Huge amounts of network traces can be collected from today’s busy computer networks for various analysis. These traces could be used to detect intruders and other unusual events. Real time detection of outliers from large data sets can lead to effective intrusion detection and prevention. Presently, due to lack of fast on-the-fly updating and processing capabilities intrusion detection systems ...

Intrusion Detection Systems (IDSs) are used to monitor computer systems for signs of security violations. Having detected such signs, IDSs trigger alerts to report them. These alerts are presented to a human analyst, who evaluates them and initiates an adequate response. In practice, IDSs have been observed to trigger thousands of alerts per day, most of which are false positives (i.e., alerts ...

There is often the need to update an installed Intrusion Detection System (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert security knowledge, changes to IDSs are expensive and require a large amount of programming and debugging. We describe a data mining framework for adaptively building Intrusion Detection...

As the capabilities of intrusion detection systems (IDSs) advance, attackers may disable organizations’ IDSs before attempting to penetrate more valuable targets. To counter this threat, we present an IDS architecture that is resistant to denial-of-service attacks. The architecture frustrates attackers by making IDS components invisible to attackers’ normal means of “seeing” in a network. Upon ...

Current accelerated demand of business continuity of operations in 24 × 7 work environment has increased the importance and amount of the data stored on computers and Storage Area Networks (SAN). A lot of security issues are pending related to the performance and ability of such high-speed network architecture. There is tremendous risk in the available intrusion detection systems and the securi...

There is often the need to update an installed Intrusion Detection System (IDS) due to new attack methods or upgraded computing environments. Since many current IDSs are constructed by manual encoding of expert security knowledge, changes to IDSs are expensive and require many hours of programming and debugging. We describe a data mining framework for adaptively building Intrusion Detection (ID...

It is 17 years since Dorothy Denning proposed the first intrusion detection model. These systems have evolved rapidly from that model to present alarm correlation methods. Up to the moment, researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several environments. A boundlessness of methods for misuse detection as well as anomaly detection has been applie...

Intrusion detection systems (IDSs) must maximize the realization of security goals while minimizing costs. In this paper, we study the problem of building cost-sensitive intrusion detection models. We examine the major cost factors associated with an IDS, which include development cost, operational cost, damage cost due to successful intrusions, and the cost of manual and automated response to ...

Present Intrusion Detection Systems (IDSs) for MANETs require continuous monitoring which leads to rapid depletion of a node’s battery life. To address this issue, we propose a new IDS scheme comprising a novel cluster leader election process and a hybrid IDS. The cluster leader election process uses the Vickrey– Clarke–Groves mechanism to elect the cluster leader which provides the intrusion d...

In the area of intrusion detection the misuse detection approach assumes that relevant activity violating security policies is known a priori and it provides for fast intrusion detection with low false alarm rate, thereby complementing the anomaly detection approach. Hence, misuse detection is an indispensable ingredient to a suitable strategy for intrusion detection. Misuse detection calls for...