Signature-based multi-layer distributed intrusion detection system using mobile agents

International Journal of Network Security

Volumn 15, Issue 2, 2013, Pages 97-105

  Uddin, Mueen ^a   Rehman, Azizah Abdul ^b   Uddin, Naeem ^b   Memon, Jamshed ^b   Alsaqour, Raed ^c   Kazi, Suhail ^b  

^a ASIA PACIFIC UNIVERSITY OF TECHNOLOGY AND INNOVATION   (Malaysia)

^b UNIVERSITI TEKNOLOGI MALAYSIA   (Malaysia)

^c UNIVERSITI KEBANGSAAN MALAYSIA   (Malaysia)

Author keywords

Anomaly based IDS; Intrusion detection systems; Mobile agent; Signature based IDS; Snort

Indexed keywords

ANOMALY-BASED IDS; DISTRIBUTED INTRUSION DETECTION SYSTEMS; INTRUSION DETECTION SYSTEMS; MALICIOUS ACTIVITIES; NETWORK INTRUSION DETECTION; SIGNATURE DATABASE; SIGNATURE-BASED IDS; SNORT;

COMPUTER CRIME; DATABASE SYSTEMS; INTRUSION DETECTION;

MOBILE AGENTS;

EID: 84875356217     PISSN: 1816353X     EISSN: 18163548     Source Type: Journal    
DOI: None     Document Type: Article

References (32)

1. M. Aldwairi, T. Conte, and P. Franzon, "Configurable string matching hardware for speeding up intrusion detection," ACM SIGARCH Computer Architecture News, vol. 33, no. 1, pp. 99-107, 2005.
2. R. Bace, An Introduction to Intrusion Detection & Assessment, Technical White Paper, ICSA, 1999.
3. R. G. Bace, Intrusion detection: Sams, 2000.
4. R. Base and P. Mell, Intrusion Detection Systems, National Institute of Standards and Technology (NIST), Special Publication, vol. 51, pp. 800-831, 2001.
5. D. Bailey, Sneeze. (http://archives.neohapsis.com/archives/snort/2001-08/0180.html)
6. J. Beale, A. R. Baker, B. Caswell, and M. Poor, Snort 2.1 Intrusion Detection: Syngress Media Inc, 2004.
7. T. Bhaskar, B. Narasimha Kamath, and S.D. Moitra, "A hybrid model for network security systems: Integrating intrusion detection system with survivability," International Journal of Network Security, vol. 7, no. 2, pp. 249-260, 2008.
8. S. Chen and Y. Tang, "Slowing down internet worms," in Proceedings of 24th International Conference on Distributed Computing Systems, pp. 312-319, 2004.
9. G. Coretez, Fun with Packets: Designing a Stick, Endeavor Systems, Inc, 2002.
10. D. Dagon, X. Qin, G. Gu, W. Lee, J. Grizzard, J. Levine, and H. Owen, "Honeystat: Local worm detection using honeypots," RAID 2004, LNCS 3224, pp. 39-58, 2004.
11. S. Dharmapurikar and J. Lockwood, "Fast and scalable pattern matching for content filtering," in Symposium on Architecture for networking and communications systems, pp. 183-192, 2005.
12. IDSwakeup. (http://www.hsc.fr/ressources/outils/idswakeup/index.html.en)
13. P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fernandez, and E. Vazquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," Computers and Security, vol. 28, no. 1-2, pp. 18-28, 2009.
14. F. Gong, Deciphering Detection Techniques: Part II Anomaly-based Intrusion Detection, White Paper, McAfee Security, 2003.
15. P. Kabiri and A. A. Ghorbani, "Research on intrusion detection and response: A survey," International Journal of Network Security, vol. 1, no. 2, pp. 84-102, 2005.
16. K. Kendall, A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems, S. M. Thesis, Massachusetts Institute of Technology, 1999.
17. D. Moore, C. Shannon, G. M. Voelker, and S. Savage, "Internet quarantine: Requirements for containing self-propagating code," in Twenty-Second Annual Joint Conference of the IEEE Computer and Comm-unications, pp. 1901-1910, 2003.
18. B. Mukherjee, L. T. Heberlein, and K. N. Levitt, "Network intrusion detection," IEEE Network, vol. 8, no. 3, pp. 26-41, 1994.
19. I. V. Onut and A. A. Ghorbani, "A feature classi-fication scheme for network intrusion detection," International Journal of Network Security, vol. 5, no 1, pp. 1-15, 2007.
20. R. U. Rehman, Intrusion Detection Systems with Snort, Upper Saddle River, New Jersey: Publishing as Prentice Hall PTR, 2003.
21. M. Roesch, "Snort-lightweight intrusion detection for networks," in Proceedings of LISA '99: 13th Systems Administration Conference, pp. 229-238, 1999.
22. R. Russell, Snort Intrusion Detection 2.0, Syngress Pub., 2003.
23. B. C. S. Ryu and J Kim, "design of packet detection system for high-speed network environment," in The 6th International Conference Advanced Comm-unication Technology, pp. 496-498, 2004.
24. M. Salour and X. Su, "Dynamic two-layer signature-based ids with unequal databases," in Fourth International Conference on Information Technology, pp. 77-82, 2007.
25. K. Scarfone and P. Mell, Guide to Intrusion Detection and Prevention Systems (Idps), NIST Special Publication, vol. 8, pp. 800-894, 2007.
26. Snort Users Manual 2.6.1. (www.snort.org/assets/166/snort_manual.pdf)
27. C. Sullo and D. Lodge, Nikto2. (http://cirt.net/nikto2)
28. M. Uddin, K. Khowaja, and A.A. Rehman, "Dynamic multi-layer signature based intrusion detection system using mobile agents," International Journal of Network Security & Its Applications (IJNSA), vol. 2, no. 4, pp. 129-141, 2010.
29. C. Wong, C. Wang, D. Song, S. Bielski, and G. R. Ganger, "Dynamic quarantine of Internet worms," in Proceedings of the 2004 International Conference on Dependable Systems and Networks, pp. 73-82, 2004.
30. P. S. Wheeler, Techniques for Improving the Per-formance of Signature-based Network Intrusion Detection Systems, University of California, 2006.
31. J. Zhang and M. Zulkernine, "Anomaly based network intrusion detection with unsupervised outlier detection," in IEEE International Conference on Communications, pp. 2388-2393, 2006.
32. Z. Zhang, H. Shen, and Y. Sang, "An observation-centric analysis on the modeling of anomaly-based intrusion detection," International Journal of Network Security, vol. 4, no. 3, pp. 292-305, 2007.