The State of the Art in Intrusion Prevention and Detection
Format: PDF / Kindle (mobi) / ePub
The State of the Art in Intrusion Prevention and Detection analyzes the latest trends and issues surrounding intrusion detection systems in computer networks, especially in communications networks. Its broad scope of coverage includes wired, wireless, and mobile networks; next-generation converged networks; and intrusion in social networks.
Presenting cutting-edge research, the book presents novel schemes for intrusion detection and prevention. It discusses tracing back mobile attackers, secure routing with intrusion prevention, anomaly detection, and AI-based techniques. It also includes information on physical intrusion in wired and wireless networks and agent-based intrusion surveillance, detection, and prevention. The book contains 19 chapters written by experts from 12 different countries that provide a truly global perspective.
The text begins by examining traffic analysis and management for intrusion detection systems. It explores honeypots, honeynets, network traffic analysis, and the basics of outlier detection. It talks about different kinds of IDSs for different infrastructures and considers new and emerging technologies such as smart grids, cyber physical systems, cloud computing, and hardware techniques for high performance intrusion detection.
The book covers artificial intelligence-related intrusion detection techniques and explores intrusion tackling mechanisms for various wireless systems and networks, including wireless sensor networks, WiFi, and wireless automation systems. Containing some chapters written in a tutorial style, this book is an ideal reference for graduate students, professionals, and researchers working in the field of computer and network security.
Y. et al., Communications Magazine, IEEE, 51, 1, 27, 33, 2013.) 145 Cyber Security of Smart Grid Infrastructure The states in a power system are the complex voltage magnitude and the angles of each bus. If the state vector is X, then X = [δ1δ2δ3……δn V1V2V3……Vn]T Generally, the states of the system cannot be obtained directly; therefore, it is important to use the SE to infer the states from the measurement values. However, the measurement values may be noisy, which increases the
probability distributions of normal and abnormal activities. 29 Network Traffic Monitoring and Analysis NIDS Internet Firewall HIDS Local network IDS manager NIDS DMZ NIDS HIDS FIGURE 2.6 Example of classic intrusion detection solution. DMZ (“Demilitarized Zone”). Each segment of this connected network, (local network, DMZ, and Internet) holds a network-based intrusion detection system (NIDS) monitoring the corresponding network segment. In addition, those servers that are
three phases involved in the roaming decision. During the first phase, attacks on the entire network are detected and logged using an intrusion detection system (IDS). In the current implementation, network monitoring is done using SNORT IDS. It is working in inline mode at the network gateway. The SNORT is running at the gateway continuously. Attack logs are extracted from the SNORT logging utility on a fixed periodic basis. This work is exclusively handled by the data collection module.
monitor an entire production network and also to safeguard it. 188.8.131.52 Scenario The following Figure 4.3 shows such a network in which there is a production server with some hosts for which the administrator wants to have a honeynet. He also needs to know that once an attacker is detected he should be redirected to the honeynet. Again, inside the honeynet, he wants the attacker having a strong probability of a severe attack to be monitored by a honeygroup of highinteraction honeypots. For other
Available at http://suricata-ids.org/, 2013. 33. D. Day and B. Burns, “A performance analysis of Snort and Suricata network intrusion detection and prevention engines,” in 5th Int. Conf. on Digital Society, Gosier, Guadeloupe, pp. 187–192, 2011. 34. E. Albin and N. C. Rowe, “A realistic experimental comparison of the Suricata and Snort intrusion- detection systems,” in 26th IEEE Int. Conf. on Advanced Information Networking and Applications Workshops (WAINA), pp. 122–127, 2012.