Intrusion threat detection from insider attack using learning behavior-based
In recent years, intrusion prevention system (IPS) had been developed as a new approach system to defend networking systems, which properly combines the firewall technique with the intrusion detection. When an attack is identified, intrusion prevention immediately blocks and logs the offending data....
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Published: |
Academic Journals
2012
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/30572/ https://academicjournals.org/journal/IJPS/article-abstract/2EAEF2116344 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknologi Malaysia |
| Summary: | In recent years, intrusion prevention system (IPS) had been developed as a new approach system to defend networking systems, which properly combines the firewall technique with the intrusion detection. When an attack is identified, intrusion prevention immediately blocks and logs the offending data. The primary IPS uses signature to identify activities in network traffic and the host will perform detection on inbound – outbound packets and would block that activity before the damage happens or the access is reached to the network resources. Signature is the primary factor in intrusion prevention, to identify something and then stopping it must be through the distinct characteristics. In this paper, we propose Behavior - based prevention to trigger mechanism and analyze correlation outbound traffic from inside user. We describe the habitual activity from outbound traffic, which is normal activity, suspicious threat or malicious threat uses traffic assessment. This paper also describes an algorithm for the complexity of the suspicious response. |
|---|