Wild-Inspired Intrusion Detection System Framework for High Speed Networks (f|p) IDS Framework

Sallay, Hassen; Rouached, Mohsen; Ammar, Adel; Fredj, Ouissem Ben; Al-Shalfan, Khalid A.; Saad, Majdi Ben

doi:10.4018/jisp.2011100104

Cited by 4 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many works have been done in order to define a common distributed intrusion detection system (DIDS) framework [1][2][3]. The architecture model of the state-of-the-art DIDSs shares almost the same global architecture.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A realistic graph‐based alert correlation system

Fredj¹

2015

Security Comm Networks

View full text Add to dashboard Cite

This paper introduces a graph-based attack description that comes with different analysis methods for alert correlation. The system encompasses an attack scenario detection method, an alert correlation method that recognizes multistep attacks, and graph-based classification method to extract different types of alerts. The performance analysis shows that the system can correlate a huge number of alerts (more than 442 000 alerts) into a dozens of attack graphs. The attack graph has permitted us to extract several attack properties with high precision.

show abstract

Section: Introductionmentioning

confidence: 99%

“…The architecture model of the state-of-the-art DIDSs shares almost the same global architecture. Figure 1 shows an example of such an architecture called (φ|π) [2]. The architecture encompasses a set of sensor elements that monitor the target system.…”

Section: Introductionmentioning

confidence: 99%

A realistic graph‐based alert correlation system

Fredj¹

2015

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…As the speed of network links and the number of flows are increasing, keeping per‐flow state is too costly in terms of processing time and storage. High‐speed networks pose serious challenges to the resource‐constrained NIDSs . Nowadays, the network speed has increased to 40 Gbps , and the demand for real‐time NIDSs, which are capable of dealing with the continuous increase of the network speed, becomes a necessity.…”

Section: Introductionmentioning

confidence: 99%

Multivariate correlation analysis and geometric linear similarity for real‐time intrusion detection systems

Derhab

Bouras

2014

Security Comm Networks

View full text Add to dashboard Cite

In this paper, we propose an intrusion detection system (IDS) based on four approaches: (i) statistical‐based IDS to reduce detection time; (ii) intertwining data acquisition phase and data preprocessing phase to ensure real‐time detection; (iii) geometric linear similarity measure that improves detection accuracy compared with existing measures; and (iv) multivariate correlation analysis that extracts a subset of strongly correlated features to construct a normal behavioral graph. Based on this graph, we derive the normal profile composed of high‐level features. We use NSL‐KDD dataset to analyze and evaluate the efficiency of the proposed IDS at detecting denial‐of‐service (DOS) attacks. Experimental results show that the proposed IDS can achieve good results in terms of detection rate and false positive rate. For some DOS attacks, 100% detection rate is achieved with 1.55% false positive. We also use KDD99 dataset to compare the proposed IDS with two statistical‐based methods and some data mining and machine learning‐based methods. Comparison study shows that the proposed IDS achieves the best tradeoff between detection rate (99.76%) and false positive rate (0.6%). It also requires just a few microseconds to classify the connection as normal or attack with low CPU usage and low memory consumption. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

An Efficient Formal Framework for Intrusion Detection Systems

Rouached

Sallay

2012

Procedia Computer Science

View full text Add to dashboard Cite

Wild-Inspired Intrusion Detection System Framework for High Speed Networks (f|p) IDS Framework

Cited by 4 publications

References 17 publications

A realistic graph‐based alert correlation system

A realistic graph‐based alert correlation system

Multivariate correlation analysis and geometric linear similarity for real‐time intrusion detection systems

An Efficient Formal Framework for Intrusion Detection Systems

Contact Info

Product

Resources

About