• Title/Summary/Keyword: IDS architectures

Search Result 4, Processing Time 0.022 seconds

A SURVEY ON INTRUSION DETECTION SYSTEMS IN COMPUTER NETWORKS

  • Zarringhalami, Zohreh;Rafsanjani, Marjan Kuchaki
    • Journal of applied mathematics & informatics
    • /
    • v.30 no.5_6
    • /
    • pp.847-864
    • /
    • 2012
  • In recent years, using computer networks (wired and wireless networks) has been widespread in many applications. As computer networks become increasingly complex, the accompanied potential threats also grow to be more sophisticated and as such security has become one of the major concerns in them. Prevention methods alone are not sufficient to make them secure; therefore, detection should be added as another defense before an attacker can breach the system. Intrusion Detection Systems (IDSs) have become a key component in ensuring systems and networks security. An IDS monitors network activities in order to detect malicious actions performed by intruders and then initiate the appropriate countermeasures. In this paper, we present a survey and taxonomy of intrusion detection systems and then evaluate and compare them.

Security of Ethernet in Automotive Electric/Electronic Architectures (차량 전자/전기 아키텍쳐에 이더넷 적용을 위한 보안 기술에 대한 연구)

  • Lee, Ho-Yong;Lee, Dong-Hoon
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.16 no.5
    • /
    • pp.39-48
    • /
    • 2016
  • One of the major trends of automotive networking architecture is the introduction of automotive Ethernet. Ethernet is already used in single automotive applications (e.g. to connect high-data-rate sources as video cameras), it is expected that the ongoing standardization at IEEE (IEEE802.3bw - 100BASE-T1, respectively IEEE P802.3bp - 1000BASE-T1) will lead to a much broader adoption in future. Those applications will not be limited to simple point-to-point connections, but may affect Electric/Electronic(EE) Architectures as a whole. It is agreed that IP based traffic via Ethernet could be secured by application of well-established IP security protocols (e.g., IPSec, TLS) combined with additional components like, e.g., automotive firewall or IDS. In the case of safety and real-time related applications on resource constraint devices, the IP based communication is not the favorite option to be used with complicated and performance demanding TLS or IPSec. Those applications will be foreseeable incorporate Layer-2 based communication protocols as, e.g., currently standardized at IEEE[13]. The present paper reflects the state-of-the-art communication concepts with respect to security and identifies architectural challenges and potential solutions for future Ethernet Switch-based EE-Architectures. It also gives an overview and provide insights into the ongoing security relevant standardization activities concerning automotive Ethernet. Furthermore, the properties of non-automotive Ethernet security mechanisms as, e.g., IEEE 802.1AE aka. MACsec or 802.1X Port-based Network Access Control, will be evaluated and the applicability for automotive applications will be assessed.

An Algorithm to Detect Bogus Nodes for a Cooperative Intrusion Detection Architecture in MANETs

  • Hieu Cao Trong;Dai Tran Thanh;Hong Choong-Seon
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2006.05a
    • /
    • pp.1117-1120
    • /
    • 2006
  • Wide applications because of their flexibilities and conveniences of Wireless Mobile Ad-hoc Networks (MANETs) also make them more interesting to adversaries. Currently, there is no applied architecture efficient enough to protect them against many types of attacks. Some preventive mechanisms are deployed to protect MANETs but they are not enough. Thus, MANETs need an Intrusion Detection System (IDS) as the second layer to detect intrusion of adversaries to response and diminish the damage. In this paper, we propose an algorithm for detecting bogus nodes when they attempt to intrude into network by attack routing protocol. In addition, we propose a procedure to find the most optimize path between two nodes when they want to communicate with each other. We also show that our algorithm is very easy to implement in current proposed architectures.

  • PDF

IoT Malware Detection and Family Classification Using Entropy Time Series Data Extraction and Recurrent Neural Networks (엔트로피 시계열 데이터 추출과 순환 신경망을 이용한 IoT 악성코드 탐지와 패밀리 분류)

  • Kim, Youngho;Lee, Hyunjong;Hwang, Doosung
    • KIPS Transactions on Software and Data Engineering
    • /
    • v.11 no.5
    • /
    • pp.197-202
    • /
    • 2022
  • IoT (Internet of Things) devices are being attacked by malware due to many security vulnerabilities, such as the use of weak IDs/passwords and unauthenticated firmware updates. However, due to the diversity of CPU architectures, it is difficult to set up a malware analysis environment and design features. In this paper, we design time series features using the byte sequence of executable files to represent independent features of CPU architectures, and analyze them using recurrent neural networks. The proposed feature is a fixed-length time series pattern extracted from the byte sequence by calculating partial entropy and applying linear interpolation. Temporary changes in the extracted feature are analyzed by RNN and LSTM. In the experiment, the IoT malware detection showed high performance, while low performance was analyzed in the malware family classification. When the entropy patterns for each malware family were compared visually, the Tsunami and Gafgyt families showed similar patterns, resulting in low performance. LSTM is more suitable than RNN for learning temporal changes in the proposed malware features.