Downloads: 157 | Views: 300 | Weekly Hits: ⮙1 | Monthly Hits: ⮙1
Research Paper | Computer Science & Engineering | India | Volume 7 Issue 3, March 2018 | Popularity: 7.2 / 10
Analysis and Design Modeling for Next Generation Network Intrusion Protection Systems
Nareshkumar Harale, B. B. Meshram
Abstract: the continued exponential growth of successful cyber intrusions against todays businesses has made it abundantly clear that traditional perimeter security measures are no longer effective. We evolved the network trust architecture from trust-untrust to Zero-Trust, With Zero Trust, essential security capabilities are deployed in a way that provides policy enforcement and protection for all users, devices, applications, data resources, and the communications traffic between them, regardless of location. Information exchange over the Internet, in spite of inclusion of advanced security controls, is always under innovative, inventive and prone to cyberattacks. TCP/IP protocol stack, the adapted standard for communication over network, suffers from inherent design vulnerabilities such as communication and session management protocols, routing protocols and security protocols are the major cause of major attacks. With the explosion of cyber security threats, such as viruses, worms, rootkits, malwares, Denial of Service attacks, accomplishing efficient and effective intrusion detection and prevention is become crucial and challenging too. In this paper, we propose a design and analysis model for next generation network intrusion detection and protection system as part of layered security strategy. The proposed system design provides intrusion detection for wide range of attacks with layered architecture and framework. The proposed network intrusion classification framework deals with cyberattacks on standard TCP/IP protocol, routing protocols and security protocols. It thereby forms the basis for detection of attack classes and applies signature based matching for known cyberattacks and data mining based machine learning approaches for unknown cyberattacks. Our proposed implemented software can effectively detect attacks even when malicious connections are hidden within normal events. The unsupervised learning algorithm applied to network audit data trails results in unknown intrusion detection. Association rule mining algorithms generate new rules from collected audit trail data resulting in increased intrusion prevention though integrated firewall systems. Intrusion response mechanisms can be initiated in real-time thereby minimizing the impact of network intrusions. Finally, we have shown that our approach can be validated and how the analysis results can be used for detecting and protection from the new network anomalies.
Keywords: Intrusion System, Network Intrusion Detection, Intrusion Prevention, Firewall system, Data Mining, Association rule, Network Security
Edition: Volume 7 Issue 3, March 2018
Pages: 651 - 658
Make Sure to Disable the Pop-Up Blocker of Web Browser
Similar Articles
Downloads: 137 | Weekly Hits: ⮙2 | Monthly Hits: ⮙3
Research Paper, Computer Science & Engineering, India, Volume 4 Issue 2, February 2015
Pages: 2246 - 2249Packet Analysis with Network Intrusion Detection System
Rashmi Hebbar, Mohan K
Downloads: 102
Research Paper, Computer Science & Engineering, India, Volume 4 Issue 5, May 2015
Pages: 2832 - 2836Minimization of DDoS Attack using Firecol an Intrusion Prevention System
Bhagyashri Kotame, Shrinivas Sonkar
Downloads: 104
Research Paper, Computer Science & Engineering, India, Volume 4 Issue 4, April 2015
Pages: 1747 - 1751Identification and Avoidance of DDoS Attack for Secured Data Communicationin Cloud
Aaqib Iqbal Wani, Janaki Raman V., N. Priya
Downloads: 106
Comparative Studies, Computer Science & Engineering, India, Volume 4 Issue 4, April 2015
Pages: 1966 - 1971Comparative Analysis of Hybrid Intrusion Detection System and Intrusion Prevention System for MANET
Pallavi P Puri, Nitin R. Chopde
Downloads: 109
Survey Paper, Computer Science & Engineering, India, Volume 3 Issue 11, November 2014
Pages: 2071 - 2074Survey on DDoS Attack in Cloud Network
Monalisa Shinde, Shripadrao Biradar