Intrusion Detection Systems - IT Library : ZDNet Asia

White Papers

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Tangled Web : Undercover Threats, Invisible Enemies 2009-06-10

MessageLabs offers integrated web and email security services proven to stay a step ahead of the bad guys. Its Web Security service, for example, includes anti-spyware and anti-virus protection, as well as industry-leading converged threat analysis which ensures that threat intelligence learned from email is also applied to web security.

Tags: Intrusion - Tampering, Intrusion - Tampering, Intrusion - Tampering, Business Functions

A CP Intrusion Detection Strategy on Cloud Computing 2009-05-24 Academy Publisher

Cloud Computing is a general concept of the computing service which is reliance on the Internet for satisfying the computing needs of the users. The providers and the users of the service will be benefit for the new organization pattern. This paper proposes a framework for the construction of a CP intrusion detection system in E-Government. The idea can help people construct a flexible security system based on a well organized strategy and statistical model.

Tags: Intrusion - Tampering, IT Infrastructure

A Strategic Review of Existing Mobile Agent-Based Intrusion Detection Systems 2009-05-21 Yahoo

Intrusion Detection Systems (IDS) is defined as a component that analyses system and user operations in computer and network systems in search of activities considered undesirable from security perspectives. Applying Mobile Agent (MA) to intrusion detection design is a recent development and it is aimed at effective intrusion detection in distributed environment. From the literature, it is clear that most MA-based IDS that are available are not quite effective because their time to detection is high and detect limited intrusions. This paper proposes a way of classifying a typical IDS and then strategically reviews the existing mobile agent-based IDSs focusing on each of the categories of the classification, for example architecture, mode of data collection, the techniques for analysis, and the security of these intelligent codes.

Tags: Security Administration, Intrusion - Tampering

A Multi-Layered Approach to the Design of Intelligent Intrusion Detection and Prevention System (IIDPS) 2009-05-21 Babcock University

Ignoring security threats can have serious consequences; therefore host machines in network must continually be monitored for intrusions since they are the final endpoint of any network. As a result, this paper presents an Intelligent Intrusion Detection and Prevention System (IIDPS), which monitors a single host system from three different layers; files analyzer, system resource and connection layers. The approach introduced, a multi - layered approach, in which each layer harnesses both aspects of existing approach, signature and anomaly approaches, to achieve a better detection and prevention capabilities.

Tags: Security Administration, Intrusion - Tampering

Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs 2009-05-19 George Mason University

Network security tools generally lack sufficient context for maintaining a well informed and proactive defense posture. Vulnerabilities are usually assessed in isolation, without considering how they contribute to overall attack risk. Similarly, intrusion alarms are logged as isolated events, with limited correlation capabilities. Security professionals are often overwhelmed by constant threats, complexity of security data, and network growth. The approach to network defense applies attack graphs for advanced vulnerability analysis and intrusion detection. Attack graphs map paths of vulnerability, showing how attackers can incrementally penetrate a network. One can then identify critical vulnerabilities and provide strategies for protection of critical network assets. Because of operational constraints, vulnerability paths may often remain.

Tags: Security Administration, Intrusion - Tampering

Benchmarking Network Intrusion Detection Systems 2009-05-13 Endace

With no agreed standard for benchmarking Network Intrusion Detection Systems (NIDS), vendors often quote performance figures that do not reflect real world implementations. Even test laboratories, which provide valuable product comparisons, cannot verify how a solution will perform in the unique environment of organization. There are simply too many variables to replicate, with traffic profiles, rule sets, configurations and product release versions all impacting on performance. The only way to ensure an NIDS solution will perform as required is to test it under the worst case conditions it will need to handle once deployed in network.

Tags: Security Administration, Intrusion - Tampering

Network Traffic Analysis Optimization for Signature-Based Intrusion Detection Systems 2009-05-09 Lomonosov Moscow State University

This paper proposes a method for signature matching optimization in the field of intrusion detection and prevention. Signature matching algorithm performance is one of the key factors in the overall quality of the IDS/IPS, especially in high-speed networks. Optimization method proposed in this paper relies on semantics of the signature matching task, typical for such systems as Snort. The method minimizes the number of patterns called by the detection system for each network packet, reducing the time of its processing.

