IUP Publications Online
Home About IUP Magazines Journals Books Archives
     
Recommend    |    Subscriber Services    |    Feedback    |     Subscribe Online
 
The IUP Journal of Computer Sciences :
Network-Based Distributed Intelligent Intrusion Detecting System
:
:
:
:
:
:
:
:
:
 
 
 
 
 
 
 

The breach of security barriers of the computer systems has always been a greater concern in the information technology era. The intrusions and attacks seem to come from different angles and in different types everyday. It has been a critical battle to keep pace with the increasingly mounting threats to the computer systems. Intruders analyze the computer systems through networks for any possible loopholes and vulnerabilities. The intruders exploit these compromising vulnerabilities to mount attacks. The existing Intrusion Detection Systems (IDS) are not efficient and intelligent enough to detect the new types of attacks. The signature-based IDS detect the known type, whereas the misuse detection-based IDS produce a huge amount of false alarm and still need administrator assistance. Traditional IDS are increasingly limited by their need for an up-to-date and comprehensive knowledge base. There is a need for an intelligent IDS, and this paper introduces a network-based distributed IDS with the capability to learn and detect new types of attacks. This IDS focuses on overcoming the most prominent drawback of the existing IDS and may be a step forward in a new direction.

 
 
 

With the rapid growth of technology in all computing fields, the security for those computer and network systems containing valuable data has received the most priority. Defense in depth will need to include firewalls installed to prevent unauthorized access, antiviral software installed to detect viruses and Intrusion Detection System (IDS) placed to prevent outsiders from breaking into the system or to prevent misuse of the system by an insider. An intrusion into an information system tries to compromise the security of the system, stems either from inside the network or outside the network, can steal classified information or create havoc in the system and halt as well as deny access to legitimate user activities incurring huge economic losses. An IDS aims at detecting intrusive activities and gives warnings to the system security administrator. Based on application strategy, existing IDS can be categorized into mainly three types: host-based IDS, often referred to as HIDS; network-based IDS; and router-based IDS, also abbreviated as NIDS. Host-based IDS are usually deployed on individual host-machines to monitor activities on the host machines. Network-based IDS are installed in some strategic computers in the network to monitor data packets sent between host machines. Network-based IDS can detect violations of network security policy and router-based IDS are installed on routers to monitor data packets passing through routers, thus trying to prevent intrusive data packets from entering the network inside the router. Router-based IDS are similar to network-based IDS. The IDS can also be categorized based on the detection technique strategy, signature-based detection, anomaly detection and specification-based detection. In signature-based intrusion detection, the data is matched against known attack characteristics, thus limiting the technique largely to known attacks, even excluding variants of known attacks. In anomaly detection, profiles of normal behavior of systems, usually established through automated training, are compared with the actual activity of the system to flag any significant deviation. Anomaly detection can detect unknown attacks, but often at the price of a high false alarm rate. The security mechanisms and detection technique used in the traditional IDS demonstrated severe weaknesses such as robustness, scalability, intelligence and less human interaction. The new findings also reveal that there is a variant breed of IDS emerging in the industry, combining the signature-based detection and misuse detection techniques; these are called hybrid IDS. The network-based distributed intelligence IDS will overcome most of the drawbacks of the present systems. It is necessary to provide good IDS since security-wise, the IDS faces a large number of threats. Accuracy of detection is a powerful criterion of the proposed system. In brief, the architecture and the selection of detection algorithm play a major role in making the IDS efficient (Sandeep Kumar, 1995; Survey of Intrusion Detection Systems; EMERALD; Network Intrusion Detection; and Vern Paxson, 1999; and Andrew, 2003).

 
 
 

Computer Sciences IUP Journal ,Intrusion Detection System (IDS), Data sensor, Real-Time Monitoring Unit (RTMU), Central Anomaly Processing Unit (CPAU)