Intrusion Detection Systems - IT Library : ZDNet Asia

White Papers

Case Studies

Vendor Webcast

Show all content

Title Date Added Company

Flow Based Network Intrusion Detection System Using Hardware-Accelerated NetFlow Probes 2008-09-30 CESNET

Current network intrusion detection methods based on anomaly detection approaches suffer from comparatively higher error rate and low performance. Proposed flow based network intrusion detection system addresses these issues by using hardware-accelerated probes to collect unsampled NetFlow data from gigabit-speed network links and combining several anomaly detection algorithms by means of collective trust modeling, a multi-agent data fusion method. The data acquired on the network is preprocessed and passed to anomaly detection models to gather independent anomaly opinions for each flow. The anomaly data is passed to several trust models to aggregate the anomalies with past experience, and the flows are re-evaluated to obtain their trustfulness, which is further aggregated to detect malicious traffic.

Tags: Security Administration, Intrusion - Tampering

Correlation-Based Load Balancing for Network Intrusion Detection and Prevention Systems 2008-09-25 Association for Computing Machinery

In large-scale enterprise networks, multiple network intrusion detection and prevention systems are used to provide high quality protections. In this context, keeping load evenly distributed among the systems is crucial. This is because even load distributions provide protection to the networks and improve the networks' quality of service. A challenging problem, however, is to maintain the load balancing of the systems while minimizing the loss of correlation information due to distributing traffic. Since anomaly-based detection and prevention of some intrusions, such as Distributed Denial of Service (DDoS) attacks and port scans, require a single system to analyze correlated flows of the attacks, this loss of correlation information might severely affect the accuracy of the detections and preventions.

Tags: Security Administration, Intrusion - Tampering

LIDeA: A Distributed Lightweight Intrusion Detection Architecture for Sensor Networks 2008-09-25 Association for Computing Machinery

Wireless sensor networks are vulnerable to adversaries as they are frequently deployed in open and unattended environments. Preventive mechanisms can be applied to protect them from an assortment of attacks. However, more sophisticated methods, like intrusion detection systems, are needed to achieve a more autonomic and complete defense mechanism, even against attacks that have not been anticipated in advance. This paper presents a lightweight intrusion detection system, called LIDeA, designed for wireless sensor networks. LIDeA is based on a distributed architecture, in which nodes overhear their neighboring nodes and collaborate with each other in order to successfully detect an intrusion. The paper shows how such a system can be implemented in TinyOS, which components and interfaces are needed, and what is the resulting overhead imposed.

Tags: Security Administration, Intrusion - Tampering

Evaluating the Utility of Anonymized Network Traces for Intrusion Detection 2008-09-25 Association for Computing Machinery

To intelligently create policies governing the anonymization of network logs, one must analyze the effects of anonymization on both the security and utility of sanitized data. This paper focuses on analyzing the utility of network traces post-anonymization. Any measure of utility is subjective to the type of analysis being performed. This work focuses on utility for the task of attack detection since attack detection is an important part of an incident responders daily responsibilities. The paper employs a methodology developed that analyzes the effect of anonymization on Intrusion Detection Systems (IDS), and provides the first rigorous analysis of single field anonymization on IDS effectiveness.

Tags: Intrusion - Tampering

Intrusion Detection System Using Hybrid Differential Evolution and Group Method of Data Handling Approach 2008-09-19 University of the South Pacific

This paper proposes a new intrusion detection methodology based on hybrid of Differential Evolution (DE) and Group Method of Data Handling (GMDH). It focuses on intrusion detection based on system call sequences using text processing techniques. The hybrid DE-GMDH is used to classify a process as either normal or abnormal. This paper presents the application of PCA and hybrid DE-GMDH to modeling high dimensional bench-mark DARPA-1998 database. For modeling and classifying the data, they adopted this combination of two stage PCA and hybrid DEGMDH procedure. The presented technique shows significantly better results than other existing techniques available in the literature in achieving lower false positive rates at 100% detection rate.

Tags: Security Administration, Intrusion - Tampering

Novel Intrusion Prevention and Detection Methods 2008-09-08 Institute of Electrical and Electronics Engineers

Analysis of contemporary Information Security Systems (ISS) and especially the case of Intrusion Detection Systems (IDS) shows one few character negative features and drawbacks. Original methods and combined anomaly and signature IDS applications are presented in the paper. Human-centered methods INCONSISTENCY, FUNNEL, CALEIDOSCOPE and CROSSWORD interact on a competitive principle and are controlled by a synthetic metamethod SMM. A research is going on for the possibilities of including other machine learning and data mining methods under the general control of SMM. Their applications aim at computational discovery and knowledge acquisition. It is reinforced by identification and resolution of contradictions, self-learning and other methods for analysis of different types of models from the ISS domain. The complexity of application results is considered.

