A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Cyber defense technology networking and evaluation
Communications of the ACM - Homeland security
Frequent Episode Rules for Internet Anomaly Detection
NCA '04 Proceedings of the Network Computing and Applications, Third IEEE International Symposium
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Collaborative Internet Worm Containment
IEEE Security and Privacy
Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes
IEEE Transactions on Dependable and Secure Computing
The Design and Testing of Automated Signature Generation Engine for Worms Detection
KES-AMSTA '07 Proceedings of the 1st KES International Symposium on Agent and Multi-Agent Systems: Technologies and Applications
Hi-index | 0.00 |
Network security breaches hinder the application of distributed computing systems manifested as the Grids, clusters, intranets, extranets, or P2P systems. A new integrated approach is presented for building future, network-based intrusion detection systems (NIDS). We integrate the Snort (a NIDS) with a custom-designed anomaly detection system (ADS) to yield a powerful cyber defense system, called CAIDS. This system detects known attacks through signature matching and reveals network anomalies by Internet traffic datamining. The CAIDS design integrates two different detection engines for alert correlation between intrusions and anomalies. We aim to automate signature generation into Snort database. The system was tested over an Internet trace of 24 millions of packets containing 200 attacks. Our simulation experiments result in a 75% detection rate on all attacks with a low 5% false alarm rate. The system generates alerts on both intrusive attacks to distributed resources and anomalies detected in the Internet, intranet, and extranet connections.