Tags: Security Administration, Intrusion - Tampering

Check Point IPS Engine Architecture: New Technologies Provide a Robust Integrated Intrusion Prevention System 2009-05-04 Check Point Software Technologies

Some organizations have a love-hate relationship with Intrusion Prevention System technology, and its older cousin, the Intrusion Detection System. On the one hand, IPS is vital for protecting against a deluge of application layer exploits. According to a Verizon Business Report in 2008 hacking led to data breaches by a margin of almost two to one. 39% of the attacks targeting the Application Service Layer led to data compromise. These attacks often evade usual port/protocol defenses established by a firewall, so detection requires deep-packet inspection with IPS. But when an organization uses in-line blocking deployment of IPS, too often the processing requirements prevent simultaneous use of other security functions. The dilemma of connectivity or security is now moot.

Tags: Security Administration, Intrusion - Tampering

Detecting Insider Attacks Using Non-Negative Matrix Factorization 2009-05-03 Institute of Electrical and Electronics Engineers

It is a fact that vast majority of attention is given to protecting against external threats, which are considered more dangerous. However, some industrial surveys have indicated they have had attacks reported internally. Insider Attacks are an unusual type of threat which are also serious and very common. Unlike an external intruder, in the case of internal attacks, the intruder is someone who has been entrusted with authorized access to the network. This paper presents a Non-negative Matrix Factorization approach to detect inside attacks. Comparisons with other established pattern recognition techniques reveal that the Non-negative Matrix Factorization approach could be also an ideal candidate to detect internal threats.

Tags: Intrusion - Tampering,

Security and Results of a Large-Scale High-Interaction Honeypot 2009-05-01 Academy Publisher

This paper presents the design and discusses the results of a secured high-interaction honeypot. The challenge is to have a honeypot that welcomes attackers, allows userland malicious activities but prevents system corruption. The honeypot must authorize real malicious activities. It must ease the analysis of those activities. A clustered honeypot is proposed for two kinds of hosts. The first class prevents a system corruption and never has to be reinstalled. The second class assumes a system corruption but an easy reinstallation is available. Various off-the-shelf security tools are deployed to detect a corruption and to ease analysis. Moreover, host and network information enable a full analysis for complex scenario of attacks.

Tags: Security Administration, Intrusion - Tampering

Jump to 1 [2] 3 4 5 6 7 8 9 10

Cutting-edge technology from premium sponsors

Adaptive Threat Management
High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?
More resources to optimize the security of your enterprise »

Brought to you by:

More Tech Showcases:

Juniper Networks
Cisco Collaboration
Hitachi Eco-Products

IDC's Powering the Enterprise Cloud Event 2009

12 Nov - 17 Dec 2009

Grand Copthorne Waterfront Hotel, Singapore

4th Annual GovTech 2010

27 - 28 Jan 2010

Amara Hotel, Singapore

ZDNet Asia Top Tech 50 Index

AT&T

Asustek

Canon

Convergys

Ericsson

Hewlett-Packard

Infosys

LogicaCMG

NTT

Samsung

SingTel Group

Toshiba

Xerox

Accenture

Atos Origin

Capgemini

Dell

France Telecom

Hitachi

Intel

Microsoft

Nokia

Satyam Computer Services

Sony

Verizon Communications

ZTE

Alcatel-Lucent

British Telecom

China Mobile

Deutsche Telekom

Fujitsu

Huawei Technologies

LG Electronics

Motorola

Oracle

Seagate Technology

Sun Microsystems

Western Digital

Apple

CSC

Cisco Systems

EMC

Google

IBM

Lenovo Group

NEC

SAP

Siemens IT Solutions & Services

Tata Consultancy Services

Wipro

ZDNet Asia's Top Tech Index will be next updated in 2010.

Overwhelmed by consolidation? Take it in steps.
Learn the 5 steps to data center consolidation - download the whitepaper now.

An Action Plan for Creating a Collaborative Enterprise
Download the eBook by Cisco now!

