INTRUSION DETECTION SYSTEMS Edited by Pawel Skrobanek Intrusion Detection Systems Edited by Pawel Skrobanek Published by InTech Janeza Trdine 9, 51000 Rijeka, Croatia Copyright © 2011 InTech All chapters are Open Access articles distributed under the Creative Commons Non Commercial Share Alike Attribution 3.0 license, which permits to copy, distribute, transmit, and adapt the work in any medium, so long as the original work is properly cited. After this work has been published by InTech, authors have the right to republish it, in whole or part, in any publication of which they are the author, and to make other personal use of the work. Any republication, referencing or personal use of the work must explicitly identify the original source. Statements and opinions expressed in the chapters are these of the individual contributors and not necessarily those of the editors or publisher. No responsibility is accepted for the accuracy of information contained in the published articles. The publisher assumes no responsibility for any damage or injury to persons or property arising out of the use of any materials, instructions, methods or ideas contained in the book. Publishing Process Manager Ana Nikolic Technical Editor Teodora Smiljanic Cover Designer Martina Sirotic Image Copyright Sean Gladwell, 2010. Used under license from Shutterstock.com First published March, 2011 Printed in India A free online edition of this book is available at www.intechopen.com Additional hard copies can be obtained from orders@intechweb.org Intrusion Detection Systems, Edited by Pawel Skrobanek p. cm. ISBN 978-953-307-167-1 free online editions of InTech Books and Journals can be found at www.intechopen.com Part 1 Chapter 1 Chapter 2 Part 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Part 3 Chapter 7 Preface IX The Role of IDS for Global Network - An Overview of Methods, Cyber Security, Trends 1 Internet Epidemics: Attacks, Detection and Defenses, and Trends 3 Zesheng Chen and Chao Chen Anomaly Based Intrusion Detection and Artificial Intelligence 19 Benoît Morel Solutions and New Possibilities of IDS Constructed Based on Agent Systems 39 A Sustainable Component of Intrusion Detection System using Survival Architecture on Mobile Agent 41 Sartid Vongpradhip and Wichet Plaimart Advanced Methods for Botnet Intrusion Detection Systems 55 Son T. Vuong and Mohammed S. Alam Social Network Approach to Anomaly Detection in Network Systems 81 Grzegorz Kołaczek and Agnieszka Prusiewicz An Agent Based Intrusion Detection System with Internal Security 97 Rafael Páez Data Processing Techniques and Other Algorithms using Intrusion Detection Systems – Simultaneously Analysis Different Detection Approach 115 Intrusion Detection System and Artificial Intelligent 117 Khattab M. Alheeti Contents Contents VI Hybrid Intrusion Detection Systems (HIDS) using Fuzzy Logic 135 Bharanidharan Shanmugam and Norbik Bashah Idris Integral Misuse and Anomaly Detection and Prevention System 155 Yoseba K. Penya, Igor Ruiz-Agúndez and Pablo G. Bringas Correlation Analysis Between Honeypot Data and IDS Alerts Using One-class SVM 173 Jungsuk Song, Hiroki Takakura, Yasuo Okabe and Yongjin Kwon IDS Dedicated Mobile Networks – Design, Detection, Protection and Solutions 193 A Survey on new Threats and Countermeasures on Emerging Networks 195 Jacques Saraydayran, Fatiha Benali and Luc Paffumi Designs of a Secure Wireless LAN Access Technique and an Intrusion Detection System for Home Network 217 Taesub Kim, Yikang Kim, Byungbog Lee, Seungwan Ryu and Choongho Cho Lightweight Intrusion Detection for Wireless Sensor Networks 233 Eui-Nam Huh and Tran Hong Hai Other Aspects of IDS 253 An Intrusion Detection Technique Based on Discrete Binary Communication Channels 255 Ampah, N. K., Akujuobi, C. M. and Annamalai, A. Signal Processing Methodology for Network Anomaly Detection 277 Rafał Renk, Michał Choraś, Łukasz Saganowski and Witold Hołubowicz Graphics Processor-based High Performance Pattern Matching Mechanism for Network Intrusion Detection 287 Nen-Fu Huang, Yen-Ming Chu and Hsien-Wen Hsu Analysis of Timing Requirements for Intrusion Detection and Prevention using Fault Tree with Time Dependencies 307 Pawel Skrobanek and Marek Woda Chapter 8 Chapter 9 Chapter 10 Part 4 Chapter 11 Chapter 12 Chapter 13 Part 5 Chapter 14 Chapter 15 Chapter 16 Chapter 17 Pref ac e In contrast to the typical books, this publication was created as a collection of papers of various authors from many centers around the world. The idea to show the latest achievements this way allowed for an interesting and comprehensive presentation of the area of intrusion detection systems. There is no need for convincing how important such systems are. Lately we have all witnessed exciting events related to the publica- tion of information by WikiLeaks that resulted in increasing of various types of activi- ties, both supporters and opponents of the portal. Typically, the structure of a publication is planned at the beginning of a creation pro- cess, but in this situation, it reached its fi nal shape with the completion of the content. This solution, however interesting, causes diffi culties in categorization of papers. The current structure of the chapters refl ects the key aspects discussed in the papers but the papers themselves contain more additional interesting information: examples of a practical application and results obtained for existing networks as well as results of experiments confi rming effi cacy of a synergistic analysis of anomaly detection and signature detection, and application of interesting solutions, such as an analysis of the anomalies of user behaviors and many others. I hope that all this will make this book interesting and useful. 