Search results for "Intrusion detection system"

showing 10 items of 51 documents

Local Monitor Implementation for Decentralized Intrusion Detection in Secure Multi–Agent Systems

2007

This paper focuses on the detection of misbehav- ing agents within a group of mobile robots. A novel approach to automatically synthesize a decentralized Intrusion Detection System (IDS) as well as an efficient implementation of local monitors are presented. In our scenario, agents perform possi- bly different independent tasks, but cooperate to guarantee the entire system’s safety. Indeed, agents plan their next actions by following a set of logic rules which is shared among them. Such rules are decentralized, i.e. they depend only on configurations of neighboring agents. However, some agents may not be acting according to this cooperation protocol, due to spontaneous failure or tampering.…

Engineeringbusiness.industryMulti-agent systemDistributed computingReal-time computingMobile robotIntrusion detection systemsecuritySpace (commercial competition)Set (abstract data type)Settore ING-INF/04 - AutomaticaIntrusion detectionmulti-agent systemsRule of inferencebusinessProtocol (object-oriented programming)
researchProduct

A low-cost embedded IDS to monitor and prevent Man-in-the-Middle attacks on wired LAN environments

2007

A man-in-the-middle (MitM) attack is, in the scope of a LAN, a technique where an attacker is able to redirect all traffic between two hosts of that same LAN for packet sniffing or data manipulation, without the end hosts being aware of it. Usually these attacks exploit security flaws in the implementation of the ARP protocol at hosts. Up to now, detecting such attacks required setting up a machine with special-purpose software for this task. As an additional problem, few intrusion detection systems (IDS) are able to prevent MitM attacks. In this work we present a low-cost embedded IDS which, when plugged into a switch or hub, is able to detect and/or prevent MitM attacks automatically and …

Exploitbusiness.industryComputer scienceLocal area networkNetwork interfaceIntrusion detection systemMan-in-the-middle attackComputer securitycomputer.software_genreTask (computing)Packet analyzerAddress Resolution ProtocolbusinesscomputerComputer networkThe International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007)
researchProduct

A two-armed bandit collective for hierarchical examplar based mining of frequent itemsets with applications to intrusion detection

2014

Published version of a chapter in the book: Transactions on Computational Collective Intelligence XIV. Also available from the publisher at: http://dx.doi.org/10.1007/978-3-662-44509-9_1 In this paper we address the above problem by posing frequent item-set mining as a collection of interrelated two-armed bandit problems. We seek to find itemsets that frequently appear as subsets in a stream of itemsets, with the frequency being constrained to support granularity requirements. Starting from a randomly or manually selected examplar itemset, a collective of Tsetlin automata based two-armed bandit players - one automaton for each item in the examplar - learns which items should be included in …

Finite-state machineVDP::Technology: 500::Information and communication technology: 550::Computer technology: 551Computational complexity theoryData stream miningComputer scienceNearest neighbor searchSearch engine indexingInformationSystems_DATABASEMANAGEMENTIntrusion detection systemcomputer.software_genreCardinalityAnomaly detectionData miningcomputer
researchProduct

Survey: Intrusion Detection Systems in Encrypted Traffic

2016

Intrusion detection system, IDS, traditionally inspects the payload information of packets. This approach is not valid in encrypted traffic as the payload information is not available. There are two approaches, with different detection capabilities, to overcome the challenges of encryption: traffic decryption or traffic analysis. This paper presents a comprehensive survey of the research related to the IDSs in encrypted traffic. The focus is on traffic analysis, which does not need traffic decryption. One of the major limitations of the surveyed researches is that most of them are concentrating in detecting the same limited type of attacks, such as brute force or scanning attacks. Both the …

Focus (computing)Traffic analysisNetwork packetComputer sciencebusiness.industryComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS05 social sciencesPayload (computing)020206 networking & telecommunications02 engineering and technologyIntrusion detection systemComputer securitycomputer.software_genreEncryptionSet (abstract data type)Brute force0202 electrical engineering electronic engineering information engineering0501 psychology and cognitive sciencesbusinesscomputer050104 developmental & child psychology
researchProduct

Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic

2016

Distributed denial-of-service (DDoS) attacks are one of the most serious threats to today’s high-speed networks. These attacks can quickly incapacitate a targeted business, costing victims millions of dollars in lost revenue and productivity. In this paper, we present a novel method which allows us to timely detect application-layer DDoS attacks that utilize encrypted protocols by applying an anomaly-based approach to statistics extracted from network packets. The method involves construction of a model of normal user behavior with the help of weighted fuzzy clustering. The construction algorithm is self-adaptive and allows one to update the model every time when a new portion of network tr…

Fuzzy clusteringbusiness.industryNetwork securityComputer scienceNetwork packet05 social sciencesDenial-of-service attack02 engineering and technologyIntrusion detection systemEncryption0502 economics and business0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingAnomaly detectionActivity-based costingbusiness050203 business & managementComputer network
researchProduct

A critical review on the implementation of static data sampling techniques to detect network attacks

