StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Anomaly Detection Scheme for Prevention of Collaborative Attacks - Dissertation Example

Cite this document
Summary
The paper "Anomaly Detection Scheme for Prevention of Collaborative Attacks" highlights that computer systems provide very essential functionalities but are very susceptible to collaborative attacks. The current manual signatures are ineffective in detecting and counteracting these attacks…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.5% of users find it useful
Anomaly Detection Scheme for Prevention of Collaborative Attacks
Read Text Preview

Extract of sample "Anomaly Detection Scheme for Prevention of Collaborative Attacks"

? Anomaly Detection Scheme for Prevention of Collaborative Attacks 23rd Feb, Anomaly Detection Scheme for Prevention of Collaborative Attacks According to Kumar (1995), computer systems are a very important part of day-to-day life. They offer support systems to the operations of humans. They need care and protection against both external and internal attacks. Collaborative attacks occur in a system where more than one running processes collaborate or synchronize their actions to disturb a system. These systems can be networks, ISP core or P2P systems. Some of the attackers that can collaborate to paralyze a system include, Denial of Messages attacks in which corrupt nodes interfere with radio signals of the genuine nodes thus preventing them from receiving messages. Secondly, Sybil attacks in which users acquire multiple fake identities, controls various nodes of the system, and eventually controls its decisions. Finally malicious flooding where a malicious node floods the system with messages. These attackers have various characteristics that lead to inefficiency of a system. They can cause disruptions at short intervals making the system very slow to respond to any action or they can concentrate at various nodes to cause confusion to the anomaly detection system that is in place. An anomaly is the unusual or unexpected behaviors in an information system .Anomalies violate the security policies of a system and they need early detection and counteraction else, they translate into real life negative situations. An anomaly detection scheme is a technical mechanism used to protect a computer infrastructure from attacks. Recently, there are several attack detection schemes. In order to benefit fully from, the anomaly detection concept, there should be additional security features like the authentication and access control protocols. An attack Detection System is a very important part of the entire system when developed with security in mind. The Anomaly Detection Schemes is not a new concept but it is in various applications with a promise of viable results. Lazarevic et al. (2003) compared various Anomaly Detection Schemes in a network to perform execution of data that was suspicious. Most of the organizations have adopted a system that suits them in detection and prevention of attacks .An example of such a system is the Intrusion Prevention System, which is very useful in preventing the Distributed Denial of Service attacks. Detection and prevention of the collaborative attacks depends on several factors. Another such system is the STAND system, which is an improved version of CAD sensors discussed later in the prose. Change in time domain: All detection schemes require enough time for discovery of the attack and reaction to it. The attacks can be automatic, manual or semi-automatic. Automatic attacks leave no communication duration to the machine that is about to take place. The time parameters that determine the effect of an attack are reaction time; detection time and the response time. Many of the attackers make use of slow time dynamics of transmission time out. Here the attacker sends short-term bursts. In order to overcome the attackers in good time, there should be a means for real-time attack classification and a defense mechanism. This means that data mining by the detection system should be real-time, putting into consideration efficiency, accuracy, and usability, (Axelsson, 1999). To ensure high accuracy in a short time, data mining process uses programs that analyze the data and at the same time distinguish between genuine actions and malicious attacks. To ensure high efficiency, the costs of the extracted features are calculated and the cost approach is useful in production of efficient detection model. Usability improvement is by adapting algorithms that that facilitate fast updating of the system to enhance quick attack detection (Barbara et al., 2001; Barbara et al., 2002). Audit data analysis and mining (ADAM) is the system that proposes use of data mining methods and detects abnormalities in the audit data. A good example is the program researched and documented by Barbara et al. (2001) which is used to check the data and store the packets that are transmitted and along the network. ADAM, can in a very flexible manner, represent known patterns in a network while detecting the unknown attack patterns which cannot be detected using others. Second in this line is the system level visualization. This is the integration of a system’s requirements like hardware and software with the appropriate technology to overcome collaborative attacks. Some systems are beyond protection by the traditional intrusions detection systems (SANS Institute, 1999). Therefore, the mitigation of the attacks is by analyzing visual patterns using several visualization tools that are in place for use in early detection of attacks. These tools include detectors, sensors and data warehouses to improve scalability and efficiency of the anomaly detection systems as well as to enhance sharing of data to update the system. When using sensors, exchange of information happens in real-time while ensuring that data