China
Africa
Explore chapters and articles related to this topic
A Survey of Intrusion Detection Systems in Wireless Sensor Networks
Published in Georgios Kambourakis, Asaf Shabtai, Constantinos Kolias, Dimitrios Damopoulos, Intrusion Detection and Prevention for Mobile Ecosystems, 2017
Eleni Darra, Sokratis K. Katsikas
In response to the need for defending against these attacks, preventive, detective, and mitigation security mechanisms for WSNs have been developed. On the detective side, intrusion detection systems (IDSs) stand out as the most prevalent and widespread defensive mechanism. An IDS is a device or piece of software that monitors the network to detect unauthorized or malicious activities, such as attacks. It is responsible for monitoring the network, determining whether an attack is taking place, and preventing destruction of the system by raising an alarm or even possibly by taking action against the identified attacker. Within the operating characteristics of a WSN, an IDS must enjoy several properties not necessarily required of IDSs operating in other computing and communication environments.
Secure Design Of Vmi-Ids
Published in Amir Hussain, Mirjana Ivanovic, Electronics, Communications and Networks IV, 2015
Jiangyong Shi*, Chengye Li, Yuexiang Yang, Kun Jiang
Traditionally, there are two main kinds of IDS, namely Host Based IDS (HIDS) and Network Based IDS (NIDS). HIDS detects intrusion for the machine by collecting information such as file system used, network events, system calls, etc. HIDS has an excellent view of what is happening in that host's software, but is highly susceptible to attack. Besides, the efficiency is greatly dependent on choosing system characteristics of the host. While NIDS avoid the problem of being accessible by malware, it has a poor view of what's happening inside the host. Moreover, NIDS cannot detect any intrusion if the network traffic is encrypted, so it is impossible to detect intrusion in highly precise.
Intrusion Detection and Prevention Systems (IDPSs)
Published in Mohssen Mohammed, Al-Sakib Khan Pathan, Automatic Defense Against Zero-day Polymorphic Worms in Communication Networks, 2016
Mohssen Mohammed, Al-Sakib Khan Pathan
The IDSs and IPSs [2] are considered as main defense methods against Internet worms and other types of security attacks. The main function of an IDS is to monitor the events occurring in a computer system or network and analyze them to detect unauthorized activities, consequently alerting the security administrators to take appropriate actions. On the other hand, the main function of an IPS is to identify unauthorized activities and to attempt to block or stop them. An IPS can be considered a relatively more sophisticated system put in place to block an attack from its initial trial.
Design of advanced intrusion detection systems based on hybrid machine learning techniques in hierarchically wireless sensor networks
Published in Connection Science, 2023
Gebrekiros Gebreyesus Gebremariam, J. Panda, S. Indu
The frequency of cyber-attacks targeting international businesses is increasing, leading to the rapid development of intrusion detection systems (IDS) in both industry and academia (Mahbooba et al., 2021). The availability and confidentiality of the data may have been compromised as a result of attempts by attackers to break the network's security through vulnerabilities in the security measures (Abdulganiyu et al., 2023). IDS is a network security solution that collects and analyses network data to detect abnormal behaviour and protect system resources (Zhang et al., 2020). It is crucial in maintaining network security (Wang et al., 2021). Anomalies and misuse are two types of intrusions that can occur in WSNs. Anomaly detection utilises mathematical models and compares estimated feature values with reference values to identify deviations from normal behaviour (Godala & Vaddella, 2020). Misuse detection, on the other hand, relies on previously observed malicious activities and their specific patterns to identify intrusions.
Insider Intrusion Detection Techniques: A State-of-the-Art Review
Published in Journal of Computer Information Systems, 2023
An IDS is implemented as host-based or network-based. Host-based implementation works like a standalone system implemented on each component in the network and analyses the anomaly-based different attributes. Network-based implementation collects data from individual locations and analyses centrally to detect anomalies. It can be an agent-based system which coordinates different network events (higher layer events)6 and work exactly similarly to SIEM (Security Incident and Event management). Network-based intrusion detection can also be Network Behavior Analysis, network data flow analysis to detect lower-layer network attacks such as Denial of Service, worm propagation, policy violation, and scanning attacks. SIEM 2.0 combines these two aspects by implementing deep packet inspection.7 This research classifies the anomaly-based insider intrusion detection techniques based on the scope of implementation and also identifies the profiling data on each type of implementation.
Defense against distributed DoS attack detection by using intelligent evolutionary algorithm
Published in International Journal of Computers and Applications, 2022
Shubhra Dwivedi, Manu Vardhan, Sarsij Tripathi
Intrusion detection systems often use signature or anomaly detection techniques [9]. A signature-based IDS is based on knowledge base of known attack signatures which is made up-to-date on a regular basis. Network traffic that matches the signatures of the attack generates alarms. However, the main limitation of misuse-based IDS is that it cannot discover unknown attack patterns [7]. On the contrary, anomaly detection approach can able to identify previous unknown attack patterns because this technique does not make efforts to match particular attack signatures. Alternatively, it examines uneven runtime features that differentiate from normal network behavior [8]. Still, there exists limitation of large number of false alarms as such it has opened up wide research area for researchers [9]. The available network traffic data generally consists of redundant or irrelevant features that can considerably effect on classification performance. As a result, it can affect the performance of anomaly-based IDS and certainly delays the detection engine in making a correct decision [10]. Therefore, to obtain the optimal subset of features, it is required to employ suitable feature selection (FS) technique for the reduction of dimensionality [11].