Tags: Security Administration, Intrusion - Tampering

Sophos Security Threat Report: Mid-Year Update 2008-07-01 Sophos

Hackers attack businesses, blogs and Web 2.0 sites... The latest Security Threat Report from Sophos gives you a comprehensive insight into the very latest methods being used by cybercriminals to try to out-fox traditional security systems. Download a copy and benefit from the expert analysis and opinion that will help you stay ahead of today's increasingly covert threats.

Tags: Intrusion - Tampering, Intrusion - Tampering, Intrusion - Tampering, Security Administration

Some Clustering Algorithms to Enhance the Performance of the Network Intrusion Detection System 2008-09-07 Journal of Theoretical and Applied Information Technology

Most current intrusion detection systems are signature based ones or machine learning based methods. Despite the number of machine learning algorithms applied to KDD 99 cup, none of them have introduced a pre-model to reduce the huge information quantity present in the different KDD 99 datasets. Clustering is an important task in mining evolving data streams. Besides the limited memory and one-pass Constraints, the nature of evolving data streams implies the following requirements for stream clustering: no assumption on the number of clusters, discovery of clusters with arbitrary shape and ability to handle outliers. Traditional instance-based learning methods can only be used to detect known intrusions, since these methods classify instances based on what they have learned.

Tags: Security Administration, Intrusion - Tampering

Eight Questions to Ask About Your Intrusion-Security Solution: Why Intrusion Prevention - Not Detection - Is Essential 2008-09-01 3Com

After all, IDS and IPS solutions are designed and engineered for fundamentally different purposes. An Intrusion Detection System is a classical out-of-band device that merely detects and generates alerts for suspicious traffic, making it ideal for security analysis and forensics. An Intrusion Prevention System, on the other hand, relies on purpose-built in-band devices both to detect and block unwanted traffic.

Tags: Security Administration, Intrusion - Tampering

IBM Proventia Network Intrusion Prevention System With Crossbeam X80 Platform 2008-09-01 Opus One

The objective of this paper is to provide performance guidance for IBM's Proventia Network Intrusion Prevention System 2.0 (IPS) for Crossbeam running on the Crossbeam X-Series Next Generation Security Platform with XOS 8.1 software. Opus One conducted performance tests with and without attack traffic as part of the overall traffic mix. The goal of these tests was to determine the performance of the IBM Proventia for Crossbeam solution under conditions simulating real world traffic mixes.

