Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Ensemble Defense System: A Hybrid IDS Approach for Effective Cyber Threat Detection (2401.03491v1)

Published 7 Jan 2024 in cs.CR

Abstract: Sophisticated cyber attacks present significant challenges for organizations in detecting and preventing such threats. To address this critical need for advanced defense mechanisms, we propose an Ensemble Defense System (EDS). An EDS is a cybersecurity framework aggregating multiple security tools designed to monitor and alert an organization during cyber attacks. The proposed EDS leverages a comprehensive range of Intrusion Detection System (IDS) capabilities by introducing a hybrid of signature-based IDS and anomaly-based IDS tools. It also incorporates Elasticsearch, an open-source Security Information and Event Management (SIEM) tool, to facilitate data analysis and interactive visualization of alerts generated from IDSs. The effectiveness of the EDS is evaluated through a payload from a bash script that executes various attacks, including port scanning, privilege escalation, and Denial-of-Service (DoS). The evaluation demonstrates the EDS's ability to detect diverse cyber attacks.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (30)
  1. J. Wang, J. Pan, I. AlQerm, and Y. Liu, “Def-ids: An ensemble defense mechanism against adversarial attacks for deep learning-based network intrusion detection,” in 2021 International Conference on Computer Communications and Networks (ICCCN), 2021, pp. 1–9.
  2. G. Vigna and R. A. Kemmerer, “Netstat: A network-based intrusion detection system,” J. Comput. Secur., vol. 7, no. 1, p. 37–71, jan 1999.
  3. M. Ozkan-Okay, R. Samet, . Aslan, and D. Gupta, “A comprehensive systematic literature review on intrusion detection systems,” IEEE Access, vol. 9, pp. 157 727–157 760, 2021.
  4. Y. Otoum and A. Nayak, “As-ids: Anomaly and signature based ids for the internet of things,” J. Netw. Syst. Manage., vol. 29, no. 3, jul 2021. [Online]. Available: https://doi.org/10.1007/s10922-021-09589-6
  5. P. García-Teodoro, J. Díaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, “Anomaly-based network intrusion detection: Techniques, systems and challenges,” Computers & Security, vol. 28, no. 1, pp. 18–28, 2009. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0167404808000692
  6. O. Depren, M. Topallar, E. Anarim, and M. K. Ciliz, “An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks,” Expert Systems with Applications, vol. 29, no. 4, pp. 713–722, 2005. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0957417405000989
  7. K. Q. Yan, S.-C. Wang, and C. W. Liu, “A hybrid intrusion detection system of cluster-based wireless sensor networks,” 2009.
  8. A. Abduvaliyev, S. Lee, and Y.-K. Lee, “Energy efficient hybrid intrusion detection system for wireless sensor networks,” in 2010 International Conference on Electronics and Information Engineering, vol. 2, 2010, pp. V2–25–V2–29.
  9. O. Negoita and M. Carabas, “Enhanced security using elasticsearch and machine learning,” pp. 244–254, 07 2020.
  10. Snort Project, “Snort,” https://www.snort.org/.
  11. Elastic, “What is elasticsearch machine learning?” https://www.elastic.co/what-is/elasticsearch-machine-learning.
  12. D. F. Priambodo, Amiruddin, and N. Trianto, “Hardening a work from home network with wireguard and suricata,” in 2021 International Conference on Computer Science and Engineering (IC2SE), vol. 1, 2021, pp. 1–4.
  13. WireGuard, “WireGuard,” https://www.wireguard.com/.
  14. Open Information Security Foundation, “Suricata,” https://suricata.io/.
  15. Elastic, “elk,” https://www.elastic.co/elasticsearch/.
  16. ——, “Logstash,” https://www.elastic.co/logstash/, 2021.
  17. ——, “Kibana,” https://www.elastic.co/kibana/, 2021.
  18. “Nmap - the Network Mapper,” https://nmap.org/.
  19. A. Esseghir, F. Kamoun, and O. Hraiech, “Aker: An open-source security platform integrating ids and siem functions with encrypted traffic analytic capability,” Journal of Cyber Security Technology, vol. 6, no. 1-2, pp. 27–64, 2022. [Online]. Available: https://doi.org/10.1080/23742917.2022.2058836
  20. The Zeek Development Team, “Zeek network security monitor,” https://zeek.org/, 2021.
  21. A. R. Muhammad, P. Sukarno, and A. A. Wardana, “Integrated security information and event management (siem) with intrusion detection system (ids) for live analysis based on machine learning,” Procedia Computer Science, vol. 217, pp. 1406–1415, 2023, 4th International Conference on Industry 4.0 and Smart Manufacturing. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1877050922024243
  22. Stratosphere Project, “Stratospherelinuxips - intrusion detection and prevention system,” https://github.com/stratosphereips/StratosphereLinuxIPS.
  23. Docker, “Docker documentation,” https://docs.docker.com/.
  24. Elastic, “filebeat,” https://www.elastic.co/beats/filebeat, 2021.
  25. The OISF development team, “Suricata: Open source next generation intrusion detection and prevention engine,” https://suricata-ids.org/.
  26. Sarah Alh, “EDS,” https://github.com/SarahAlh/EDS.
  27. sullo, “nikto,” https://github.com/sullo/nikto.
  28. “Ping,” https://ping.com/en-us/.
  29. Antirez, “hping,” https://github.com/antirez/hping.
  30. sqlmap, “sqlmap,” https://sqlmap.org/.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (2)
  1. Sarah Alharbi (1 paper)
  2. Arshiya Khan (4 papers)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now