2011 Pawel Skrobanek Institute of Computer Science, Automatic Control, and Robotics Wroclaw University of Technology, Wroclaw, Poland [...]... Epidemic Attacks, Detection and Defenses, and Trends Trends Games IPv6 Mobile Destination Middle Source Detection and Defenses Internet Epidemics: Attacks, Detection and Defenses, Trends Internet Epidemics: Attacks, Detection and Defenses, and and Trends 3 5 Fig 1 A Taxonomy of Internet Epidemic Attacks, Detection and Defenses, and Trends 4 6 Intrusion Detection Systems Intrusion Detection Systems and scans... epidemic detection and defenses To counteract notorious epidemics, many detection and defense methods have been studied in recent years Based on the location of detectors, we classify these methods into the following three categories The top-right of Figure 1 summarizes our taxonomy of Internet epidemic detection and defenses 10 12 Intrusion Detection Systems Intrusion Detection Systems 3.1 Source detection. .. chapter, we survey and classify Internet epidemic attacks, detection and defenses, and trends, with an emphasis on Internet epidemic attacks The remainder of this chapter 2 4 Intrusion Detection Systems Intrusion Detection Systems is structured as follows Section 2 proposes a taxonomy of Internet epidemic attacks Section 3 discusses detection and defense systems against Internet epidemics Section 4 predicts... /security /home.html (Aug./2010 accessed) [53] Darknet [Online] Available: http://www.cymru.com/Darknet/ (Oct./2010 accessed) [54] Distributed Intrusion Detection System (DShield), http://www.dshield.org/ 16 18 Intrusion Detection Systems Intrusion Detection Systems (Oct./2010 accessed) [55] Honeypots: Tracking Hackers [Online] Available: http : // www tracking - hackers com/ (Oct./2010 accessed)... “Worm detection, early warning and response based on local victim information,” in Proc 20th Ann Computer Security Applications Conf (ACSAC’04), Tucson, AZ, Dec 2004 [17] J Jung, V Paxson, A Berger, and H Balakrishnan, “Fast portscan detection using sequential hypothesis testing,” in Proc of IEEE Symposium on Security and Privacy, Oakland, CA, May 2004 14 16 Intrusion Detection Systems Intrusion Detection. .. work One can find many papers dealing with intrusion detection and using the word "AI" in their title By AI, often is meant data mining, neural network, fuzzy logic (Idris et al 2005), 24 Intrusion Detection Systems Hidden Markov Model (Choy and Cho, 2001), self-organizing maps and the like Considering that all these papers deal with anomaly-based intrusion detection, the key figure of merit to gauge... is defined as the total number of worm scans (38) Specifically, assuming that a worm uses a constant scanning rate s and infects I (t) machines at time t, we can approximate 8 10 Intrusion Detection Systems Intrusion Detection Systems 4 6 x 10 OSS Optimal IS Number of infected hosts 5 4 3 2 1 0 0 20 40 60 80 Time t (second) 100 120 Fig 4 Comparison of OSS and optimal IS (the vulnerable-host population... of infected hosts at time t for these two methods, I A (t) and IB (t), have the following relationship: I A (t) ≥ IB (t) for ∀t ≥ 0, then method A has a higher propagation 6 8 Intrusion Detection Systems Intrusion Detection Systems 5 4 x 10 Number of infected hosts 3.5 3 2.5 2 1.5 IS LS RoS HS RS 1 0.5 0 0 0.5 1 1.5 2 Time (second) 2.5 3 3.5 4 x 10 Fig 2 Epidemic propagation speeds of different scanning... we focus on intrusion detection But there is a role for Artificial Intelligence practically everywhere in cybersecurity, The aspect of the problem that Intrusion Detection addresses is to alert users or networks that they are under attack or as is the case with web application may not even involve any malware but is based on abusing a protocol What kind of attributes should an Intrusion Detection System... (IDS) have to provide that kind of protection? It should be intelligent, hence the interest in AI The idea of using AI in intrusion detection is not new In fact it is, now decades old, i.e almost as old as the field of intrusion detection Still today AI is not used intensely in intrusion detection That AI could potentially improve radically the performance of IDS is obvious, but what is less obvious is . INTRUSION DETECTION SYSTEMS Edited by Pawel Skrobanek Intrusion Detection Systems Edited by Pawel Skrobanek Published by InTech Janeza. Intrusion Detection Systems 55 Son T. Vuong and Mohammed S. Alam Social Network Approach to Anomaly Detection in Network Systems 81 Grzegorz Kołaczek and Agnieszka Prusiewicz An Agent Based Intrusion. Intrusion Detection System with Internal Security 97 Rafael Páez Data Processing Techniques and Other Algorithms using Intrusion Detection Systems – Simultaneously Analysis Different Detection