JIS  Vol.2 No.1 , January 2011
A Comparative Study of Related Technologies of Intrusion Detection & Prevention Systems
ABSTRACT
The rapid growth of computer networks has changed the prospect of network security. An easy accessibility condition causes computer networks to be vulnerable against numerous and potentially devastating threats from hackers. Up to the moment, researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several available environments. A boundlessness of methods for misuse detection as well as anomaly detection has been applied. Intrusion Prevention Systems (IPS) evolved after that to resolve am-biguities in passive network monitoring by placing detection systems on the line of attack. IPS in other words is IDS that are able to give prevention commands to firewalls and access control changes to routers. IPS can be seen as an improvement upon firewall technologies. It can make access control decisions based on application content, rather than IP address or ports as traditional firewalls do. The next innovation is the combination of IDS and IPS known as Intrusion Detection and Prevention Systems (IDPS) capable of de-tecting and preventing attacks from happening. This paper presents an overview of IDPS followed by their classifications and applications. A new signature based IDPS architecture named HawkEye Solutions has been proposed by the authors. Authors have presented the basic building blocks of the IDS, which include mechanisms for carrying out TCP port scans, Traceroute scan, ping scan and packet sniffing to monitor net-work health detect various types of attacks. Real time implementation results of the system have been pre-sented. Finally a comparative analysis of various existing IDS/IPS solutions with HawkEye Solutions em-phasizes its significance.

Cite this paper
nullI. Mukhopadhyay, M. Chakraborty and S. Chakrabarti, "A Comparative Study of Related Technologies of Intrusion Detection & Prevention Systems," Journal of Information Security, Vol. 2 No. 1, 2011, pp. 28-38. doi: 10.4236/jis.2011.21003.
References
[1]   S. Northcutt and J. Novak, “Network Intrusion Detection: An Analyst’s Handbook,” 2nd Edition, New Riders Publishing, Berkeley, 2000.

[2]   K. Scarfone and P. Mell, “Guide to Intrusion Detection and Prevention Systems (IDPS),” NIST Special Publication, February 2007, pp. 800-94

[3]   A.-S.Mohammad and Z. Mohammad, “Efficacy of Hidden Markov Models over Neural Networks in Anomaly Intrusion Detection,” 30th Annual International Computer Software and Applications Conference, Chicago, 2006, pp. 325-332.

[4]   K. Ilgun, R. A. Kemmerer and P. A. Porras, “State Transition Analysis: A Rule-based Intrusion Detection Approach,” IEEE Transactions on Software Engineering, Vol. 21, No. 3, March 1995, pp. 181-199. doi:10.1109/32. 372146

[5]   M. Crosbie and E. Spafford, “Applying Genetic Programming to Intrusion Detection,” GECCO '96 Proceedings of the First Annual Conference on Genetic Programming, 1996..

[6]   F. Jemili, M. Zaghdoud and M. B. Ahmed, “A Framework for an Adaptive Intrusion Detection System using Bayesian Network,” IEEE Intelligence and Security Informatics, May 2007, pp. 66-70. doi:10.1109/ISI.2007. 379535

[7]   A. El-Semary, J. Edmonds, J. Gonzalez and M. Papa, “A Framework for Hybrid Fuzzy Logic Intrusion Detection Systems,” 14th IEEE International Conference on Fuzzy Systems, May 2005, pp. 325-330. doi:10.1109/FUZZY. 2005.1452414

[8]   R. Bace and P. Mell, “Intrusion Detection Systems,” 2001. http://csrc.nist.gov/publications/nistpubs/800-31/sp800-3 1.pdf

[9]   S. Forrest, et al., “A Sense of Self for UNIX Processes,” Proceeding of 1996 IEEE Symposium on Research in Security and Privacy, 1996, pp. 120-128.

[10]   J. O. Kephart, et al., “Blueprint for a Computer Immune System,” Proceedings 1997 Virus Bulletin International Conference, San Francisco, 1997.

[11]   A. Abraham, et al. “Fuzzy Online Risk Assessment for Distributed Intrusion Prediction and Prevention Systems,” 10th International Conference on Computer Modeling and Simulation, UKSim/EUROSim, Cambridge, 2008, pp. 216-223.

[12]   F. Y. Leu, J. C. Lin, M. C. Li, C. T. Yang and P. C. Shih, “Integrating Grid with Intrusion Detection,” Proceedings of 19th International Conference on Advanced Information Networking and Applications, 2005, pp. 304-309.

[13]   Jose Nazario, “Defense and Detection Strategies Against Internet Worms,” Artech House, London, 2004

[14]   [14]A. Abraham, et al. “DIPS: A Framework for Distributed Intrusion Prediction and Prevention Systems Using Hid-den Markov Model and Online Fuzzy Risk Assessment,” Proceedings of 3rd International Symposium on Informa-tion Assurance and Security, Manchester, 29-31 August 2007, pp. 183-188.

[15]   I. Mukhopadhyay , et al., “Implementation of Kalman Filter in Intrusion Detection System,” Proceeding of International Symposium on Communications and Information Technologies, Vientiane, 21-23 October 2008.

[16]   RFC 791, “Internet Protocol,” http://www.faqs.org/rfcs/ rfc791.html

[17]   “Assigned Internet Protocol Numbers,” 17 May 2010. http://www.iana.org/assignments/protocol-numbers/pro- tocol-numbers. xml,

[18]   Version of the Internetwork General Protocol, 27 June 2007. http://www.isi.edu/in-notes/iana/assignments/ver- sion-numbers

[19]   RFC 793, “Transmission Control Protocol,” http://www. faqs.org/rfcs/rfc793.html

[20]   RFC 768, “User Datagram Protocol,” http://www.faqs. org/rfcs/rf c768.html

[21]   E. Guillen, D. Padilla and Y. Colorado, “Weakness and Strength Analysis over Network-Based Intrusion Detection and Prevention System,” IEEE Latin-American Conference on Communications, 2009.

[22]   [22] K. Byung-Joo and K. Il-Kon, “Kernel Based Intrusion Detection System,” Proceedings of 4th Annual ACIS In-ternational Conference on Computer and Information Science, Jeju Island, 14-16 July 2005, pp. 13-18. doi:10.1109/ICIS.2005.78

[23]   Danilo Bruschi, Lorenzo Martignoni and Martia Monga, “Code Normalization for Self-Mutating Malware,” IEEE Security & Privacy, Vol. 5, No. 2, 2007. pp 46-54.

 
 
Top