PDF Publication Title:
Text from PDF Page: 025
3.2.1 Intrusion detection Intrusion Detection Systems (IDS) [48][49][50][51] are an important element of the entire Security Ecosystem (SE) consisting of devices, applications, systems, procedures and personnel dedicated to preventing, detecting and avoiding intrusive, malicious activities or policy violations on a host or hosts network. These systems are deployed at different levels, from the highest levels of security analysts/administrators and Security Information and Event Management Systems (SIEM) to the lowest levels of firewalls, antivirus and intrusion detection and prevention systems [52][53]. The lower levels identify and report on the threats and can provide some mechanism for automatic actions (prevention systems), while the higher levels integrate, coordinate, prioritize, decide and launch the actions to be taken. SE components that detect, report and block threats: • Firewalls: A firewall allows or blocks outgoing or incoming traffic to an internal network. It is a perimeter security protection. They can work at the packet level, at the connection flow level or at application level, depending on which point of the network protocol hierarchy they operate. To identify threats, they usually look for specific content or signatures in the data (signature-based). It is a first line of defense, but it does not protect against internal attacks within the perimeter protected by the firewall. • Antivirus/antispyware: They are software installed in the host to alert and protect against virus and malware. They can be based on file scanning searching for defined bytes signatures of the virus. This is a signature-based approach. Another approach is to look for virus actions (behaviour-based approach), monitoring system events and searching for specific patterns or event correlations. • IDS: Intrusion detection systems (IDS) identify intrusions inside the security perimeter (e.g. established by a firewall). In a first classification, they can be differentiated into host-based IDS (HIDS) and network-based IDS (NIDS), depending on whether they detect threats at the network level or are deployed on a particular host, detecting intrusions only for that host. It is also possible to classify IDS by different detection approaches as: signature-based detection and anomaly-based detection. Signature-based detection methods use a database of previously identified bad patterns to identify and report an attack, while anomaly-based (aka behaviour-based) [54][55] detection uses a model to classify (label) traffic as good or bad, based mainly on supervised or unsupervised machine learning methods. One characteristic of anomaly-based methods is the need to deal with unbalanced data. This happens because intrusions in a system are usually an exception, difficult to separate from the usually more abundant normal traffic. Working with unbalanced data is often a challenge for both the prediction algorithms and performance metrics used to evaluate systems. All the works considered for this thesis are NIDS with anomaly-based models • Intrusion prevention systems: They are similar to IDSs but with the capacity to react to an intrusion with an automatic response (e.g. automatic reconfiguration of a network element) SE components that integrate information and coordinate the response to threat events: • SIEM: The function of a SIEM [52] is to aggregate security events, identify security threats and actuate by alerting security personnel and, in some cases, launching automatic commands on network elements. It is responsible for logging the necessary information about security events, including contextual information required by the security analyst to decide the best action. It will also log the information requested by legal or forensic requirements. A SIEM helps identify the relationship between events Doctoral Thesis: Novel applications of Machine Learning to NTAP - 23PDF Image | Novel applications of Machine Learning to Network Traffic Analysis
PDF Search Title:
Novel applications of Machine Learning to Network Traffic AnalysisOriginal File Name Searched:
456453_1175348.pdfDIY PDF Search: Google It | Yahoo | Bing
Cruise Ship Reviews | Luxury Resort | Jet | Yacht | and Travel Tech More Info
Cruising Review Topics and Articles More Info
Software based on Filemaker for the travel industry More Info
The Burgenstock Resort: Reviews on CruisingReview website... More Info
Resort Reviews: World Class resorts... More Info
The Riffelalp Resort: Reviews on CruisingReview website... More Info
| CONTACT TEL: 608-238-6001 Email: greg@cruisingreview.com | RSS | AMP |