Guide to Intrusion Detection and Prevention Systems (IDPS)

Scarfone, Karen; Mell, Peter

doi:10.6028/nist.sp.800-94

Cited by 684 publications

(479 citation statements)

References 0 publications

Supporting

Mentioning

445

Contrasting

Unclassified

Order By: Relevance

“…Bilgi tarama: Bilgi tarama saldırıları, bir sunucunun ya da herhangi bir makinenin geçerli ip adreslerini, ağdaki bilgisayar sayısını, bilgisayardaki kullanıcı sayısını ve kullanıcı bilgilerini, aktif giriş kapılarını (port) veya işletim sistemini öğrenmek için yapılırlar [6]. Saldırı tespit sistemleri, anormallik tespiti ve imza tabanlı olmak üzere ikiye ayrılır [7]. Anormallik tespiti tabanlı STS de, öncelikle sistemdeki kullanıcılar üzerinden normal davranışlar tanımlanır.…”

Section: şEkil 1: Saldırı Tespit Sistemiunclassified

Makine Öğrenmesi Teknikleriyle Saldırı Tespiti: Karşılaştırmalı Analiz

Kaya¹,

Yıldız²

2014

MUFBED

View full text Add to dashboard Cite

Özetİnternet, günlük hayatımızın vazgeçilmez bir parçasıdır. Artan web uygulamaları ve kullanıcı sayısı, veri güvenliği açısından bazı riskleri de beraberinde getirmiştir. Ağ güvenliği için önemli araçlardan biri olan saldırı tespit sistemleri, güvenli iç ağlara yapılan saldırıları ve beklenmeyen erişim taleplerini tespit etmede başarılı bir şekilde kullanılmaktadır. Günümüzde, pek çok araştırmacı, daha etkin saldırı tespit sistemi gerçekleştirilmesi amacıyla çalışma yapmaktadır. Bu amaçla literatürde farklı makine öğrenme teknikleri ile gerçekleştirilmiş pek çok saldırı tespit sistemi vardır. Yapılan bu çalışmada, saldırı tespit sistemlerinde sıklıkla kullanılan makine öğrenme teknikleri araştırılmış, kullandıkları sınıflandırıcılar, veri setleri ve elde edilen başarılar değerlendirilmiştir. Bu amaçla 2007-2013 yılları arasında SCI, SCI Expanded ve EBSCO indekslerince taranan ulusal ve uluslararası dergilerde yayınlanmış 65 makale incelenmiş, sonuçlar, karşılaştırılmalı bir şekilde sunulmuştur. Böylece, gelecekte yapılacak makine öğrenme teknikleri ile saldırı tespiti çalışmalarına bir bakış açısı kazandırılması amaçlanmıştır. Anahtar kelimeler: STS, Makine öğrenmesi, KDD Cup99 Intrusion Detection with Machine Learning Techniques: Comparative Analysis AbstractThe Internet is an indispensable part of our daily lives. The increasing number of web applications and the user, in terms of data security, has some risks. Intrusion detection systems, secure access to internal networks to detect attacks and unexpected due to the demands of one of the important tools for network security. In order to develop more effective intrusion detection systems a lot of investigative work. However, so many different machine learning techniques in the literature with intrusion-detection system. In this study, the intrusion detection systems are frequently used in machine learning techniques are researched, evaluated, and the resulting achievements classifiers, used by datasets. To this end between the years 2007-2013 65 article examined, the results are presented in a way that the comparative. Thus, the determination of the future machine learning techniques to gain a perspective on the work of the attack.

show abstract

Section: şEkil 1: Saldırı Tespit Sistemiunclassified

Makine Öğrenmesi Teknikleriyle Saldırı Tespiti: Karşılaştırmalı Analiz

Kaya¹,

Yıldız²

2014

MUFBED

View full text Add to dashboard Cite

show abstract

“…A NIDS scans network traffic and seeks to identify evidence of ongoing attacks, intrusion attempts or violations of the security policies [1]. Since they are key elements of most organizations' cyberdefense systems, NIDS often become themselves targets of attacks aimed at undermining their detection capabilities.…”

Section: Introductionmentioning

confidence: 99%

Randomized Anagram revisited

Pastrana

Orfila

Tapiador

et al. 2014

Journal of Network and Computer Applications

View full text Add to dashboard Cite

When compared to signature-based Intrusion Detection Systems (IDS), anomaly detectors present the potential advantage of detecting previously unseen attacks, which makes them an attractive solution against zero-day exploits and other attacks for which a signature is unavailable. Most anomaly detectors rely on machine learning algorithms to derive a model of normality that is later used to detect suspicious events. Such algorithms, however, are generally susceptible to evasion by means of carefully constructed attacks that are not recognized as anomalous. Different strategies to thwart evasion have been proposed over the last years, including the use of randomization to make somewhat uncertain how each packet will be processed. In this paper we analyze the strength of the randomization strategy suggested for Anagram, a well-known anomaly detector based on n-gram models. We show that an adversary who can interact with the system for a short period of time with inputs of his choosing will be able to recover the secret mask used to process packets. We describe and discuss an efficient algorithm to do this and report our experiences with a prototype implementation. Furthermore, we show that the specific form of randomization suggested for Anagram is a double-edged sword, as knowledge of the mask makes evasion easier than in the non-randomized case. We finally discuss a simple countermeasure to prevent our attacks.

show abstract

“…In the other hand intrusion prevention systems are the devices of performing intrusion detection [1]. A novel strategy in the modernized defensive network security is Deception.…”

Section: Introductionmentioning

confidence: 99%

A Survey on Dynamic Honeypots

Mohammadzadeh¹

2012

IJIEE

View full text Add to dashboard Cite

Abstract-There are a lot of critical issues in the network security concern. One of these issues is deployment of dynamic honeypot. To overcome this matter, plug and play honeypot methods are being promoted by some researchers. Therefore, the main aim of this paper is to study on the usability and security features of the plug and play concept in order to have easy deployment of dynamic honeypot on a network environment. It also offers type of integration of existing network tools to deploy dynamic honeypot based on its placement within network topology.Index Terms-Dynamic honeypots, honeynet, plug and play honeypot.

show abstract

Guide to Intrusion Detection and Prevention Systems (IDPS)

Cited by 684 publications

References 0 publications

Makine Öğrenmesi Teknikleriyle Saldırı Tespiti: Karşılaştırmalı Analiz

Makine Öğrenmesi Teknikleriyle Saldırı Tespiti: Karşılaştırmalı Analiz

Randomized Anagram revisited

A Survey on Dynamic Honeypots

Contact Info

Product

Resources

About