文章基本信息

标题：A Hybrid Mitigation Technique for Malicious Network Traffic based on Active Response
本地全文：下载
作者：Ayei E. Ibor ; Gregory Epiphaniou
期刊名称：International Journal of Security and Its Applications
印刷版ISSN：1738-9976
出版年度：2015
卷号：9
期号：4
页码：63-80
DOI：10.14257/ijsia.2015.9.4.08
出版社：SERSC
摘要：The rapid increase in advanced persistent threats in the cyber space engenders full attention to the use of intrusion detection with emphasis on Artificial Intelligence-based intrusion detection systems as a mitigation mechanism. The sharp increase in attack surfaces can be partially attributed to the fact that Internet becomes the de facto means of converged communications and online transactions accommodating different types of services under the same scheme. Most current intrusion detection systems (IDS) deploy signature patterns of known attacks and anomaly detection approaches in detecting intrusions in an attempt to reduce the computational complexity introduced by large scale data sets. However, these approaches have been proved to be inadequate to detect novel attacks often resulting in a high false positive rate. This research will therefore seek to address the issue of detecting persistent network threats by combining the approaches of misuse and anomaly detection in one system. Our algorithm incorporates the concept of active response against all four broad attack types analyzed in the literature to realize another algorithm for intrusion detection and prevention as well as active response called HYBRITQ-4. The algorithm introduces a mechanism for classifying packets based on protocol information to enhance pattern searches and matching when detecting abnormal packets. Findings from our investigation suggest that the proposed algorithm can efficiently improve the detection rate, false positive rate and accuracy of detecting intrusions in patterns of known and novel attacks.
关键词：Intrusion detection; security; data mining; algorithm; attack patterns