Anomaly Based Intrusion Detection System

Topics: Intrusion detection system, Network intrusion detection system, Intrusion prevention system Pages: 11 (8698 words) Published: April 18, 2015
computers & security 28 (2009) 18–28

available at www.sciencedirect.com

journal homepage: www.elsevier.com/locate/cose

Anomaly-based network intrusion detection:
Techniques, systems and challenges
P. Garcı´a-Teodoroa,*, J. Dı´az-Verdejoa, G. Macia´-Ferna´ndeza, E. Va´zquezb a

Department of Signal Theory, Telematics and Communications – Computer Science and Telecommunications Faculty, University of Granada, Granada, Spain
b
Department of Telematic Engineering - Universidad Polite´cnica de Madrid, Madrid, Spain

article info

abstract

Article history:

The Internet and computer networks are exposed to an increasing number of security

Received 9 January 2008

threats. With new types of attacks appearing continually, developing flexible and adaptive

Accepted 13 August 2008

security oriented approaches is a severe challenge. In this context, anomaly-based network intrusion detection techniques are a valuable technology to protect target systems and

Keywords:

networks against malicious activities. However, despite the variety of such methods

Network security

described in the literature in recent years, security tools incorporating anomaly detection

Threat

functionalities are just starting to appear, and several important problems remain to be

Intrusion detection

solved. This paper begins with a review of the most well-known anomaly-based intrusion

Anomaly detection

detection techniques. Then, available platforms, systems under development and research

IDS systems and platforms

projects in the area are presented. Finally, we outline the main challenges to be dealt with

Assessment

for the wide scale deployment of anomaly-based intrusion detectors, with special emphasis on assessment issues.
ª 2008 Elsevier Ltd. All rights reserved.

1.

Introduction

Intrusion Detection Systems (IDS) are security tools that, like other measures such as antivirus software, firewalls and
access control schemes, are intended to strengthen the
security of information and communication systems.
Although, as shown in Kabiri and Ghorbani (2005) and Sobh
(2006), several IDS approaches have been proposed in the
specialized literature since the origins of this technology, two highly relevant works in this direction are Denning (1987) and Staniford-Chen et al. (1998).
Noteworthy work has been carried out by CIDF (‘‘Common
Intrusion Detection Framework’’), a working group created by DARPA in 1998 mainly oriented towards coordinating and
defining a common framework in the IDS field. Integrated

within IETF in 2000, and having adopted the new acronym
IDWG (‘‘Intrusion Detection Working Group’’), the group defined a general IDS architecture based on the consideration of four types of functional modules (Fig. 1):
- E blocks (‘‘Event-boxes’’): This kind of block is composed of sensor elements that monitor the target system, thus acquiring information events to be analyzed by other blocks.
- D blocks (‘‘Database-boxes’’): These are elements intended to store information from E blocks for subsequent processing
by A and R boxes.
- A blocks (‘‘Analysis-boxes’’): Processing modules for analyzing events and detecting potential hostile behaviour,
so that some kind of alarm will be generated if necessary.

* Corresponding author. Department of Signal Theory, Telematics and Communications – Computer Science and Telecommunications Faculty, University of Granada, C/ Periodista Daniel Saucedo Aranda, 18071 Granada, Spain. Tel.: þ34 958242305; fax: þ34 958240831. E-mail addresses: pgteodor@ugr.es (P. Garcı´a-Teodoro), jedv@ugr.es (J. Dı´az-Verdejo), gmacia@ugr.es (G. Macia´-Ferna´ndez), enrique@ dit.upm.es (E. Va´zquez).

0167-4048/$ – see front matter ª 2008 Elsevier Ltd. All rights reserved. doi:10.1016/j.cose.2008.08.003

19

A-box
A-box

E-box

A-box

E-box
D-box

R-box

Fig. 1 – General CIDF architecture for IDS systems.

- R blocks...
Continue Reading

Please join StudyMode to read the full document

You May Also Find These Documents Helpful

  • Intrusion Detection Systems Research Paper
  • Database And File Intrusion Detection System Research Paper
  • intrusion detection system Essay
  • Essay on Xray (an Intrusion Detection System)
  • Intrusion Detection Systems Essay
  • Comparative Study of Intrusion Detection System for Mobile Ad-Hoc Networks Essay
  • Network Based Intrusion Prevention System (Nips) Essay
  • Intrusion Detection Systems Essay

Become a StudyMode Member

Sign Up - It's Free