Tags: Security Administration, Intrusion - Tampering

Jump to 1 2 3 4 5 6 7 8 [9] 10

Title	Date Added	Company
Flow Based Network Intrusion Detection System Using Hardware-Accelerated NetFlow Probes	2008-09-30	CESNET
Current network intrusion detection methods based on anomaly detection approaches suffer from comparatively higher error rate and low performance. Proposed flow based network intrusion detection system addresses these issues by using hardware-accelerated probes to collect unsampled NetFlow data from gigabit-speed network links and combining several anomaly detection algorithms by means of collective trust modeling, a multi-agent data fusion method. The data acquired on the network is preprocessed and passed to anomaly detection models to gather independent anomaly opinions for each flow. The anomaly data is passed to several trust models to aggregate the anomalies with past experience, and the flows are re-evaluated to obtain their trustfulness, which is further aggregated to detect malicious traffic. Tags: Security Administration, Intrusion - Tampering
Correlation-Based Load Balancing for Network Intrusion Detection and Prevention Systems	2008-09-25	Association for Computing Machinery
In large-scale enterprise networks, multiple network intrusion detection and prevention systems are used to provide high quality protections. In this context, keeping load evenly distributed among the systems is crucial. This is because even load distributions provide protection to the networks and improve the networks' quality of service. A challenging problem, however, is to maintain the load balancing of the systems while minimizing the loss of correlation information due to distributing traffic. Since anomaly-based detection and prevention of some intrusions, such as Distributed Denial of Service (DDoS) attacks and port scans, require a single system to analyze correlated flows of the attacks, this loss of correlation information might severely affect the accuracy of the detections and preventions. Tags: Security Administration, Intrusion - Tampering
LIDeA: A Distributed Lightweight Intrusion Detection Architecture for Sensor Networks	2008-09-25	Association for Computing Machinery
Wireless sensor networks are vulnerable to adversaries as they are frequently deployed in open and unattended environments. Preventive mechanisms can be applied to protect them from an assortment of attacks. However, more sophisticated methods, like intrusion detection systems, are needed to achieve a more autonomic and complete defense mechanism, even against attacks that have not been anticipated in advance. This paper presents a lightweight intrusion detection system, called LIDeA, designed for wireless sensor networks. LIDeA is based on a distributed architecture, in which nodes overhear their neighboring nodes and collaborate with each other in order to successfully detect an intrusion. The paper shows how such a system can be implemented in TinyOS, which components and interfaces are needed, and what is the resulting overhead imposed. Tags: Security Administration, Intrusion - Tampering
Evaluating the Utility of Anonymized Network Traces for Intrusion Detection	2008-09-25	Association for Computing Machinery
To intelligently create policies governing the anonymization of network logs, one must analyze the effects of anonymization on both the security and utility of sanitized data. This paper focuses on analyzing the utility of network traces post-anonymization. Any measure of utility is subjective to the type of analysis being performed. This work focuses on utility for the task of attack detection since attack detection is an important part of an incident responders daily responsibilities. The paper employs a methodology developed that analyzes the effect of anonymization on Intrusion Detection Systems (IDS), and provides the first rigorous analysis of single field anonymization on IDS effectiveness. Tags: Intrusion - Tampering
Intrusion Detection System Using Hybrid Differential Evolution and Group Method of Data Handling Approach	2008-09-19	University of the South Pacific
This paper proposes a new intrusion detection methodology based on hybrid of Differential Evolution (DE) and Group Method of Data Handling (GMDH). It focuses on intrusion detection based on system call sequences using text processing techniques. The hybrid DE-GMDH is used to classify a process as either normal or abnormal. This paper presents the application of PCA and hybrid DE-GMDH to modeling high dimensional bench-mark DARPA-1998 database. For modeling and classifying the data, they adopted this combination of two stage PCA and hybrid DEGMDH procedure. The presented technique shows significantly better results than other existing techniques available in the literature in achieving lower false positive rates at 100% detection rate. Tags: Security Administration, Intrusion - Tampering
Novel Intrusion Prevention and Detection Methods	2008-09-08	Institute of Electrical and Electronics Engineers
Analysis of contemporary Information Security Systems (ISS) and especially the case of Intrusion Detection Systems (IDS) shows one few character negative features and drawbacks. Original methods and combined anomaly and signature IDS applications are presented in the paper. Human-centered methods INCONSISTENCY, FUNNEL, CALEIDOSCOPE and CROSSWORD interact on a competitive principle and are controlled by a synthetic metamethod SMM. A research is going on for the possibilities of including other machine learning and data mining methods under the general control of SMM. Their applications aim at computational discovery and knowledge acquisition. It is reinforced by identification and resolution of contradictions, self-learning and other methods for analysis of different types of models from the ISS domain. The complexity of application results is considered. Tags: Security Administration, Intrusion - Tampering
Sophos Security Threat Report: Mid-Year Update	2008-07-01	Sophos
Hackers attack businesses, blogs and Web 2.0 sites... The latest Security Threat Report from Sophos gives you a comprehensive insight into the very latest methods being used by cybercriminals to try to out-fox traditional security systems. Download a copy and benefit from the expert analysis and opinion that will help you stay ahead of today's increasingly covert threats. Tags: Intrusion - Tampering, Intrusion - Tampering, Intrusion - Tampering, Security Administration
Some Clustering Algorithms to Enhance the Performance of the Network Intrusion Detection System	2008-09-07	Journal of Theoretical and Applied Information Technology
Most current intrusion detection systems are signature based ones or machine learning based methods. Despite the number of machine learning algorithms applied to KDD 99 cup, none of them have introduced a pre-model to reduce the huge information quantity present in the different KDD 99 datasets. Clustering is an important task in mining evolving data streams. Besides the limited memory and one-pass Constraints, the nature of evolving data streams implies the following requirements for stream clustering: no assumption on the number of clusters, discovery of clusters with arbitrary shape and ability to handle outliers. Traditional instance-based learning methods can only be used to detect known intrusions, since these methods classify instances based on what they have learned. Tags: Security Administration, Intrusion - Tampering
Eight Questions to Ask About Your Intrusion-Security Solution: Why Intrusion Prevention - Not Detection - Is Essential	2008-09-01	3Com
After all, IDS and IPS solutions are designed and engineered for fundamentally different purposes. An Intrusion Detection System is a classical out-of-band device that merely detects and generates alerts for suspicious traffic, making it ideal for security analysis and forensics. An Intrusion Prevention System, on the other hand, relies on purpose-built in-band devices both to detect and block unwanted traffic. Tags: Security Administration, Intrusion - Tampering
IBM Proventia Network Intrusion Prevention System With Crossbeam X80 Platform	2008-09-01	Opus One
The objective of this paper is to provide performance guidance for IBM's Proventia Network Intrusion Prevention System 2.0 (IPS) for Crossbeam running on the Crossbeam X-Series Next Generation Security Platform with XOS 8.1 software. Opus One conducted performance tests with and without attack traffic as part of the overall traffic mix. The goal of these tests was to determine the performance of the IBM Proventia for Crossbeam solution under conditions simulating real world traffic mixes. Tags: Security Administration, Intrusion - Tampering

