Artificial Intrusion Detection Techniques: A Survey

In this paper we have designed Agent based intrusion detection system (ABIDS) where agents will travel between connected client systems from server in a client-server network. The agent will collect information from client systems through data collecting agents. It will then categorize and associate data in the form of report, and send the same to server. Intrusion detection system (IDS) will support runtime addition of new ability to agents. We have illustrated the design of ABIDS and show the performance of ABIDS with various classification techniques that could produce good results. The motive of the work is to examine the best performance of ABIDS among various classification techniques for huge data. Moreover sophisticated NSL KDD dataset are used during experiments for more sensible assessment than the novel KDD 99 dataset.

Section: Host Base Idsmentioning

confidence: 99%

“…The Network IDS is located in the network section which supervises traffic which is moving on the network [4,5].…”

Section: Network Base Idsmentioning

confidence: 99%

Performance Analysis of Classification Techniques by using Multi Agent Based Intrusion Detection System

Saxena¹,

Sinha²,

Shukla³

2018

“…In anomaly-Based detection scheme any action that is different from the normal behaviour is termed as anomaly. It checks for the normal and abnormal behaviour of the system [3].It classifies using rules or heuristics.…”

Section: Introductionmentioning

confidence: 99%

Comparative Analysis of Classification Algorithms on KDD'99 Data Set

Arora¹,

Bhatia²,

Singh³

2016

Abstract-Due to the enormous growth of network based services and the need for secure communications over the network there is an increasing emphasis on improving intrusion detection systems so as to detect the growing network attacks. A lot of data mining techniques have been proposed to detect intrusions in the network. In this paper study of two different classification algorithms has been carried out: Naï ve Bayes and J48. Results obtained after applying these algorithms on 10% of the KDD"99 dataset and on 10% of the filtered KDD"99 dataset are compared and analyzed based on several performance metrics. Comparison between these two algorithms is also done on the basis of the percentage of correctly classified instances of different attack categories present in both the datasets as well as the time they take to build their classification models.Overall J48 is a better classifier compared to Naï ve Bayes on both the datasets but it is slow in building the classification model.

“…Seeing that the children nodes of node G 1 share a disjunctive OR association, the attack path through this node avails the attacker two options of either using malware or intruding malware-less denoted by nodes G 4 and G 3 respectively. These two nodes contain respective atomic attacks which would otherwise act as the basic actions described earlier in our attack model.…”

Section: B Attack Tree Modelingmentioning

confidence: 99%

“…Regardless of whether a given attack is of the former or latter class, it can be deemed as either outsider or insider attack [4]. Therefore, depending onto which category an attack falls, it will utilize different facets of attack vectors to accomplish the overall objective.…”

Section: Introductionmentioning

confidence: 99%

Malware-Free Intrusions: Exploitation of Built-in Pre-Authentication Services for APT Attack Vectors

Zimba¹,

Wang²

2017

Abstract-Advanced Persistent Threat (APT) actors seek to maintain an undetected presence over a considerable duration and therefore use a myriad of techniques to achieve this requirement. This stealthy presence might be sought on the targeted victim or one of the victims used as pawns for further attacks. However, most of the techniques involve some malicious software leveraging the vulnerability induced by an exploit or leveraging the ignorance of the benign user. But then, malware generates a substantial amount of noise in form of suspicious network traffic or unusual system calls which usually do not go undetected by intrusion detection systems. Therefore, an attack vector that generates as little noise as possible or none at all is especially attractive to ATP threat actors as this perfectly suits the objective thereof. Malware-free intrusions present such attack vectors and indeed are difficult to detect because they mimic the behavior of normal applications and add no extra code for signature detection or anomaly behavior. This paper explores malware-free intrusions via backdoors created by leveraging the available at preauthentication system tools availed to the common user. We explore two attack vectors used to implant the backdoor and demonstrate how such is accessible over the network via remote access while providing the highest level of system access. We further look at prevention, detection and mitigation measures which can be implemented in the case of compromise.