented. In this case, the Intrusion Detection System (IDS) is essential to protect the network from the intruders. The IDS has to deal with a lot of network packets with different characteristics. A signature-based IDS is a potential tool to understand former attacks and to define suitable method to conquest it in variety of applications. This research article elucidates the objective of IDS with a mechanism which combines the network and host-based IDS. The benchmark dataset for DARPA is considered to generate the IDS mechanism. In this paper, a frame work IDSFSC – signature-based IDS with high pertinent feature selection method is framed. This frame work consists of earlier proposed Feature Selection Method (HPFSM with Enhanced Artificial Neural Network (EANN) for classification of nodes or packets in the network, then the signatures or attack rules are configured by implementing Association Rule mining algorithm and finally the rules are restructured using a pattern matching algorithm-Aho-Corasick to ease the rule checking. The metrics classification accuracy, False Positive Rate (FPR) and Precision are checked and proved the proposed frame work’s efficiency.
APA, Harvard, Vancouver, ISO, and other styles
46

Alzahrani, Mohammed Saeed, and Fawaz Waselallah Alsaade. "Computational Intelligence Approaches in Developing Cyberattack Detection System." Computational Intelligence and Neuroscience 2022 (March 18, 2022): 1–16. http://dx.doi.org/10.1155/2022/4705325.

Full text
Abstract:
The Internet plays a fundamental part in relentless correspondence, so its applicability can decrease the impact of intrusions. Intrusions are defined as movements that unfavorably influence the focus of a computer. Intrusions may sacrifice the reputability, integrity, privacy, and accessibility of the assets attacked. A computer security system will be traded off when an intrusion happens. The novelty of the proposed intelligent cybersecurity system is its ability to protect Internet of Things (IoT) devices and any networks from incoming attacks. In this research, various machine learning and deep learning algorithms, namely, the quantum support vector machine (QSVM), k-nearest neighbor (KNN), linear discriminant and quadratic discriminant long short-term memory (LSTM), and autoencoder algorithms, were applied to detect attacks from signature databases. The correlation method was used to select important network features by finding the features with a high-percentage relationship between the dataset features and classes. As a result, nine features were selected. A one-hot encoding method was applied to convert the categorical features into numerical features. The validation of the system was verified by employing the benchmark KDD Cup database. Statistical analysis methods were applied to evaluate the results of the proposed study. Binary and multiple classifications were conducted to classify the normal and attack packets. Experimental results demonstrated that KNN and LSTM algorithms achieved better classification performance for developing intrusion detection systems; the accuracy of KNN and LSTM algorithms for binary classification was 98.55% and 97.28%, whereas the KNN and LSTM attained a high accuracy for multiple classification (98.28% and 970.7%). Finally, the KNN and LSTM algorithms are fitting-based intrusion detection systems.
APA, Harvard, Vancouver, ISO, and other styles
47

Najafian, Ziaeddin, Vahe Aghazarian, and Alireza Hedayati. "Signature-Based Method and Stream Data Mining Technique Performance Evaluation for Security and Intrusion Detection in Advanced Metering Infrastructures (AMI)." International Journal of Computer and Electrical Engineering 7, no. 2 (2015): 128–39. http://dx.doi.org/10.17706/ijcee.2015.v7.879.

Full text
APA, Harvard, Vancouver, ISO, and other styles
48

NIKULIN, VLADIMIR. "WEIGHTED THRESHOLD-BASED CLUSTERING FOR INTRUSION DETECTION SYSTEMS." International Journal of Computational Intelligence and Applications 06, no. 01 (March 2006): 1–19. http://dx.doi.org/10.1142/s1469026806001770.

Full text
Abstract:
Signature-based intrusion detection systems look for known, suspicious patterns in the input data. In this paper we explore compression of labeled empirical data using threshold-based clustering with regularization. The main target of clustering is to compress training dataset to the limited number of signatures, and to minimize the number of comparisons that are necessary to determine the status of the input event as a result. Essentially, the process of clustering includes merging of the clusters which are close enough. As a consequence, we will reduce original dataset to the limited number of labeled centroids. In a complex with k-nearest-neighbor (kNN) method, this set of centroids may be used as a multi-class classifier. Clearly, different attributes have different importance depending on the particular training database and given cost matrix. This importance may be regulated in the definition of the distance using linear weight coefficients. The paper introduces special procedure to estimate above weight coefficients. The experiments on the KDD-99 intrusion detection dataset have confirmed the effectiveness of the proposed methods.
APA, Harvard, Vancouver, ISO, and other styles
49

Radivilova, Tamara, Lyudmyla Kirichenko, Maksym Tawalbeh, Petro Zinchenko, and Vitalii Bulakh. "THE LOAD BALANCING OF SELF-SIMILAR TRAFFIC IN NETWORK INTRUSION DETECTION SYSTEMS." Cybersecurity: Education, Science, Technique 3, no. 7 (2020): 17–30. http://dx.doi.org/10.28925/2663-4023.2020.7.1730.

Full text
Abstract:
The problem of load balancing in intrusion detection systems is considered in this paper. The analysis of existing problems of load balancing and modern methods of their solution are carried out. Types of intrusion detection systems and their description are given. A description of the intrusion detection system, its location, and the functioning of its elements in the computer system are provided. Comparative analysis of load balancing methods based on packet inspection and service time calculation is performed. An analysis of the causes of load imbalance in the intrusion detection system elements and the effects of load imbalance is also presented. A model of a network intrusion detection system based on packet signature analysis is presented. This paper describes the multifractal properties of traffic. Based on the analysis of intrusion detection systems, multifractal traffic properties and load balancing problem, the method of balancing is proposed, which is based on the funcsioning of the intrusion detection system elements and analysis of multifractal properties of incoming traffic. The proposed method takes into account the time of deep packet inspection required to compare a packet with signatures, which is calculated based on the calculation of the information flow multifractality degree. Load balancing rules are generated by the estimated average time of deep packet inspection and traffic multifractal parameters. This paper presents the simulation results of the proposed load balancing method compared to the standard method. It is shown that the load balancing method proposed in this paper provides for a uniform load distribution at the intrusion detection system elements. This allows for high speed and accuracy of intrusion detection with high-quality multifractal load balancing.
APA, Harvard, Vancouver, ISO, and other styles
50

Leonardi, Mauro, and Fabrizio Gerardi. "Aircraft Mode S Transponder Fingerprinting for Intrusion Detection." Aerospace 7, no. 3 (March 18, 2020): 30. http://dx.doi.org/10.3390/aerospace7030030.

Full text
Abstract:
Nowadays, aircraft safety is based on different systems and four of them share the same data-link protocol: Secondary Surveillance Radar, Automatic Dependent Surveillance System, Traffic Collision Avoidance System, and Traffic Information System use the Mode S protocol to send and receive information. This protocol does not provide any kind of authentication, making some of these applications vulnerable to cyberattacks. In this paper, an intrusion detection mechanism based on transmitter Radio Frequency (RF) fingerprinting is proposed to distinguish between legitimate messages and fake ones. The proposed transmitter signature is described and an intrusion detection algorithm is developed and evaluated in case of different intrusion configurations, also with the use of real recorded data. The results show that it is possible to detect the presence of fake messages with a high probability of detection and very low probability of false alarm.
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography