TY - JOUR
T1 - Advocating for Hybrid Intrusion Detection Prevention System and Framework Improvement
AU - Rizvi, Syed
AU - Labrador, Gabriel
AU - Guyan, Matt
AU - Savan, Jeremy
N1 - Publisher Copyright:
© 2016 The Authors.
PY - 2016
Y1 - 2016
N2 - The network systems of the world are fragile, and can come under attack from any source. The attack can be a denial-of-service (DoS) state or another type of threat. What keep the networks safe are the intrusion detection and prevention systems (IDPS). They constantly monitor network traffic and if a malicious threat is detected, the threat is blocked and reported for further analysis. However, every defensive system must always have some type of weakness. False negatives and false positives are some examples of how IDPS can fail to protect the network. In another instance, a skilled attacker may employ Direct Kernel Object Modification (DKOM) to trick the IDPS into detecting no malicious activities. The IDPS is strong, yet not strong enough. This paper presents a hybrid solution that incorporates both signature and anomaly based systems to detect and prevent more malicious attacks by intensifying what is cataloged to include common anomalies to the baselines used by the signature based systems. We also propose an improvement in the framework to current Host IDPS/Network using signature and anomaly based methodologies by implementing a hybrid VMM-based Honeypot into a theorized self-healing hybrid IDPS to further boost their advantages in efficiency and accuracy.
AB - The network systems of the world are fragile, and can come under attack from any source. The attack can be a denial-of-service (DoS) state or another type of threat. What keep the networks safe are the intrusion detection and prevention systems (IDPS). They constantly monitor network traffic and if a malicious threat is detected, the threat is blocked and reported for further analysis. However, every defensive system must always have some type of weakness. False negatives and false positives are some examples of how IDPS can fail to protect the network. In another instance, a skilled attacker may employ Direct Kernel Object Modification (DKOM) to trick the IDPS into detecting no malicious activities. The IDPS is strong, yet not strong enough. This paper presents a hybrid solution that incorporates both signature and anomaly based systems to detect and prevent more malicious attacks by intensifying what is cataloged to include common anomalies to the baselines used by the signature based systems. We also propose an improvement in the framework to current Host IDPS/Network using signature and anomaly based methodologies by implementing a hybrid VMM-based Honeypot into a theorized self-healing hybrid IDPS to further boost their advantages in efficiency and accuracy.
UR - http://www.scopus.com/inward/record.url?scp=84998775110&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84998775110&partnerID=8YFLogxK
U2 - 10.1016/j.procs.2016.09.347
DO - 10.1016/j.procs.2016.09.347
M3 - Conference article
AN - SCOPUS:84998775110
SN - 1877-0509
VL - 95
SP - 369
EP - 374
JO - Procedia Computer Science
JF - Procedia Computer Science
T2 - Complex Adaptive Systems, 2016
Y2 - 2 November 2016 through 4 November 2016
ER -