Autonomic agent-based self-managed intrusion detection and prevention system

A. Patel, Q. Qassim, Z. Shukor, J. Nogueira, J. Júnior, C. Wills

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    13 Citations (Scopus)

    Abstract

    Over the last fifteen years the world has experienced a wide variety of computer threats and general computer security problems. As communication advances and information management systems become more and more powerful and distributed, organizations are becoming increasingly vulnerable to potential security threats such as intrusions at all levels of Information Communication Technology (ICT). There is an urgency to provide secure and safe information security system through the use of firewalls, Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), encryption, authentication, and other hardware and software solutions. Many intrusion detection and prevention systems have been designed, but still there are significant drawbacks. Some of these drawbacks are low detection efficiency, inaccurate prevention schemes and high false alarm rates. Since IDSs and IPSs have become necessary security tools for detecting and preventing attacks on ICT resources, it is essential to upgrade the previous designs, techniques and methods to overcome flaws. Anomaly detection is an essential component of the detection mechanism against unknown attacks but this requires advanced techniques to be better and more effective. In this paper we put forward a new agent-based self-managed approach of anomaly intrusion prevention system based on risk assessment and managed by the principles of the Autonomic Computing (AC) concept, which has all the flavors of self-management. Applying AC will open up new frontiers, and enhance and improve the intrusion detection mechanism by not only protecting the system's information and assets but also to stop and prevent the breach before it happens. It can also assist in digital forensics and investigations.

    Original languageEnglish
    Title of host publicationProceedings of the South African Information Security Multi-Conference, SAISMC 2010
    PublisherPlymouth University
    Pages223-234
    Number of pages12
    ISBN (Print)9781841022567
    Publication statusPublished - 2010
    EventSouth African Information Security Multi-Conference, SAISMC 2010 - Port Elizabeth
    Duration: 17 May 201018 May 2010

    Other

    OtherSouth African Information Security Multi-Conference, SAISMC 2010
    CityPort Elizabeth
    Period17/5/1018/5/10

    Fingerprint

    Intrusion detection
    Security of data
    Communication
    Flavors
    Security systems
    Risk assessment
    Information management
    Authentication
    Computer hardware
    Cryptography
    Information systems
    Computer systems
    Defects

    Keywords

    • Anomaly detection
    • Autonomic computing
    • Information security
    • Intrusion detection
    • Intrusion prevention
    • Misuse detection
    • Self-management

    ASJC Scopus subject areas

    • Information Systems
    • Computer Networks and Communications
    • Software
    • Safety, Risk, Reliability and Quality

    Cite this

    Patel, A., Qassim, Q., Shukor, Z., Nogueira, J., Júnior, J., & Wills, C. (2010). Autonomic agent-based self-managed intrusion detection and prevention system. In Proceedings of the South African Information Security Multi-Conference, SAISMC 2010 (pp. 223-234). Plymouth University.

    Autonomic agent-based self-managed intrusion detection and prevention system. / Patel, A.; Qassim, Q.; Shukor, Z.; Nogueira, J.; Júnior, J.; Wills, C.

    Proceedings of the South African Information Security Multi-Conference, SAISMC 2010. Plymouth University, 2010. p. 223-234.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Patel, A, Qassim, Q, Shukor, Z, Nogueira, J, Júnior, J & Wills, C 2010, Autonomic agent-based self-managed intrusion detection and prevention system. in Proceedings of the South African Information Security Multi-Conference, SAISMC 2010. Plymouth University, pp. 223-234, South African Information Security Multi-Conference, SAISMC 2010, Port Elizabeth, 17/5/10.
    Patel A, Qassim Q, Shukor Z, Nogueira J, Júnior J, Wills C. Autonomic agent-based self-managed intrusion detection and prevention system. In Proceedings of the South African Information Security Multi-Conference, SAISMC 2010. Plymouth University. 2010. p. 223-234
    Patel, A. ; Qassim, Q. ; Shukor, Z. ; Nogueira, J. ; Júnior, J. ; Wills, C. / Autonomic agent-based self-managed intrusion detection and prevention system. Proceedings of the South African Information Security Multi-Conference, SAISMC 2010. Plymouth University, 2010. pp. 223-234
    @inproceedings{30fff500fd03450b8aaec20ed8001f0e,
    title = "Autonomic agent-based self-managed intrusion detection and prevention system",
    abstract = "Over the last fifteen years the world has experienced a wide variety of computer threats and general computer security problems. As communication advances and information management systems become more and more powerful and distributed, organizations are becoming increasingly vulnerable to potential security threats such as intrusions at all levels of Information Communication Technology (ICT). There is an urgency to provide secure and safe information security system through the use of firewalls, Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), encryption, authentication, and other hardware and software solutions. Many intrusion detection and prevention systems have been designed, but still there are significant drawbacks. Some of these drawbacks are low detection efficiency, inaccurate prevention schemes and high false alarm rates. Since IDSs and IPSs have become necessary security tools for detecting and preventing attacks on ICT resources, it is essential to upgrade the previous designs, techniques and methods to overcome flaws. Anomaly detection is an essential component of the detection mechanism against unknown attacks but this requires advanced techniques to be better and more effective. In this paper we put forward a new agent-based self-managed approach of anomaly intrusion prevention system based on risk assessment and managed by the principles of the Autonomic Computing (AC) concept, which has all the flavors of self-management. Applying AC will open up new frontiers, and enhance and improve the intrusion detection mechanism by not only protecting the system's information and assets but also to stop and prevent the breach before it happens. It can also assist in digital forensics and investigations.",
    keywords = "Anomaly detection, Autonomic computing, Information security, Intrusion detection, Intrusion prevention, Misuse detection, Self-management",
    author = "A. Patel and Q. Qassim and Z. Shukor and J. Nogueira and J. J{\'u}nior and C. Wills",
    year = "2010",
    language = "English",
    isbn = "9781841022567",
    pages = "223--234",
    booktitle = "Proceedings of the South African Information Security Multi-Conference, SAISMC 2010",
    publisher = "Plymouth University",

