Survey on Host and Network Based Intrusion - MyAssignmenthelp.com

Question: Discuss about the Survey on Host and Network-Based Intrusion. Answer: Network Based Intrusion Detection and Prevention Systems: Attack Classification, Methodologies and Tools The authors, Harale and Meshram have described the attack classification, methodologies and tools associated with network-based intrusion detection (NIDS) and prevention systems in the journal. Some of the NIDS include SNORT, Cisco NIDS, Suricata and Bro, and many more. These can work on large networks without any interruptions and are not detectable by the malevolent entities. However, these may have issues in the detection of encrypted or fragmented packets. Open source and commercial are the modern NIDS that have been developed that may be signature-based or anomaly-based and have anti-evasion capabilities along with enhanced stability and reliability compatibility. Security effectiveness is also offered by NIDS vendors in the form of policy and alert handling, reporting, security management and configurations [1]. Survey on Host and Network Based Intrusion Detection System Two of the most popular types of intrusion detection systems are host-based and network-based systems. The authors, Das and Sarkar have provided the comparison and description of both of these systems in the journal. NIDS are the active systems that are deployed on small, medium or large networks to track and monitor the network traffic. These are usually OS independent and do not impact the functionality of other systems unlike host-based IDS. Neural networks and data mining techniques are being widely used and integrated in the modern age NIDS to understand the attack patterns and trends. These systems usually identify the attacks using signature-based identification method and may also include anomaly-based detection [2]. A Real-Time Network-Based Intrusion Detection System Using Self-Organizing Maps Self-Organizing Maps (SOM) and their application in the network-based intrusion detection systems has been explored by the authors, Labib and Vemuri in the research paper. SOM have the ability to classify the real-time data sets in a quicker, accurate and reliable manner. In the network-based intrusion detection systems, the technique may be applied on the Ethernet packets by extracting the IP addresses of destination, source and protocol type. After the data collection and pre-processing, data normalization and scaling followed by time representation can be carried out. The results represented that neuron clustering had a lot of difference in the normal traffic and the one simulated with the denial of service attack in the network [3]. Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context Network-based intrusion detection systems suffer from the challenge of evasion which can be resolved by integrating it with the host0based techniques for intrusion detection. Dreger and fellow authors have recommended and describe this amalgamated approach to deal with network and information security attacks. Bro is a distributed event-based intrusion detection system that separates detection mechanisms from the event processing. The architecture also includes policy configuration in the policy layer and supports the serialization and transmission of varied states. The involvement of host-based IDS in NIDS can overcome the issue of encrypted packets and evasion attacks. These will also enhance protocol analysis, adaptive security and IDS hardening [4]. Host and Network based Anomaly Detectors for HTTP Attacks The publication is a book written by Davide Ariu and comprises of six chapters to explain the role of host and network-based anomaly detectors for controlling and prevention of HTTP attacks. There may be several anomalies in network traffic on the basis of user behaviour, bug exploits, response anomalies, bugs in the attack, and evasion. Payload based anomaly detection across the networks can detect and control such conditions. PAYL is one of the most reliable network-based payload anomaly detectors that have been developed. Some of the other network-based anomaly detector methods include evading payload-based IDS, Multiple Classifiers Payload Anomaly Detector (McPAD), and HMM for Payload Analysis (HMMPayl). Web servers can be protected with the implementation of such detectors in the networks [5]. Network Intrusion Detection The TCP/IP model is used in most of the connections that have been established for the transmission and sharing of information from one place to the other. There are several network security attacks that take place in the process. The authors, Northcutt and Novak have explained the elements of network intrusion detection for network monitoring and control. TCPDump filters are used by the enterprises for the detection of abnormal network activity. Snort is a network-based intrusion detection system that has been successful in the detection and prevention of the attacks. One of the popular attacks is Mitnick or man-in-the-middle attack that can also be detected by the application of NIDS. There may be architectural and organizational issues that may be required to be resolved to experience benefits from the implementation of NIDS References [1]N. Harale and D. Meshram, "Network Based Intrusion Detection and Prevention Systems: Attack Classification , Methodologies and Tools", International Journal of Engineering And Science, vol. 6, no. 5, 2016. [2]N. Das and T. Sarkar, "Survey on Host and Network Based Intrusion Detection System", Int. J. Advanced Networking and Applications, vol. 6, no. 2, pp. 2266-2269, 2014. [3]K. Labib and R. Vemuri, "NSOM: A Real-Time Network-Based Intrusion Detection System Using Self-Organizing Maps", Web.cs.ucdavis.edu, 2018. [Online]. Available: https://web.cs.ucdavis.edu/~vemuri/papers/som-ids.pdf. [Accessed: 16- Jan- 2018]. [4]H. Dreger, C. Kreibich, V. Paxson and R. Sommer, "Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context", Icir.org, 2017. [Online]. Available: https://www.icir.org/vern/papers/dimva05.pdf. [Accessed: 16- Jan- 2018]. [5]D. Ariu, Host and Network based Anomaly Detectors for HTTP Attacks. Cagliari: Dept. of Electrical and Electronic Engineering University of Cagliari, 2010. [6]S. Northcutt and J. Novak, Network intrusion detection. Indianapolis, Ind.: New Riders, 2009.