Artificial Intelligence and Data Mining Approaches in Security Frameworks. Группа авторов

Чтение книги онлайн.

Читать онлайн книгу Artificial Intelligence and Data Mining Approaches in Security Frameworks - Группа авторов страница 15

Artificial Intelligence and Data Mining Approaches in Security Frameworks - Группа авторов

Скачать книгу

2.3 An overview of intrusion detection system (IDS).

      All the three components of an intrusion detection system can be integrated into a single device.

      2.5.1 Types of IDS

      Detection of an intrusion could be done either on a network or with an individual system and therefore we have three types of IDS, namely: Network Based, Host Based and Hybrid IDS.

       2.5.1.1 Network-Based IDS

      Advantages

      Following are the advantages of a Network-Based IDS:

      1 They can be made invisible to improve the security against attacks.

      2 Large size of networks can be monitored by network-based IDS.

      3 This IDS can give better output deprived of upsetting the usual working of a network.

      4 It is easy to fit in an IDS into an existing network.

      Limitations

      Limitations of Network-Based IDS are as follows:

      1 Virtual private networks encrypted information cannot be analysed with network-based IDS.

      2 Successful implementation of network-based IDS is based on the intermediate switches present in the network.

      3 Network-based IDS would be unstable and crash when the attackers splinter their packets and release them.

       2.5.1.2 Host-Based IDS

      Advantages

      Following are the advantages of Host-Based IDS:

      1 It can perceive even those attacks that are not detected by a Network-Based IDS.

      2 For the detection of attacks concerning software integrity breaches, it works on audit log trails of operating system.

      Disadvantages

      Disadvantages of Host-Based IDS are as follows:

      1 Various types of DoS (Denial of Service) attacks can disable the Host-Based IDs.

      2 Attacks that target the network cannot be detected by host-based IDS.

      3 To configure and manage every individual system is very difficult.

       2.5.1.3 Hybrid IDS

      It is a combination of network and host-based IDS to form a structure for next-generation intrusion detection systems. This arrangement is generally known as a fusion/hybrid intrusion detection system. By adding network based and host-based IDS, it would significantly improve resistance against few more attacks. Data mining techniques required for IDS are Pattern Matching, Classification and Feature Selection Pattern Matching.

      It is a kind of social engineering attack generally used to filch data of a user, like login credentials and credit card numbers. To cover up honest websites, forged websites are usually formed by fraudulent people. Due to phishing activities of attackers, users mistakenly lose their money. Therefore, a critical step must be taken for the protection of online trading. Goodness of the extracted features denotes the prediction and classification accuracy of a website. An anti-phishing tool is used by most of the internet users to feel safe against phishing attacks. Anti-phishing tool is required to predict accurate phishing. Content parts of phishing websites along with security indicators may have a set of clues within the browsers. Various methods have been proposed to handle the problem of phishing. For predicting phishing attacks, rule-based classification, which is a data mining technique, is used as a proficient method for prediction. If an attacker is sending an email to victims by requesting them to reveal their personal information, it is an indication of phishing. To create phishing websites with proper trick, a set of mutual features are used by phishers. We can distinguish between phishy and non-phishy websites on the basis of extracted features of that visited website.

      Identification of phishing sites can be done with the help of two approaches:

      1 i) Blacklist based: It includes comparative analysis of the URL, i.e., requested along with other URLs which are present in that list.

      2 ii) Heuristic based: Certain features from various websites are collected and labeled as either as phishy or genuine.

      There

Скачать книгу