    }

    TY - GEN

    T1 - Autonomic agent-based self-managed intrusion detection and prevention system

    AU - Patel, A.

    AU - Qassim, Q.

    AU - Shukor, Z.

    AU - Nogueira, J.

    AU - Júnior, J.

    AU - Wills, C.

    PY - 2010

    Y1 - 2010

    N2 - Over the last fifteen years the world has experienced a wide variety of computer threats and general computer security problems. As communication advances and information management systems become more and more powerful and distributed, organizations are becoming increasingly vulnerable to potential security threats such as intrusions at all levels of Information Communication Technology (ICT). There is an urgency to provide secure and safe information security system through the use of firewalls, Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), encryption, authentication, and other hardware and software solutions. Many intrusion detection and prevention systems have been designed, but still there are significant drawbacks. Some of these drawbacks are low detection efficiency, inaccurate prevention schemes and high false alarm rates. Since IDSs and IPSs have become necessary security tools for detecting and preventing attacks on ICT resources, it is essential to upgrade the previous designs, techniques and methods to overcome flaws. Anomaly detection is an essential component of the detection mechanism against unknown attacks but this requires advanced techniques to be better and more effective. In this paper we put forward a new agent-based self-managed approach of anomaly intrusion prevention system based on risk assessment and managed by the principles of the Autonomic Computing (AC) concept, which has all the flavors of self-management. Applying AC will open up new frontiers, and enhance and improve the intrusion detection mechanism by not only protecting the system's information and assets but also to stop and prevent the breach before it happens. It can also assist in digital forensics and investigations.

    AB - Over the last fifteen years the world has experienced a wide variety of computer threats and general computer security problems. As communication advances and information management systems become more and more powerful and distributed, organizations are becoming increasingly vulnerable to potential security threats such as intrusions at all levels of Information Communication Technology (ICT). There is an urgency to provide secure and safe information security system through the use of firewalls, Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs), encryption, authentication, and other hardware and software solutions. Many intrusion detection and prevention systems have been designed, but still there are significant drawbacks. Some of these drawbacks are low detection efficiency, inaccurate prevention schemes and high false alarm rates. Since IDSs and IPSs have become necessary security tools for detecting and preventing attacks on ICT resources, it is essential to upgrade the previous designs, techniques and methods to overcome flaws. Anomaly detection is an essential component of the detection mechanism against unknown attacks but this requires advanced techniques to be better and more effective. In this paper we put forward a new agent-based self-managed approach of anomaly intrusion prevention system based on risk assessment and managed by the principles of the Autonomic Computing (AC) concept, which has all the flavors of self-management. Applying AC will open up new frontiers, and enhance and improve the intrusion detection mechanism by not only protecting the system's information and assets but also to stop and prevent the breach before it happens. It can also assist in digital forensics and investigations.

    KW - Anomaly detection

    KW - Autonomic computing

    KW - Information security

    KW - Intrusion detection

    KW - Intrusion prevention

    KW - Misuse detection

    KW - Self-management

    UR - http://www.scopus.com/inward/record.url?scp=84926184444&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84926184444&partnerID=8YFLogxK

    M3 - Conference contribution

    SN - 9781841022567

    SP - 223

    EP - 234

    BT - Proceedings of the South African Information Security Multi-Conference, SAISMC 2010

    PB - Plymouth University

    ER -