Network-based Hybrid Intrusion Detection and Honeysystems as Active Reaction Schemes

Pedro García-Teodoro; Jesús Esteban Díaz Verdejo; Gabriel Maciá-Fernández; Leovigildo Sánchez Casado

Abstract:

This paper presents some proposals and contributions in network-based intrusion-related technologies. Two key points are discussed in this line: anomaly-based intrusion detection, and active response mechanisms. The first issue is mainly focused on the consideration of a stochastic approach to model the normal behavior of the network system to be monitored and protected. This anomaly-based detection methodology is combined with a signature-based one, thus resulting in a hybrid detection system, in order to improve the overall detection throughput. On the other hand, a honeysystem-based approach is also introduced to deal with the development of a pro-active response mechanism in the context of intrusion detection technologies. Both of the aspects, detection and reaction, will be studied as functional modules of an integral intrusion platform developed from a current available IDS tool.

Research areas:

• Ethical hacking and digital forensics

Year:

2007

Type of Publication:

Article

Journal:

International Journal of Computer Science and Network Security, IJCSNS

Volume:

7

Number:

10

Pages:

62-70

ISSN:

1738-7906