earticle

영어

The rapid increase in advanced persistent threats in the cyber space engenders full attention to the use of intrusion detection with emphasis on Artificial Intelligence-based intrusion detection systems as a mitigation mechanism. The sharp increase in attack surfaces can be partially attributed to the fact that Internet becomes the de facto means of converged communications and online transactions accommodating different types of services under the same scheme. Most current intrusion detection systems (IDS) deploy signature patterns of known attacks and anomaly detection approaches in detecting intrusions in an attempt to reduce the computational complexity introduced by large scale data sets. However, these approaches have been proved to be inadequate to detect novel attacks often resulting in a high false positive rate. This research will therefore seek to address the issue of detecting persistent network threats by combining the approaches of misuse and anomaly detection in one system. Our algorithm incorporates the concept of active response against all four broad attack types analyzed in the literature to realize another algorithm for intrusion detection and prevention as well as active response called HYBRITQ-4. The algorithm introduces a mechanism for classifying packets based on protocol information to enhance pattern searches and matching when detecting abnormal packets. Findings from our investigation suggest that the proposed algorithm can efficiently improve the detection rate, false positive rate and accuracy of detecting intrusions in patterns of known and novel attacks.