Cutting-edge technology from premium sponsors

Adaptive Threat Management
High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?
More resources to optimize the security of your enterprise »

Brought to you by:

More Tech Showcases:

Hitachi Eco-Products
Juniper Networks

IDC's Powering the Enterprise Cloud Event 2009

12 Nov - 17 Dec 2009

Grand Copthorne Waterfront Hotel, Singapore

4th Annual GovTech 2010

27 - 28 Jan 2010

Amara Hotel, Singapore

ZDNet Asia Top Tech 50 Index

AT&T

Asustek

Canon

Convergys

Ericsson

Hewlett-Packard

Infosys

LogicaCMG

NTT

Samsung

SingTel Group

Toshiba

Xerox

Accenture

Atos Origin

Capgemini

Dell

France Telecom

Hitachi

Intel

Microsoft

Nokia

Satyam Computer Services

Sony

Verizon Communications

ZTE

Alcatel-Lucent

British Telecom

China Mobile

Deutsche Telekom

Fujitsu

Huawei Technologies

LG Electronics

Motorola

Oracle

Seagate Technology

Sun Microsystems

Western Digital

Apple

CSC

Cisco Systems

EMC

Google

IBM

Lenovo Group

NEC

SAP

Siemens IT Solutions & Services

Tata Consultancy Services

Wipro

ZDNet Asia's Top Tech Index will be next updated in 2010.

Overwhelmed by consolidation? Take it in steps.
Learn the 5 steps to data center consolidation - download the whitepaper now.

Choose a career with Accenture in Singapore
A dynamic job opportunity where technology and business intersect

Choose a career with Accenture in Malaysia
A dynamic job opportunity where technology and business intersect

NetIQ DRA live demonstration:
Learn how to improve your efficiency when administering Active Directory

The Roots for a Greener World
Discover Hitachi's Environmental Vision 2025 and featured Eco-Products

The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power

Lack of visibility into network issues and performance?
Find out today. Download SolarWinds FREE 30-Day Trial Software here.

IT Salary & Skills Report 2009
Join activeTechPros for free access to the report

More from CBS Interactive

CBS Interactive Inc Sites

About ZDNet Asia |

About CBS Interactive |

ZDNet Asia editorial calendar |

Advertise with us |

Jobs |

Partnership |

Contact Us |

CNET Direct |

CNET Asia |

CNET Asia mobile |

Sitemap

ZDNet.com |

ZDNet Japan |

ZDNet.de |

CNET UK |

CNET.de |

Tech Republic |

BNET |

MP3.com |

activeTechPros |

ZDNet UK |

ZDNet Korea |

ZDNet France |

CNET Australia |

CNET France |

Download.com |

Builder |

GameSpot

ZDNet Australia |

ZDNet Taiwan |

CNET |

CNET Taiwan |

News.com |

Silicon.com |

TV.com |

GameSpot Korea

News | Insight | Reviews | TechGuides | Jobs | Blogs | Videos | Community | Downloads | IT Library |

Get RSS feeds

Security

Featured Whitepapers

Member Login

Adaptive Threat Management

ZDNet Asia Top Tech 50 Index