Wild-Inspired Intrusion Detection System Framework for High Speed Networks (f|p) IDS Framework

Wild-Inspired Intrusion Detection System Framework for High Speed Networks (f|p) IDS Framework

Hassen Sallay (Imam Muhamad Ibn Saud Islamic University, Saudi Arabia), Mohsen Rouached (Imam Muhamad Ibn Saud Islamic University, Saudi Arabia), Adel Ammar (Imam Muhamad Ibn Saud Islamic University, Saudi Arabia), Ouissem Ben Fredj (Imam Muhamad Ibn Saud Islamic University, Saudi Arabia), Khalid Al-Shalfan (Imam Muhamad Ibn Saud Islamic University, Saudi Arabia) and Majdi Ben Saad (Imam Muhamad Ibn Saud Islamic University, Saudi Arabia)
DOI: 10.4018/978-1-4666-2050-6.ch016
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

While the rise of the Internet and the high speed networks made information easier to acquire, faster to exchange and more flexible to share, it also made the cybernetic attacks and crimes easier to perform, more accurate to hit the target victim and more flexible to conceal the crime evidences. Although people are in an unsafe digital environment, they often feel safe. Being aware of this fact and this fiction, the authors draw in this paper a security framework aiming to build real-time security solutions in the very narrow context of high speed networks. This framework is called (f|p) since it is inspired by the elefant self-defense behavior which yields p (22 security tasks for 7 security targets).
Chapter Preview
Top

Introduction

Our digital environment has a fact and a fiction. The fact is that virtual mice, snakes, bats, camels, foxes and wolfs are there. Mice have no aim except the corruption, snakes spout venom everywhere, bats love to work in the dark, hateful camels look for revenge, foxes and wolf use cunning and Rogan to hit victims and conceal the crime. The fiction is that we often feel safe. Some behave as a peacock, proud of its security arsenal and infrastructure even if the attacks rain cats and dogs. Some others behave as an ostrich, only burying the head in the sand. Some others behave as a spider, protecting themselves by a security infrastructure as weak as a spider web. Being aware of this fact and this fiction, several efforts have been conducted in the literature. We survey briefly in the following some of these efforts from both industrial and academic sides.

From the industrial side, several real security platforms provide integral security solutions. They are known as hybrid IDS (Intrusion Detection System), since they are based on a merging between different techniques. We cite here CheckPoint IPS based mainly on Confidence indexing, Cisco IPS and BreachGate WebDefend based on behavior and statistical analysis, DeepNines BBX IPS, AirDefense Guard and BarbedWire IDS based on protocol analysis and data correlation (García-Teodoro et al., 2009). From academia, we cite the misuse based IDS Snort Inline and Snort with SPADE anomaly plug-in. Snort is largely considered as the de facto IDS (Roesch, 1999). BRO, from Lawrence Berkeley National Laboratory, is compatible with snort and includes semantic analysis at the application layer (Dreger et al., 2006), while EMERALD, from SRI laboratory, considers rule-based discovery and Bayesian networks (http://www.lsv.ens-cachan.fr/Software/orchids/), Intelligent IDS from Mississippi State University, GIDRE from University of Granada, Genetic Art- IDS from Northwestern University (García-Teodoro et al., 2009) and anagram form Columbia University. We note that the commercial systems basically tend to use well mature known techniques by enhancing their implementation issues while the research systems tend to use much more innovative techniques. Both sides use a large spectrum of techniques such as statistical methods, clustering techniques, diversification, Bayesian inference, genetic algorithms, payload modeling through n-grams, stochastic modeling, fuzzy logic, data mining and neural networks.

Complete Chapter List

Search this Book:
Reset