2021

International audience; Given that the Internet traffic speed and volume are growing at a rapid pace, monitoring the network in a real-time manner has introduced several issues in terms of computing and storage capabilities. Fast processing of traffic data and early warnings on the detected attacks are required while maintaining a single pass over the traffic measurements. To palliate these problems, one can reduce the amount of traffic to be processed by using a sampling technique and detect the attacks based on the sampled traffic. Different parameters have an impact on the efficiency of this process, mainly, the applied sampling policy and sampling ratio. In this paper, we investigate th…

General Computer ScienceComputer science020209 energyReal-time computingintrusion detection system (IDS)data streamsContext (language use)02 engineering and technologyIntrusion detection system[INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE]Data sampling[INFO.INFO-IU]Computer Science [cs]/Ubiquitous Computing[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]statistical analysisSampling process0202 electrical engineering electronic engineering information engineeringGeneral Materials ScienceStatic dataGeneral EngineeringVolume (computing)Process (computing)Sampling (statistics)Internet traffic[INFO.INFO-MO]Computer Science [cs]/Modeling and SimulationTK1-9971[INFO.INFO-MA]Computer Science [cs]/Multiagent Systems [cs.MA]020201 artificial intelligence & image processing[INFO.INFO-ET]Computer Science [cs]/Emerging Technologies [cs.ET]Electrical engineering. Electronics. Nuclear engineering[INFO.INFO-DC]Computer Science [cs]/Distributed Parallel and Cluster Computing [cs.DC]
researchProduct

A framework for behavior-based detection of user substitution in a mobile context

2007

Personal mobile devices, such as mobile phones, smartphones, and communicators can be easily lost or stolen. Due to the functional abilities of these devices, their use by unintended persons may result in severe security breaches concerning private or corporate data and services. Organizations develop their security policy and employ preventive techniques to combat unauthorized use. Current solutions, however, are still breakable and there is a strong need for means to detect user substitution when it happens. A crucial issue in designing such means is to define the measures to be monitored. In this paper, a structured conceptual framework for mobile-user substitution detection is proposed.…

General Computer ScienceComputer sciencemedia_common.quotation_subjectUser modelingSubstitution (logic)Computer user satisfactionIntrusion detection systemComputer securitycomputer.software_genreSecurity policyUser interface designHuman–computer interactionPersonalityLawcomputerMobile devicemedia_commonComputers & Security
researchProduct

Smart Grid Security: A new Approach to Detect Intruders in a Smart Grid Neighborhood Area Network

2016

International audience; In this paper, we propose an efficient and lightweight attack detection mechanism for a smart grid Neighborhood Area Network (NAN) that combine between distributed and centralized intrusion detection. A NAN includes the customers' appliances, smart meters and collectors. The smart meters measure the power consumption of each appliance and the collectors aggregate the measures and forward them to the control center for analysis. Intrusion Detection System (IDS) agents, proposed in our framework, run in a distributed fashion at smart meters level and in a centralized fashion at collector and control center nodes. A combination between a rule-based detection and a learn…

Intruder detection[ INFO ] Computer Science [cs]Computer science[SPI] Engineering Sciences [physics][ INFO.INFO-NI ] Computer Science [cs]/Networking and Internet Architecture [cs.NI]Denial-of-service attack02 engineering and technologyIntrusion detection system[INFO] Computer Science [cs]Resource exhaustion0202 electrical engineering electronic engineering information engineering[ SPI ] Engineering Sciences [physics]Neighborhood area networkSmart GridFalse data injection[INFO.INFO-NI] Computer Science [cs]/Networking and Internet Architecture [cs.NI]business.industrySmart grid security020208 electrical & electronic engineering020206 networking & telecommunicationsAttackGrid[SPI.TRON] Engineering Sciences [physics]/Electronics[ SPI.TRON ] Engineering Sciences [physics]/ElectronicsSmart gridDoSbusinessEnergy (signal processing)Computer networkEfficient energy use
researchProduct

Two tiered privacy enhanced intrusion detection system architecture

2009

The paper describes an architecture for privacy-enhanced intrusion detection systems, that separates privacy-invasive and privacy-preserving operations. This can be useful in cases where less sensitive network monitoring is outsourced to a third party and more sensitive network monitoring operations and data forensics are performed in-house or by law enforcement agencies.

Network forensicsInformation privacyComputer sciencePrivacy policyLaw enforcementXACMLComputingMilieux_LEGALASPECTSOFCOMPUTINGIntrusion detection systemNetwork monitoringComputer securitycomputer.software_genreHost-based intrusion detection systemcomputercomputer.programming_language2009 IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications
researchProduct

Learning Temporal Regularities of User Behavior for Anomaly Detection

2001

Fast expansion of inexpensive computers and computer networks has dramatically increased number of computer security incidents during last years. While quite many computer systems are still vulnerable to numerous attacks, intrusion detection has become vitally important as a response to constantly increasing number of threats. In this paper we discuss an approach to discover temporal and sequential regularities in user behavior. We present an algorithm that allows creating and maintaining user profiles relying not only on sequential information but taking into account temporal features, such as events' lengths and possible temporal relations between them. The constructed profiles represent …

Network securitybusiness.industryComputer scienceAnomaly detectionArtificial intelligenceIntrusion detection systemData miningAnomaly (physics)businesscomputer.software_genrecomputer
researchProduct