Advocating for Hybrid Intrusion Detection Prevention System and Framework Improvement

Syed Rizvi, Gabriel Labrador, Matt Guyan, Jeremy Savan

Research output: Contribution to journalConference articlepeer-review

7 Scopus citations


The network systems of the world are fragile, and can come under attack from any source. The attack can be a denial-of-service (DoS) state or another type of threat. What keep the networks safe are the intrusion detection and prevention systems (IDPS). They constantly monitor network traffic and if a malicious threat is detected, the threat is blocked and reported for further analysis. However, every defensive system must always have some type of weakness. False negatives and false positives are some examples of how IDPS can fail to protect the network. In another instance, a skilled attacker may employ Direct Kernel Object Modification (DKOM) to trick the IDPS into detecting no malicious activities. The IDPS is strong, yet not strong enough. This paper presents a hybrid solution that incorporates both signature and anomaly based systems to detect and prevent more malicious attacks by intensifying what is cataloged to include common anomalies to the baselines used by the signature based systems. We also propose an improvement in the framework to current Host IDPS/Network using signature and anomaly based methodologies by implementing a hybrid VMM-based Honeypot into a theorized self-healing hybrid IDPS to further boost their advantages in efficiency and accuracy.

Original languageEnglish (US)
Pages (from-to)369-374
Number of pages6
JournalProcedia Computer Science
StatePublished - 2016
EventComplex Adaptive Systems, 2016 - Los Angeles, United States
Duration: Nov 2 2016Nov 4 2016

All Science Journal Classification (ASJC) codes

  • General Computer Science


Dive into the research topics of 'Advocating for Hybrid Intrusion Detection Prevention System and Framework Improvement'. Together they form a unique fingerprint.

Cite this