Article Preview
TopIntroduction
Our digital environment has a fact and a fiction. The fact is that virtual mice, snakes, bats, camels, foxes and wolfs are there. Mice have no aim except the corruption, snakes spout venom everywhere, bats love to work in the dark, hateful camels look for revenge, foxes and wolf use cunning and Rogan to hit victims and conceal the crime. The fiction is that we often feel safe. Some behave as a peacock, proud of its security arsenal and infrastructure even if the attacks rain cats and dogs. Some others behave as an ostrich, only burying the head in the sand. Some others behave as a spider, protecting themselves by a security infrastructure as weak as a spider web. Being aware of this fact and this fiction, several efforts have been conducted in the literature. We survey briefly in the following some of these efforts from both industrial and academic sides.
From the industrial side, several real security platforms provide integral security solutions. They are known as hybrid IDS (Intrusion Detection System), since they are based on a merging between different techniques. We cite here CheckPoint IPS based mainly on Confidence indexing, Cisco IPS and BreachGate WebDefend based on behavior and statistical analysis, DeepNines BBX IPS, AirDefense Guard and BarbedWire IDS based on protocol analysis and data correlation (García-Teodoro et al., 2009). From academia, we cite the misuse based IDS Snort Inline and Snort with SPADE anomaly plug-in. Snort is largely considered as the de facto IDS (Roesch, 1999). BRO, from Lawrence Berkeley National Laboratory, is compatible with snort and includes semantic analysis at the application layer (Dreger et al., 2006), while EMERALD, from SRI laboratory, considers rule-based discovery and Bayesian networks (http://www.lsv.ens-cachan.fr/Software/orchids/), Intelligent IDS from Mississippi State University, GIDRE from University of Granada, Genetic Art- IDS from Northwestern University (García-Teodoro et al., 2009) and anagram form Columbia University. We note that the commercial systems basically tend to use well mature known techniques by enhancing their implementation issues while the research systems tend to use much more innovative techniques. Both sides use a large spectrum of techniques such as statistical methods, clustering techniques, diversification, Bayesian inference, genetic algorithms, payload modeling through n-grams, stochastic modeling, fuzzy logic, data mining and neural networks.