INTRUSION DETECTION SYSTEMS: A REVIEW

Article Sidebar

PDF
Published: Oct 20, 2017
DOI: https://doi.org/10.26483/ijarcs.v8i8.4703
Keywords:
Network traffic, Information security, Intrusion detection, Attack, Network anomaly detection, Taxonomy

Main Article Content

D. Ashok Kumar
Associate Professor, Department of Computer Science Government Arts College, Tiruchirappalli, India
SR Venugopalan
Scientist, Information and Computing technologies Aeronautical Development Agency (Ministry of Defence) Bangalore, India

Abstract

Given the exponential growth of Internet and increased availability of bandwidth, Intrusion Detection has become the critical component of Information Security and the importance of secure networks has tremendously increased. Though the concept of Intrusion Detection was introduced by James Anderson J. P. in the year 1980, it has gained lots of importance in the recent years because of the recent attacks on the IT infrastructure. The main objective of this study is to examine the existing literature on various approaches for Intrusion Detection in particular Anomaly Detection, to examine their conceptual foundations, to taxonomize the Intrusion Detection System (IDS) and to develop a morphological framework for IDS for easy understanding. In this study a detailed survey of IDS from the initial days, the development of IDS, architectures, components are presented.

Downloads

Download data is not yet available.

Article Details

Issue
Vol. 8 No. 8 (2017): September-October
Section
Articles

COPYRIGHT

Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
  • The journal allows the author(s) to retain publishing rights without restrictions.
  • The journal allows the author(s) to hold the copyright without restrictions.
Author Biographies

D. Ashok Kumar, Associate Professor, Department of Computer Science Government Arts College, Tiruchirappalli, India

Dr. D. Ashok Kumar is an Associate Professor in the Department of Computer Science, Government Arts College, Tiruchirappalli. His current research interests include Data Mining Algorithms, Pattern Matching and Information Security and Systems. His research works have appeared in a variety of international journals and international conference proceedings. He has guided several M. Phil. and PhD. D. Scholars.

SR Venugopalan, Scientist, Information and Computing technologies Aeronautical Development Agency (Ministry of Defence) Bangalore, India

S. R. Venugopalan holds M. Sc., M. Phil in Computer Science. He obtained his M.S (by research) in Management from IIT Madras and he is a Scientist in Information & Computing Technologies Directorate of Aeronautical Development Agency, Bangalore. His current research interests are in Information Technology and Information Security, Project Management, Product Lifecycle Management and Enterprise Information Systems and their implementation. His research works have appeared in of international journals and international conference proceedings.

References

Anderson, J.P., Computer Security Threat Monitoring and Surveillance, Technical report, James P. Anderson Co., Fort Washington, PA., April 1980. On Software Engineering, vol. SE-13, pp. 222-232, February 1987.

Ashok Kumar, D., and Venugopalan, S.R., 2016, December. A Novel algorithm for Network Anomaly Detection using Adaptive Machine Learning. In Advanced Computing and Intelligent Technologies (ICACIE), 2016 First International Conference on. Springer

Singh, S.P. (2010) Data Clustering Using K-Mean Algorithm For Network Intrusion Detection, Thesis, Lovely Professional University, Jalandhar.

Deepthy K. Denatious, and John, A. (2012) ‘Survey on data mining techniques to enhance intrusion detection’, International Conference on Computer Communication and Informatics, ICCI-2012, Coimbatore, India.

C. Kruegel, F. Valeur, and G. Vigna. Intrusion Detection and Correlation: Challenges and Solutions. Springer-Verlag Telos, 2004.

L. R. Halme and R. K. Bauer. AINT misbehaving – A taxonomy of anti-intrusion techniques. In Proc. of 18th NIST-NCSC National Information Systems Security Conference, pages 163–172, 1995.

D.E. Denning, An Intrusion-Detection Model, IEEE Transactions on Software Engineering, vol. SE-13, pp. 222-232, 1987.

Dinakara K, “Anomaly Based Network Intrusion Detection Systemâ€, Thesis Report, Dept. of Computer Science and Engineering, IIT Khargpur 2008

Guy Bruneau – GSEC Version 1.2f,†The History and Evolution of Intrusion Detectionâ€, SANS Institute 2001.