structure is intact. The amount of data reduces by filtering the high entropies. When a sensor detects an attack, it tries to match the attacker’s packet with the signature database of the attack. The sensor reports a match of the two to the console and takes an action depending on its configuration. Some of the actions include sending an alert email to an administrator or resetting the connection of the TCP, (Chiang et al., 2004). A data warehouse in this case is useful for analysis, which is necessary for decision making about dealing with attacks and forecasting. Finally, the selection of heterogeneous threshold is very crucial. According to King et al. (2004), it is a set of discretized cut-off points used to model statistically someone’s response to certain issues. Detection and prevention of collaborative attacks in systems highly focuses on selection of heterogeneous threshold. This means that different systems need to have stability as a means of being able to handle large amounts of data and detect attacks at different levels. The heterogeneity ability of a system makes it able to share data with other systems and enable attack detection if the anomaly exceeds a certain selected threshold. One of the methods adopted to explain how heterogeneous threshold offers solution to the problem of collaborative attack, is the Computer Immunological Method. This method based on the ability of a heterogeneous system to differentiate self and non-self (Hofmeyr et al., 1998). In this case, self is a set of strings with a length k, and the same string is non-self if there is no match with any of the strings in the self. If there is a match, the newly generated string is useless; else, it becomes a detector for differentiating self and non-self. According to Forrest et al. (1998), this was a problem and he proposed a z-bits rule for differentiating self and non-self whereby two k-bit strings can only match if only they resemble in z positions. Hofmeyr et al. (1998) also came up with a proposal of using short system calls in differentiating the self and non-self. The immunological method uses a program to collect a database of all unique short calls in the sequence over a certain period (Manila et al., 1995). It then extracts the subsequences that are of length k and computes the distance p minimum (t) between each subsequence t and the database. This calculation is expressed as: p minimum (t) =minimum [p (t, s); where s represents all the sequences in the normal database and p (t, s) represents the distance between sequences [t, s]. If there is an anomaly in any of the elements of the system, this approach detects it and raises an alarm is the set score goes beyond the selected maximum threshold. This method has a high probability to detect system attacks and it has an advantage that it does not need pre-attacks knowledge. Conclusion Computer systems and their applications provide very essential functionalities but are very susceptible to collaborative attacks. The current manual signatures are ineffective in detecting and counteracting these attacks. To efficiently deal with these problems, use of Content Anomaly Detection alerts is the most applicable way (Ghosh et al., 1998). CAD decreases false positives and increases true positives as explained in the context. References Axelsson, S. (1999). Research in intrusion-detection systems: A survey. Technical report TR 98-17.Goteborg, Sweden: Department of Computer Engineering, Chalmers University of Technology. Barbara, D., Couto, J., Jajodia, S., & Wu, N. (2002).An architecture for anomaly detection. In D. Barbara & S. Jajodia (Eds.),Applications of Data Mining in Computer Security (pp. 63--76). Boston: Kluwer Academic. Ghosh, A., Wanken, J., & Charron, F. (1998).Detecting anomalous and unknown intrusions against programs. In K. Keus (Ed), Proceedings of the 14th annual computer security applications conference (pp. 259--267). Los Alamitos, CA: IEEE Computer Society, Hofmeyr, S., Forrest, S., & Somayaji, A. (1998). Intrusion detection using sequences of system calls. Journal of Computer Security, 6: 151--180. Kumar, S., (1995). Classification and detection of computer intrusions. Unpublished doctoral dissertation, Purdue University. King G., Murray C., Salomon A. & Tandon A. (2004).Enhancing the validity and cross-cultural comparability of measurement in survey research. American Political Science Review, 98: 191–207. Lazarevic, A., Ozgur, A., Ertoz, L., Srivastava, J., Kumar, V. (2003). A comparative study of anomaly detection schemes in network intrusion detection. Buenos Aires: SIAM International Conference on Data Mining. Chiang, M., Zilic, Z., Chenard, J. & Radecka, K. (2004). Architectures of Increased Availability Wireless Sensor Network Nodes. Anaheim, CA: International Test Conference, IEEE. Mannila, H., Toivonen, H., &Verkamo, A. (1995).Discovering frequent episodes in sequences. Menlo Park, CA: AAAI Press. SANS Institute. (1999). Intrusion Detection Systems: Definition, Need and Challenges. Retrieved from http://secinf.net/info/ids/nvh_ids/. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“An Anomaly Detection Scheme for prevention of collaborative attacks Dissertation”, n.d.)
An Anomaly Detection Scheme for prevention of collaborative attacks Dissertation. Retrieved from https://studentshare.org/information-technology/1468731-an-anomaly-detection-scheme-for-prevention-of
(An Anomaly Detection Scheme for Prevention of Collaborative Attacks Dissertation)
An Anomaly Detection Scheme for Prevention of Collaborative Attacks Dissertation. https://studentshare.org/information-technology/1468731-an-anomaly-detection-scheme-for-prevention-of.
“An Anomaly Detection Scheme for Prevention of Collaborative Attacks Dissertation”, n.d. https://studentshare.org/information-technology/1468731-an-anomaly-detection-scheme-for-prevention-of.
  • Cited: 0 times

