The history of Intrusion detection and prevention

The history of Intrusion detection and prevention

Background description

This is a system that observes the traffic network that involves suspicious activities and gives instant alerts at the moment such business is noticed. The anomaly notification and providing information is the first function; several intrusion detection systems have the capability of taking actions whenever unusual activity is identified, which might be stopping traffic transition from suspicious IP addresses. Even though this system observes the network for potentially malicious actions, they tend to send incorrect signals. Therefore institutions are supposed to have correctly configured their intrusion detections programs to identify the actual traffic on their network appears to be in comparison capability malicious activity. The group will give the genesis of intrusion detection and prevention, the types of flavors, methods of detections, how the system is used in cloud computing, and mainly the security issues.

An intrusion detection system is a computerized software application that observes policy violation that facilitates reporting of such action to the administrator or picked centrally by the use of security information and event management system (SIEM). This system puts together outputs from various origins and uses alarm filtering methods to differentiate malicious activity from incorrect warnings. IDS are of different ranges; the most used is network intrusion detection systems (NIDS) and host_based intrusion detection systems (HIDS). The system that observes important functional systems files is a HIDS type, while incoming network traffic is a type of NIDS.  The NIDS is installed in a strategic location around the network to observe towards and out from all devices on the net.  Its purpose is to analyze moving traffic on the all subnet. At the moment the action is sensed, the alarm is transmitted to the administrator. This system has the ability of comparing signatures of the same packets to connect and avoid dangerous identified packages that possess similar signatures with those of the records in the NIDS.

This system can be integrated with other technologies to boost detection and prediction volumes. Artificial Neural Network set IDS to have the ability to analyze large amounts of data in a perfect method as a result of the self-organizing model that enables INS IDS to many suitable accepted intrusion patterns. The neural network helps IDS in determining attacks by studying from the wrong actions. This system helps in building immediate warning systems concerning two layers. The first layer recognizes single arithmetic, and the following layer incorporates the first’s layers outputs to input. This system can average 99% notifications and clarification rate in the following categories: probe, user_to_root, DOS, and Remote_to_Local.

IDS works as a protection item on the web, and there has been an increase in the use of this system in the application such as e_banking. The social network, online blogs, and e_commerce websites it has become a regular platform for transmitting information and delivering online services. This days web application security is an appropriate action in information security as a result of expansion growth in the number of web attacks. As indicated in the 2017 Internet Security Threat Report (ISTR), over 80% of websites were found to at a risk of attack.

Many of the defensive application mechanisms have been used by institutions to ensure sufficient protection for web use. Web Application Firewall (WAF) is the most extensive known application way used by organizations and institutions to protect the web use after deployment. This application, at first stage, analyzes the web command before they are transmitted to the web application and if locked and got malicious. Intrusion detection application is the recent in the domain of web use security.

Introduction

The IDS began back over thirty years when expanding enterprise network access lead to a new challenge. The anxiety of user access and user observation. As days kept moving, operations increased depending on the shared utilized information system, levels of access to the systems. IDS was invented by James in (1980), and the main purpose of the system was to detect intrusions. Still, it was found that the system does not recognize the intrusions but identifies evidence of intrusions either at the time the instruction is ongoing or after the fact. It is a process of monitoring the activities that ongoing in a computer and evaluates them for symbols of possible incidents that are committing computer security laws. IDS is an application that detects the intrusion practices while intrusion prevention is an act of detection and methods to stop notified actions and reporting them to legal administers Bedros, et al. ( 2015).

Analysis of the system

These systems are mainly used to identify vulnerable issues like login information and giving alerts on attempts. They tend to provide information on matters related to security, keeping possible threats, and warning people from breaking security laws (Maske, et al. 2016, August).  IDPS has become an essential tool for the prevention and monitoring of security to the infrastructure in many organizations. The majority of these systems use different methods of existing detection methods. Every detection approach operates on a given set of principles. The procedures used by this system for detection includes;

The Misuse_Based Intrusion Detection

This approach utilizes a set of organized signatures that represent the patterns of known attacks to separate malicious activities. This approach can notify known attacks very precisely with a low false_ positive rate, but it does not detect unknown ones. The database signature has to be updated to recognize the recent attacks and the previous attacks.

Anomaly­­­-Based

This technique believes that malicious actions significantly differ from the expected character and can be studied quantitatively. The arriving events are interpreted to confirm if they differ from the normal ones. Unlike the first approach, this system support notification of unknown and novel attacks, and it can be taught to collect the problems brought by the custom vulnerability. This approach can make the accepted character by applying a multitude of various machine learning processes, and picking the suitable ones is a significant action. It has the difficulty of identifying the abundance of a variety of machine learning parameters. The large threshold number can have an increasing number of unnoticed attacks. Also, the massive lenient configuration may bring false_positive alarms. In cases where the website traffic is significantly shifting, it requires an excellent model to detect.

