An intrusion detection system (IDS) is a device or application that monitors all Host based IDS refers to intrusion detection that takes place on a single host. Host-based Intrusion Detection System (HIDS) and File Integrity Monitoring (FIM) policy violations, vulnerable software, or suspicious communications. An IDS can be a piece of installed software or a physical appliance Host intrusion de...

A distributed network intrusion detection system (IDS) called SA-NIDS is proposed based on the network-based intrusion detection architecture. It includes three basic components, Local Intrusion Detection Monitor (LIDM), Global Intrusion Detection Controller (GIDC), and Surveillance Agent (SA). Basically, the LIDM is used to do packets capturing, packets de-multiplexing, local intrusion detecti...

In the field of network intrusion detection, both the signature-based intrusion detection system and the machine learning-based intrusion detection system possess advantages and disadvantages. When the two discrepant systems are combined in a way that the former is used as the main system and the latter as a supporting system, the machine learning-based intrusion detection system measures the v...

Cloud computing has become an attractive target for attackers as the mainstream technologies in the cloud, such as the virtualization and multitenancy, permit multiple users to utilize the same physical resource, thereby posing the so-called problem of internal facing security. Moreover, the traditional network-based intrusion detection systems (IDSs) are ineffective to be deployed in the cloud...

KDD 99 intrusion detection datasets, which are based on DARPA 98 dataset, provides labeled data for researchers working in the field of intrusion detection and is the only labeled dataset publicly available. Numerous researchers employed the datasets in KDD 99 intrusion detection competition to study the utilization of machine learning for intrusion detection and reported detection rates up to ...

Mobile ad-hoc networks are temporary wireless networks. Network resources are abnormally consumed by intruders. Anomaly and signature based techniques are used for intrusion detection. Classification techniques are used in anomaly based techniques. Intrusion detection techniques are used for the network attack detection process. Two types of intrusion detection systems are available. They are a...

We present Poseidon, a new anomaly based intrusion detection system. Poseidon is payload-based, and presents a two-tier architecture: the first stage consists of a Self-Organizing Map, while the second one is a modified PAYL system [22]. Our benchmarks on the 1999 DARPA data set [15] show a higher detection rate and lower number of false positives than PAYL and PHAD.

Predicting different behaviors in computer networks is the subject of many data mining researches. Providing a balanced Intrusion Detection System (IDS) that directly addresses the trade-off between the ability to detect new attack types and providing low false detection rate is a fundamental challenge. Many of the proposed methods perform well in one of the two aspects, and concentrate on a su...

This paper presents our statistical based intrusion detection framework for computer networks. This framework uses the six sigma technique to identify the thresholds for the critical network parameters. With the help of raw network data, the thresholds identified are used to differentiate normal, uncertain and abnormal behavior due to network intrusion. This is then used for efficient detection...