Intrusion Detection Management System for eCommerce Security

One of the main problems in eCommerce applications and all other systems handling confidential information in general, is the matter of security. This paper introduces the idea of an intrusion detection management system to support the security. Intrusion detection per se, is the act of detecting an unauthorized intrusion by a computer or a network from the inside or the outside of the affected system, making an intrusion the attempt to compromise or otherwise do harm to other network devices. Next to the normal intrusion detection system an Intrusion Management System applies different Intrusion Detection Systems to not only detect a threat but also analyze it and propose counter measures to avoid the compromise of the guarded system. For the treatment plan, depending on the analysis, a multitude of counter measures is identified and ranked. The counter measure identification is done using data mining techniques on a counter measure repository, the final ranking through sorting algorithms. Of the numerous data mining techniques applicable for diagnostic or analytic purposes the nearest neighbor and the correlation coefficient techniques have been implemented. A feasibility study has shown that an analyzer can match a problem against a solution repository and find the optimal treatment suggestions, applied with a ranking, in an acceptable short period of time. Future work will include the analysis of attack characteristics and goals, and the interaction between system manager, response planning and execution module and the attack analyzer. Furthermore the counter measure repository will be evaluated and updated.