Policy­-Based

This approach is now days been used more as it overcomes the limitations encountered in the first two approaches.  This approach uses established boundaries between the allowed and those not permitted activities by utilizing generated rules. It solves the problem of unknown attacks and clarifying the usual and unseen actions into one. For this system to work, there should be designed policies, and they should be defined. The procedures are implemented in an orderly manner to avoid deadlock situations.

Hybrid Intrusion Detection

It is a combination of various intrusion detection methods to form a single fused system (Liu,et.,al2018, July). It gives a proper operation is it uses the strength of the combined approach. It can pose a layered or parallel architecture in determining the correct order of combined components that classify events into protected classes.

Security issues

Open the free wire networks, this enables employees to access online, but it has a problem of been prone to hackers since they can capture data that gets in and out of the computers. The best way to protect this is through the use of secured passwords.

Email is not safe

A business using an old email system like POP is at risk of hacking. It is recommended to upgrade new emails.

Mobile phones that are not secured

Using a phone to connect to business and linked to working email, and it does not have a screen lock in case it gets lost, someone can use to access your business information.

Anti-virus scanners lack maintenance

It is crucial that malware and spyware scanners that are in all computers and tablets keep scanning during work time. If someone shuts the scanner, it leaves the system unsecured, therefore exposing companies’ information to the risk of been obtained by someone else.

Absence of firewalls

This is a network security tool that is installed to block some network access and data been taken from the network it is suitable for network security

CLOUD COMPUTING

It’s the provision of computational resources on need by use of computers. Computer users can send a question to service providers without having the wanted software or hardware. Intrusions are brought by hackers accessing the system by use of the internet; the way of accessing information from the cloud compares the behavior-based that confirms how to make recent comparison users to normal behavior (Deshande, et al. 2018).   IDS increases the clouds’ safety amount by giving these methods of detection. The other way is knowledge-based criteria that identify trails that remained behind after attacks. The audited information is transferred to the IDS core to identify deviations. This comprises of two subsystems that are analyzer and alert systems.

Artificial intelligence is the recent emerging technology that makes computers adapt to the behavior of people. This technology has a vital role in identifying intrusions and much considered as the best method in changing and making IDS. In recent years neural networks algorithms are becoming as a brand artificial intelligence method that can be used to apply to actual time problems. The raised system is to notify a classification of botnet hacks that have a severe threat to the money sector and financial services. This system is made by incorporating artificial intelligence on a real cyber defense dataset.

Systems using the internet together with voice over internet protocol are an option to a network of landline telephony. The products obtained from systems enable users to pass information to their families, friends, and employees when they are online. The problem with this system is the internet safety vulnerability. A simple way to catch the VoIP is through a spam over Telephony (SPIT).

   Conclusion

The threats to the web is an excellent issue for information security. IDS has become a security methodology used to protect the application against attacks. This system has been used to control network-based attacks. The development of IDS has enabled a method of preventing web-based attacks that require more focus by those interested people.

REFERENCES

Bedros, S. J., Gellaboina, M. K., & Eswara, L. M. (2015). U.S. Patent Application No. 13/935,022

Abali, B., Banikazemi, M., & Poff, D. E. (2018). U.S. Patent No. 9,928,384. Washington, DC: U.S. Patent and Trademark Office.

Dixit, P., & Thanos, D. (2016). U.S. Patent No. 9,405,900. Washington, DC: U.S. Patent and Trademark Office. Abali, B., Banikazemi, M., & Poff, D. E. (2018). U.S. Patent No. 9,928,384. Washington, DC: U.S. Patent and Trademark Office

Deshpande, P., Sharma, S. C., Peddoju, S. K., & Junaid, S. (2018). HIDS: A host-based intrusion detection system for the cloud computing environment. International Journal of System Assurance Engineering and Management, 9(3), 567-576.

Maske, S. A., & Parvat, T. J. (2016, August). Advanced anomaly intrusion detection technique for a host-based system using system call patterns. In 2016 International Conference on Inventive Computation Technologies (ICICT) (Vol. 2, pp. 1-4). IEEE.

Liu, K., Fan, Z., Liu, M., & Zhang, S. (2018, July). Hybrid Intrusion Detection Method Based on K-Means and CNN for Smart Home. In 2018 IEEE 8th Annual International Conference on CYBER Technology in Automation, Control, and Intelligent Systems (CYBER) (pp. 312-317). IEEE.