Ilgun, Koral, USTAT:a real time IDS for Unix, Proceedings of the 1993 IEEE Computer Society Symposium on research insecurity and privacy, 1993.

Mark Crosbie, Gene Spafford, Defending a Computer System using Autonomous Agents, Technical report No. 95-022, COAST Laboratory, Department of Computer Sciences, Purdue University, March 1994.

D. Anderson, T. Frivold, A. Valdes, Next-generation intrusion detection expert system (NIDES), Technical report, SRI-CSL-95-07, SRI International, Computer Science Lab, May 1995."

Paxson, Vern, Bro: A system for detecting network intruders in real-time, Computer Network, v 31, n 23, Dec 1999.

Ning,Wang X.S, Jajodia S, Modelling requests among cooperating IDSs, Computer Communications, v 23, n 17, Nov, 2000."

J. E. Dickerson and J. A. Dickerson, “Fuzzy network profiling for intrusion detection,†In Proceedings of the 19th International Conference of the North American Fuzzy Information Processing Society (NAFIPS), 13-15 July 2000, pp. 301 – 306.

Debar H, Becker M, and Siboni D, “A Neural Network Component for an Intrusion Detection Systemâ€, IEEE Computer Society Symposium on Research in Security and Privacy, Los Alamitos Oakland, CA, pp. 240–250, May 1992.

Ghosh A, K. A Schwartzbard, and M Schatz, “Learning program behavior profiles

D. Barbara, N. Wu, and S. Jajodia, “Detecting novel network intrusions using bayes estimatorsâ€, In proceedings of the first SIAM international conference on Data Mining, Chicago , USA, Apr 2001.

Jiong Zhang and Mohammed Zulkernine, “Anomaly based Network Intrusion Detection with Unsupervised Outlier Detectionâ€, IEEE International Conference on Communications 2006.

DK Bhattacharyya and JK Kalita, 2014, “Network Anomaly Detection: A Machine Learning Perspectiveâ€, CRC Press, Taylor & Francis Group, International Standard Book Number-13: 978-1-4665-8209-5

Bhuyan, M. H., Bhattacharyya, D. K., and Kalita, J. K. Surveying port scans and their detection methodologies. The Computer Journal 54, 4 (April 2011), 1-17.

Thomas, C., 2009. Performance enhancement of intrusion detection systems using advances in sensor fusion. Supercomputer Education and Research Centre Indian Institute of Science, Doctoral Thesis. Available at: http://www. serc. iisc. ernet. In/graduation-theses/CizaThomas-PhD-Thesis.pdf.

V. Chandola, A. Banerjee and V. Kumar. ACM Computing Surveys, Vol. 41(3) Article 15 2009. DOI 10.1145/1541880.1541882 http://doi.acm.org/10.1145/ 1541880.1541882.

Wikimedia, Foundation. Intrusion detection system. http://en.wikipedia.org/wiki/Intrusion-detection system, February 2009.

Longe Olumide Babatope., Lawal, Babatunde. Ibitola Ayobami, “Strategic Sensor Placement for Intrusion Detection in Network-Based IDS†I.J. Intelligent Systems and Applications, 2014, 02, 61-68, I.J. Intelligent Systems and Applications, 2014, 02, 61-68

Vasilios S.; Fotini P., “Application of anomaly detection algorithms for detecting SYN flooding attacksâ€, Elsevier, Computer Communications, Vol. 29, pp. 1433, 1442, 2006

Dorothy D., “An Intrusion-Detection Modelâ€, IEEE Transactions on Software Engineering, Vol. SE-13, No. 2, pp. 222, 232, Feb. 1987

James C.; Jay H., “A Comparative Analysis of Current Intrusion Detection Technologiesâ€, Proceeding of 4th Technology for Information Security Conference, TISC’96, Houston, TX, May.1996"

Anurag Jain, Bhupendra Verma and J. L. Rana., “Anomaly Intrusion Detection Techniques: A Brief Reviewâ€, International Journal of Scientific & Engineering Research, Vol 5(7), 2014

Manasi Gyanchandani, J. L. Rana, R .N. Yadav, “Taxonomy of Anomaly Based Intrusion Detection System: A Reviewâ€, International Journal of Scientific and Research Publications, Vol 2(12), 2012

Martin Elich, “Flow-based Network Anomaly Detection in the context of IPv6â€, Thesis Report, FAKULTA INFORMATIKY, MASARYKOVA UNIVERZITA, 2012.

