The study examined the detection of attacks against computer networks, which is becoming a harder problem to solve in the field of Network security. A problem with current intrusion detection systems is that they have many false positive and false negative events. Most of the existing Intrusion detection systems implemented depend on rule-based expert systems where new attacks are not detectabl...

In this paper we present an approach for an agent-based early warning system (A-EWS) for critical infrastructures. In our approach we combine existing security infrastructures, e.g. firewalls or intrusion detection systems, with new detection approaches to create a global view and to determine the current threat state.

With the continuous development of network technology, an intrusion detection system needs to face efficiency and storage requirement when dealing with large data. A reasonable way alleviating this problem is instance selection, which can reduce space improve by selecting representative instances. An not only in its class but also different classes. This representativeness reflects importance i...

This paper presents a method to establish a rulebase based on multilayer intrusion detection. This rulebase contains two parts: the rulebase based on IP layer intrusion detection and the rulebase based on application layer intrusion detection. The former adopts a mixed quadratic network statistical model to test network traffic which has performances of dynamic principle and low False Positive ...

With the growth of hacking and exploiting tools and invention of new ways of intrusion, Intrusion detection and prevention is becoming the major challenge in the world of network security. It is becoming more demanding due to increasing network traffic and data on Internet. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not co...

Distributed intrusion detection systems (IDS) have many advantages such as scalability, subversion resistance, and graceful service degradation. However, there are some impediments when they are implemented. The mobile agent (MA) technology is of many features to suit the implementation of distributed IDS. In this paper, we propose a novel architecture _•• MA·IDS with MA technology for distribu...

Intrusion detection and response has traditionally been performed at the network and host levels That is intrusion monitors will typically analyze network packet logs or host machine audit logs for signs of intrusion activity More often than not commercial o the shelf COTS intrusion detection tools use ngerprints of known intrusions to detect their presence in these audit trails Both these appr...

One key feature of intrusion detection systems is their ability to provide a view of unusual activity and issue alerts notifying administrators and/or block a suspected connection. Intrusion detection is a process of identifying and responding to malicious activity targeted at computing and networking resources. Over the past decade, the field of IDS has been driven into overdrive by the explos...