Choose a career with Accenture in Singapore
A dynamic job opportunity where technology and business intersect

Choose a career with Accenture in Malaysia
A dynamic job opportunity where technology and business intersect

NetIQ DRA live demonstration:
Learn how to improve your efficiency when administering Active Directory

The Roots for a Greener World
Discover Hitachi's Environmental Vision 2025 and featured Eco-Products

The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power

Lack of visibility into network issues and performance?
Find out today. Download SolarWinds FREE 30-Day Trial Software here.

IT Salary Survey
Take our salary survey and be the first to view the 2010 IT Salary & Skills Report

More from CBS Interactive

CBS Interactive Inc Sites

About ZDNet Asia |

About CBS Interactive |

ZDNet Asia editorial calendar |

Advertise with us |

Jobs |

Partnership |

Contact Us |

CNET Direct |

CNET Asia |

CNET Asia mobile |

Sitemap

ZDNet.com |

ZDNet Japan |

ZDNet.de |

CNET UK |

CNET.de |

Tech Republic |

BNET |

MP3.com |

activeTechPros |

ZDNet UK |

ZDNet Korea |

ZDNet France |

CNET Australia |

CNET France |

Download.com |

Builder |

GameSpot

ZDNet Australia |

ZDNet Taiwan |

CNET |

CNET Taiwan |

News.com |

Silicon.com |

TV.com |

GameSpot Korea

News | Insight | Reviews | TechGuides | Jobs | Blogs | Videos | Community | Downloads | IT Library |

