Intrusion detection with OMNeT++
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
| Hi-index | 0.00 |
An Intrusion Detection System (IDS), that monitorspassively specific computing resources, and reports anomalousor intrusive activities, is becoming an important component in the security system of information infrastructure.Algorithms for detecting intrusions are under rapiddevelopment, but far from being mature.One interestingand difficult issue is how to study and test a new intrusiondetection algorithm against a variety of (perhaps simluated)intrusive activities under realistic background traffic.A flexible and general-purpose platform for testing intrusiondetection algorithm is clearly desirable.This paperpresents such a software platform, called IntruDetector.With this platform, detection algorithm can be testeddirectly in a real environment with wide range of intrusiveactivities.The data of normal system activities are directlycollected from the live environment, and are mixed with intrusiveactivities that are simulated by hybrid simulation.The main properties of this approach are: (1) the back-groundtraffic is realistic; (2) it allows flexible simulationof various types of intrusiions; and (3) normal system operationwill not be disrupted by virtually simulated destructiveintrusions during testing.