CHECK THESE SAMPLES OF Anomaly Detection Scheme for Prevention of Collaborative Attacks

Advantages of Internet Along with its Issues

This literature review "Advantages of Internet Along with its Issues" provides advantages of the internet and issues which relate to viruses, and hacking.... After summarizing these terminologies, identity theft was defined along with its different dimensional issues including identity theft.... ...
18 Pages (4500 words) Literature review

Integrating Modern Security Mangers into a Corporate Organisation

While living in caves, humans were fearful and had a strong sense of possible attacks from animals or any other hostile entity.... As the paper "Integrating Modern Security Mangers into a Corporate Organisation" tells, the concept of security is not new in its strict sense.... Historically, the concept of security was there as it has a direct link with one of the emotions-fear....
42 Pages (10500 words) Dissertation

Anomaly Detection Scheme for Prevention of Online Attacks

The paper 'anomaly detection scheme for prevention of Online Attacks' will look at detection of time-domain change, which is essential in recognizing availability of a possible attack.... This is called a detection scheme.... The coming attacks may also be blocked by an automated program in the system.... Updating should always be done to facilitate prompt detection of attacks.... Multiple attacks are easily displayed and tracked down from their sources....
5 Pages (1250 words) Dissertation

Risk Assessment for Incident Management Group

The second step is to take the asset owners on board and define an asset classification scheme.... This asset classification scheme defines the severity of all assets along with a value.... The paper "Risk Assessment for Incident Management Group " resumes GFI's computer network has to address many challenges to secure the information residing on the network assets....
11 Pages (2750 words) Case Study

Network and computer intrusion threats

This research proposal is pertaining to collaborative assessment of network and computer intrusion threats by carrying out intrusion profiling.... ame and HyperlinkTable 1Format of analysis of the outcome of surveyTABLE 2The proposed time table for the researchIntroduction:This research is targeted to establish a detailed methodology of network intrusion profiling such that security policies on collaborative IDPS frameworks can be implemented....
39 Pages (9750 words) Essay

Information Security Practice In The Company Activity

Therefore, a more sophisticated way of combating these attacks must be implemented, and intruder profiling is one of this method.... Hackers carry out organized attacks on web-enabled systems using advanced software programs and techniques.... According to Olson (2011), the purpose of such attacks can be myriad– fun, community interests, competition activity, data breaches, service disruption or sabotaging networks in order to implement more offensive warfare....
60 Pages (15000 words) Dissertation

Romania Risk Assessment

.... ... ... Romania Risk Assessment Part 1: Give your overall justified rating of the top ten priorities for Government to act upon.... Next place the risks on a risk matrix.... Make any appropriate conclusions.... ntroduction Romania is exposed to a number of natural Romania Risk Assessment Part 1: Give your overall justified rating of the top ten priorities for Government to act upon....
27 Pages (6750 words) Assignment

Android Malware Detection and Prevention Techniques

This literature review "Android Malware Detection and prevention Techniques" provides a thorough review of current approaches for analysis of Android security.... It offers the basic taxonomy to be used for categorizing research approaches and assessment mechanisms of Android security....
28 Pages (7000 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us