Get RSS feeds

Title	Date Added	Company
Tangled Web : Undercover Threats, Invisible Enemies	2009-06-10
MessageLabs offers integrated web and email security services proven to stay a step ahead of the bad guys. Its Web Security service, for example, includes anti-spyware and anti-virus protection, as well as industry-leading converged threat analysis which ensures that threat intelligence learned from email is also applied to web security. Tags: Intrusion - Tampering, Intrusion - Tampering, Intrusion - Tampering, Business Functions
A CP Intrusion Detection Strategy on Cloud Computing	2009-05-24	Academy Publisher
Cloud Computing is a general concept of the computing service which is reliance on the Internet for satisfying the computing needs of the users. The providers and the users of the service will be benefit for the new organization pattern. This paper proposes a framework for the construction of a CP intrusion detection system in E-Government. The idea can help people construct a flexible security system based on a well organized strategy and statistical model. Tags: Intrusion - Tampering, IT Infrastructure
A Strategic Review of Existing Mobile Agent-Based Intrusion Detection Systems	2009-05-21	Yahoo
Intrusion Detection Systems (IDS) is defined as a component that analyses system and user operations in computer and network systems in search of activities considered undesirable from security perspectives. Applying Mobile Agent (MA) to intrusion detection design is a recent development and it is aimed at effective intrusion detection in distributed environment. From the literature, it is clear that most MA-based IDS that are available are not quite effective because their time to detection is high and detect limited intrusions. This paper proposes a way of classifying a typical IDS and then strategically reviews the existing mobile agent-based IDSs focusing on each of the categories of the classification, for example architecture, mode of data collection, the techniques for analysis, and the security of these intelligent codes. Tags: Security Administration, Intrusion - Tampering
A Multi-Layered Approach to the Design of Intelligent Intrusion Detection and Prevention System (IIDPS)	2009-05-21	Babcock University
Ignoring security threats can have serious consequences; therefore host machines in network must continually be monitored for intrusions since they are the final endpoint of any network. As a result, this paper presents an Intelligent Intrusion Detection and Prevention System (IIDPS), which monitors a single host system from three different layers; files analyzer, system resource and connection layers. The approach introduced, a multi - layered approach, in which each layer harnesses both aspects of existing approach, signature and anomaly approaches, to achieve a better detection and prevention capabilities. Tags: Security Administration, Intrusion - Tampering
Advanced Vulnerability Analysis and Intrusion Detection Through Predictive Attack Graphs	2009-05-19	George Mason University
Network security tools generally lack sufficient context for maintaining a well informed and proactive defense posture. Vulnerabilities are usually assessed in isolation, without considering how they contribute to overall attack risk. Similarly, intrusion alarms are logged as isolated events, with limited correlation capabilities. Security professionals are often overwhelmed by constant threats, complexity of security data, and network growth. The approach to network defense applies attack graphs for advanced vulnerability analysis and intrusion detection. Attack graphs map paths of vulnerability, showing how attackers can incrementally penetrate a network. One can then identify critical vulnerabilities and provide strategies for protection of critical network assets. Because of operational constraints, vulnerability paths may often remain. Tags: Security Administration, Intrusion - Tampering
Benchmarking Network Intrusion Detection Systems	2009-05-13	Endace
With no agreed standard for benchmarking Network Intrusion Detection Systems (NIDS), vendors often quote performance figures that do not reflect real world implementations. Even test laboratories, which provide valuable product comparisons, cannot verify how a solution will perform in the unique environment of organization. There are simply too many variables to replicate, with traffic profiles, rule sets, configurations and product release versions all impacting on performance. The only way to ensure an NIDS solution will perform as required is to test it under the worst case conditions it will need to handle once deployed in network. Tags: Security Administration, Intrusion - Tampering
Network Traffic Analysis Optimization for Signature-Based Intrusion Detection Systems	2009-05-09	Lomonosov Moscow State University
This paper proposes a method for signature matching optimization in the field of intrusion detection and prevention. Signature matching algorithm performance is one of the key factors in the overall quality of the IDS/IPS, especially in high-speed networks. Optimization method proposed in this paper relies on semantics of the signature matching task, typical for such systems as Snort. The method minimizes the number of patterns called by the detection system for each network packet, reducing the time of its processing. Tags: Security Administration, Intrusion - Tampering
Check Point IPS Engine Architecture: New Technologies Provide a Robust Integrated Intrusion Prevention System	2009-05-04	Check Point Software Technologies
Some organizations have a love-hate relationship with Intrusion Prevention System technology, and its older cousin, the Intrusion Detection System. On the one hand, IPS is vital for protecting against a deluge of application layer exploits. According to a Verizon Business Report in 2008 hacking led to data breaches by a margin of almost two to one. 39% of the attacks targeting the Application Service Layer led to data compromise. These attacks often evade usual port/protocol defenses established by a firewall, so detection requires deep-packet inspection with IPS. But when an organization uses in-line blocking deployment of IPS, too often the processing requirements prevent simultaneous use of other security functions. The dilemma of connectivity or security is now moot. Tags: Security Administration, Intrusion - Tampering
Detecting Insider Attacks Using Non-Negative Matrix Factorization	2009-05-03	Institute of Electrical and Electronics Engineers
It is a fact that vast majority of attention is given to protecting against external threats, which are considered more dangerous. However, some industrial surveys have indicated they have had attacks reported internally. Insider Attacks are an unusual type of threat which are also serious and very common. Unlike an external intruder, in the case of internal attacks, the intruder is someone who has been entrusted with authorized access to the network. This paper presents a Non-negative Matrix Factorization approach to detect inside attacks. Comparisons with other established pattern recognition techniques reveal that the Non-negative Matrix Factorization approach could be also an ideal candidate to detect internal threats. Tags: Intrusion - Tampering,
Security and Results of a Large-Scale High-Interaction Honeypot	2009-05-01	Academy Publisher
This paper presents the design and discusses the results of a secured high-interaction honeypot. The challenge is to have a honeypot that welcomes attackers, allows userland malicious activities but prevents system corruption. The honeypot must authorize real malicious activities. It must ease the analysis of those activities. A clustered honeypot is proposed for two kinds of hosts. The first class prevents a system corruption and never has to be reinstalled. The second class assumes a system corruption but an easy reinstallation is available. Various off-the-shelf security tools are deployed to detect a corruption and to ease analysis. Moreover, host and network information enable a full analysis for complex scenario of attacks. Tags: Security Administration, Intrusion - Tampering

Security

Featured Whitepapers

Member Login

Adaptive Threat Management

ZDNet Asia Top Tech 50 Index