Agent IDS based on Misuse Approach

Ktata, Farah Barika; Kadhi, Nabil El; Ghédira, Khaled

doi:10.4304/jsw.4.6.495-507

Cited by 9 publications

(6 citation statements)

References 19 publications

(20 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ktata et al [14] studied the detection rate of Nmap probes for four different NIDS (Snort, Prelude, Tamandua, and Firestorm). The authors found that Snort, Tamandua, and Firestorm detected about 70% of the tested Nmap probes, while Prelude detected a bit less than 60% of them.…”

Section: Related Workmentioning

confidence: 99%

Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter?

Holm

2014

2014 47th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

A frequent claim that has not been validated is that signature based network intrusion detection systems (SNIDS) cannot detect zero-day attacks. This paper studies this property by testing 356 severe attacks on the SNIDS Snort, configured with an old official rule set. Of these attacks, 183 attacks are zero-days' to the rule set and 173 attacks are theoretically known to it. The results from the study show that Snort clearly is able to detect zero-days' (a mean of 17% detection). The detection rate is however on overall greater for theoretically known attacks (a mean of 54% detection). The paper then investigates how the zero-days' are detected, how prone the corresponding signatures are to false alarms, and how easily they can be evaded. Analyses of these aspects suggest that a conservative estimate on zero-day detection by Snort is 8.2%.

show abstract

Section: Related Workmentioning

confidence: 99%

Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter?

Holm

2014

2014 47th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…With the new capability of mobility for intrusion detection, several advantages related to mobile agent usage are listed in literature (Jansen et al, 1999;Ktata et al, 2009). Some of them are listed as follows:…”

Section: Advantages Of Using Mobile Agents In Intrusion Detectionmentioning

confidence: 99%

“…Whenever, an intruder tries to disable the single point in a network, i.e the central analyzer. If the latter is disabled, the entire network becomes without protection (Ktata et al, 2009). In this case, a mobile agent-based IDS allows to palliate the drawback of central point of failure, since there is no central station.…”

Section: Introductionmentioning

confidence: 99%

A Snort-Based Mobile Agent for a Distributed Intrusion Detection System

Brahmi¹,

Yahia²,

Poncelet

2011

Proceedings of the International Conference on Security and Cryptography

View full text Add to dashboard Cite

Abstract:Due to the rapid growth of the network application, new kinds of network attacks are endlessly emerging. Thus, it is of paramount importance to protect the networks from attackers. Consequently, the Intrusion Detection Systems (IDS) are quickly becoming a popular requirement in building a network security infrastructure. Most existing and commercial IDS are generally centralized and suffer from a number of drawbacks, e.g., high rates of false positives, low efficiency, etc, especially when they face distributed attacks. In this paper, we introduce a novel mobile agent-based intrusion detection system focusing on the misuse detection approach, called DIDMAS (Distributed Intrusion Detection using Mobile Agents and Snort). DIDMAS takes advantages of the mobile agent paradigm to implement an efficient distributed system, as well as the integration of existing techniques, i.e., the well-known IDS SNORT. Carried out experiments showed that our proposed system presents better performance as well as a good scalability compared to the pioneer known centralized IDS SNORT system over real traffic and a set of simulated attacks.

show abstract

“…According to these characteristics, the agent-based technology seemed to be an appropriate alternative for developing IDS. Recently, several new agent-based IDS were developed [13,16], using mobile agents [5,6,9,18], using a hierarchy of static agents [8,19] or employing a combination of both static and mobile agents [7].…”

Section: Related Workmentioning

confidence: 99%

“…The advantages of mobile agent technology includes: reducing network overload, overcoming network latency, synchronous and autonomous execution, robustness and fault-tolerance, system scalability, and operating in heterogeneous environments [9]. To this end, mobile agent technology has been shown to be very suitable to solve intrusion detection in a distributed environment [6].…”

Section: Introductionmentioning

confidence: 99%

MAD-IDS: Novel Intrusion Detection System Using Mobile Agents and Data Mining Approaches

Brahmi¹,

Yahia²,

Poncelet

2010

Intelligence and Security Informatics

View full text Add to dashboard Cite

Abstract. Intrusion Detection has been investigated for many years and the field reached the maturity. Nevertheless, there are still important challenges, e.g., how an Intrusion Detection System (IDS) can detect new and complex distributed attacks. To tackle this problem, we propose a novel distributed intrusion detection system, based on the desirable features provided by the mobile agent methodology. Our approach rely on: (i) a misuse detection mobile agent to detect known attacks, (ii) an anomaly detection mobile agent to detect novel kinds of attacks. Based on data mining techniques, this agent provides a high accuracy for predicting different behaviors in network computers. Carried out experiments showed the efficiency of data mining approaches integrated with mobile agent technology.

show abstract

Agent IDS based on Misuse Approach

Cited by 9 publications

References 19 publications

Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter?

Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter?

A Snort-Based Mobile Agent for a Distributed Intrusion Detection System

MAD-IDS: Novel Intrusion Detection System Using Mobile Agents and Data Mining Approaches

Contact Info

Product

Resources

About