Hartigan, J. A., and Wong, M. A. Algorithm AS 136: A k-means clustering algorithm. Applied Statistics 28, 1 (1979), 100-108.

Patcha, A., and Park, J.-M. Detecting denial-of-service attacks with incomplete audit data. In Proc. of the 14th Int'nl Conference on Computer Communications and Networks (ICCCN 2005) (October 2005), IEEE Computer Society, pp. 263-268."

Sampada Chavan, Khusbu Shah, Neha Dave and Sanghamitra Mukherjee†Adaptive Neuro-Fuzzy Intrusion Detection Systems†Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’04) IEEE 2004.

Narayana; Prasad; Srividhya; Reddy, “Data Mining Machine Learning Techniques – A Study on Abnormal Anomaly Detection Systemâ€, International Journal of Computer Science and Telecommunications, Vol. 2, Issue 6, Sept. 2011

Yevgeniy Bodyanskiy, Sergiy Popov, Neural Network Approach to Forecasting of Quasiperiodic Financial Time Series, European Journal of Operational Research Vol. 175, pp. 1357-1366, 2006.

Goldberg, D. E. Genetic Algorithms in Search, Optimization and Machine Learning. Addison-Wesley, New York, 1989.

Das, K. Protocol Anomaly Detection for Network-based Intrusion Detection, SANS Institute, GSEC Practical Assignment Version 1.2f, 2001

M. V. Mahoney and P. K. Chan, “Learning Non stationary Models of Normal Network Traffic for Detecting Novel Attacks.†ACM SIGKDD international conference on Knowledge discovery and data mining, 2002.

ACM Press, “Learning non stationary models of normal network traffic for detecting novel attacks,†in Eighth ACM SIGKDD international conference on Knowledge discovery and data mining. ACM Press, 2002, pp. 376–385.

Chan, P. K., Mahoney, M. V., and Arshad, M. H. A machine learning approach to anomaly detection. Tech. Rep. CS-2003-06, Department of Computer Science, Florida Institute of Technology, 2003

Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Kumar,V., and Srivastava, J. MINDS | Minnesota Intrusion Detection System, 2004.

D. Barbar´a, J. Couto, S. Jajodia, and N. Wu, “ADAM: a testbed for exploring the use of data mining in intrusion detection,†in ACM SIGMOD Record: SPECIAL ISSUE: Special section on data mining for intrusion detection and threat analysis, vol. 30, no. 4. ACM Press, 2001, pp. 15–24.

Lippmann, R. P., Fried, D. J., Graf, I., Haines_ J. W., Kendall, K. R., Mc-Clung, D., Weber, D., Webster, S., E., Wyschogrod, D., Cunningham, R. K., and Zissman, M. A., (2000)

S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle, GrIDS – A Graph-Based Intrusion Detection System for Large Networks, The 19th National Information Systems Security Conference, Baltimore, MD., October 1996.

M. M. Williamson, “Throttling viruses: Restricting propagation to defeat malicious mobile code,"" ACSAC Security Conference, 2002.

K. Wang, S. Stolfo, “Anomalous Payload-Based Network Intrusion Detection,†Recent Advances in Intrusion Detection (RAID), 2004.

M. Mahoney, “Network Traffic Anomaly Detection Based on Packet Bytes,†ACM Symposium on Applied Computing (SAC), 2003.

Zwicky, F. (1948a). Morphological astronomy. Observatory, 68(845), 121–143.

Lee, W., Stolfo, S. J. Data Mining Approaches for Intrusion Detection, Proceedings of the 7th USENIX Security Symposium, pp. 26-29, San Antonio, Texas, January 1998.

Martin Roesch: “Snort Documentsâ€, http://www.snort.org/docs/ 1998.