A behavior-based intrusion prevention system
Current intrusion prevention systems rely highly on a signature database to detect network attacks. The system provides an alternative to such systems by identifying attacks based on their behavior possibly enabling detection of undocumented attacks. The system works by undergoing a training period...
Saved in:
Main Authors: | , , , , , |
---|---|
Format: | text |
Published: |
Animo Repository
2008
|
Subjects: | |
Online Access: | https://animorepository.dlsu.edu.ph/faculty_research/8592 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | De La Salle University |
id |
oai:animorepository.dlsu.edu.ph:faculty_research-9173 |
---|---|
record_format |
eprints |
spelling |
oai:animorepository.dlsu.edu.ph:faculty_research-91732023-03-08T03:19:06Z A behavior-based intrusion prevention system Bundang, M. A. Ong, Arlyn Verina L. Goyena, K. Sy, M. Limengco, J. R. Cu, Gregory G. Current intrusion prevention systems rely highly on a signature database to detect network attacks. The system provides an alternative to such systems by identifying attacks based on their behavior possibly enabling detection of undocumented attacks. The system works by undergoing a training period which allows the behavior of the network to be gathered and modeled as references after which, rules are generated from this model. Network traffic that violate any of the rules are prohibited by the systems which is implemented as an in-line device monitoring traffic from the Internet to the local network and traffic from the local network to both inside and outside networks. To quantify the accuracy and efficiency of the system, several tests have been deployed with the variables being the time duration for the training phase, and the network from which the attacker would belong to, either from the inside or outside network. The test results include the time delay before detection of attack, the classification of attacks identified and flagged, and rules violated based on the training phase. From the results, it can be deducted that the system is faithful and dependent on the model. It is able to detect all of the attacks with minimal detection delay, the same attacks detected by a third-party system of comparison, Snort. However, when valid non-malicious packets that resemble those from attacks are inserted during the modeling phase, the accuracy of the system goes down by 50% unable to detect half of the attacks tested. The number and type of parameters which are included in the model and traffic analysis also limit the types of attacks that can be detected by the system. With these, the potential of the system being a solution to pattern-based intrusion prevention systems and day 0 attacks is probable. Still, improvements to the implementation of the system, such as increasing the traffic parameters modeled and analyzed, are still necessary to achieve maximum accuracy. The system can also be deployed together with pattern-based systems for future hybrid detection systems. 2008-07-23T07:00:00Z text https://animorepository.dlsu.edu.ph/faculty_research/8592 Faculty Research Work Animo Repository Intrusion detection systems (Computer security) Computer networks—Security measures Information Security |
institution |
De La Salle University |
building |
De La Salle University Library |
continent |
Asia |
country |
Philippines Philippines |
content_provider |
De La Salle University Library |
collection |
DLSU Institutional Repository |
topic |
Intrusion detection systems (Computer security) Computer networks—Security measures Information Security |
spellingShingle |
Intrusion detection systems (Computer security) Computer networks—Security measures Information Security Bundang, M. A. Ong, Arlyn Verina L. Goyena, K. Sy, M. Limengco, J. R. Cu, Gregory G. A behavior-based intrusion prevention system |
description |
Current intrusion prevention systems rely highly on a signature database to detect network attacks. The system provides an alternative to such systems by identifying attacks based on their behavior possibly enabling detection of undocumented attacks. The system works by undergoing a training period which allows the behavior of the network to be gathered and modeled as references after which, rules are generated from this model. Network traffic that violate any of the rules are prohibited by the systems which is implemented as an in-line device monitoring traffic from the Internet to the local network and traffic from the local network to both inside and outside networks. To quantify the accuracy and efficiency of the system, several tests have been deployed with the variables being the time duration for the training phase, and the network from which the attacker would belong to, either from the inside or outside network. The test results include the time delay before detection of attack, the classification of attacks identified and flagged, and rules violated based on the training phase. From the results, it can be deducted that the system is faithful and dependent on the model. It is able to detect all of the attacks with minimal detection delay, the same attacks detected by a third-party system of comparison, Snort. However, when valid non-malicious packets that resemble those from attacks are inserted during the modeling phase, the accuracy of the system goes down by 50% unable to detect half of the attacks tested. The number and type of parameters which are included in the model and traffic analysis also limit the types of attacks that can be detected by the system. With these, the potential of the system being a solution to pattern-based intrusion prevention systems and day 0 attacks is probable. Still, improvements to the implementation of the system, such as increasing the traffic parameters modeled and analyzed, are still necessary to achieve maximum accuracy. The system can also be deployed together with pattern-based systems for future hybrid detection systems. |
format |
text |
author |
Bundang, M. A. Ong, Arlyn Verina L. Goyena, K. Sy, M. Limengco, J. R. Cu, Gregory G. |
author_facet |
Bundang, M. A. Ong, Arlyn Verina L. Goyena, K. Sy, M. Limengco, J. R. Cu, Gregory G. |
author_sort |
Bundang, M. A. |
title |
A behavior-based intrusion prevention system |
title_short |
A behavior-based intrusion prevention system |
title_full |
A behavior-based intrusion prevention system |
title_fullStr |
A behavior-based intrusion prevention system |
title_full_unstemmed |
A behavior-based intrusion prevention system |
title_sort |
behavior-based intrusion prevention system |
publisher |
Animo Repository |
publishDate |
2008 |
url |
https://animorepository.dlsu.edu.ph/faculty_research/8592 |
_version_ |
1767196888131436544 |