Spectral Analysis and Robust Controller for Drone Fleet Management
VerifiedAdded on 2019/09/23
|60
|14078
|321
Report
AI Summary
The provided content consists of a collection of research papers on intrusion detection systems (IDS) published in various journals and conferences between 2014 and 2018. The papers explore different approaches to IDS, including machine learning-based methods, fuzzy logic, and hybrid approaches. The topics covered include anomaly-based detection, rule induction, support vector machines, polynomial feature correlation analysis, and clustering algorithms. The authors discuss the effectiveness of their proposed systems in detecting various types of intrusions, such as flooding attacks, data classification, and network traffic anomalies.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Project Dissertation
Title:Next-GenerationCybertrap For Corporate Intrusion Detection Servers and
Intrusion Prevention Servers in Enterprise Business.
Title:Next-GenerationCybertrap For Corporate Intrusion Detection Servers and
Intrusion Prevention Servers in Enterprise Business.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................4
Aim and Objectives....................................................................................................................11
Background and motivation.......................................................................................................12
Problem......................................................................................................................................12
Proposed solution.......................................................................................................................12
Structure of thesis.......................................................................................................................12
Summary....................................................................................................................................13
LITERATURE REVIEW..............................................................................................................14
TECHNOLOGY............................................................................................................................21
APPROACH..................................................................................................................................33
DESIGN.........................................................................................................................................42
IMPLEMENTATION....................................................................................................................47
CONCLUSION..............................................................................................................................56
REFERENCES..............................................................................................................................57
INTRODUCTION...........................................................................................................................4
Aim and Objectives....................................................................................................................11
Background and motivation.......................................................................................................12
Problem......................................................................................................................................12
Proposed solution.......................................................................................................................12
Structure of thesis.......................................................................................................................12
Summary....................................................................................................................................13
LITERATURE REVIEW..............................................................................................................14
TECHNOLOGY............................................................................................................................21
APPROACH..................................................................................................................................33
DESIGN.........................................................................................................................................42
IMPLEMENTATION....................................................................................................................47
CONCLUSION..............................................................................................................................56
REFERENCES..............................................................................................................................57
ABSTRACT
Next Generation Intrusion Prevention Systems is also term as Intrusion Detection & Prevention
Systems (IDPS). Here we can see that Next Generation Cyber trap for corporate intrusion
detections server and intrusion prevention servers in Enterprise business that consists of different
network security applications which monitor the network and suspicious activities in the system.
This system will protect the corporate from the default attacks to the new attack and also controls
the system and prevent the system by the cyber threat. The expertise of Next-generation intrusion
prevention system helps to protect the sensitive data and the information also the application
from the cyber threat and manage the performance of the system. Our project is mainly focused
on explaining the different mitigation methodologies or techniques used by corporate for storing
information and data that is going to be used in the network system. Further, in our paper, we are
going to discuss more these things. In this type of mitigation plan, the attackers are not able to
penetrate inside the system and outside the system to secure fully. After implementing this
system in the corporate we will be able to find the types of attacks and methods used by the
attackers so that we can easily install that technology in our system to protect information and
data against different types of cyber threats.
Next Generation Intrusion Prevention Systems is also term as Intrusion Detection & Prevention
Systems (IDPS). Here we can see that Next Generation Cyber trap for corporate intrusion
detections server and intrusion prevention servers in Enterprise business that consists of different
network security applications which monitor the network and suspicious activities in the system.
This system will protect the corporate from the default attacks to the new attack and also controls
the system and prevent the system by the cyber threat. The expertise of Next-generation intrusion
prevention system helps to protect the sensitive data and the information also the application
from the cyber threat and manage the performance of the system. Our project is mainly focused
on explaining the different mitigation methodologies or techniques used by corporate for storing
information and data that is going to be used in the network system. Further, in our paper, we are
going to discuss more these things. In this type of mitigation plan, the attackers are not able to
penetrate inside the system and outside the system to secure fully. After implementing this
system in the corporate we will be able to find the types of attacks and methods used by the
attackers so that we can easily install that technology in our system to protect information and
data against different types of cyber threats.
CHAPTER 1
INTRODUCTION
INTRODUCTION
Cyber Trap becomes the trendsetting word in the growing generations’ minds who work
upon a lot on the internet. This word will be more familiar for the corporate companies as they
come through such problems day-to-day basis. They make their process on the internet which
will make their work so easier and instant. Believing in this, these crew people collect data
from the internet but they were not aware of the problems which will affect them later. Due to
this access of internet, the hidden side of the internet gets wild and gains a lot of profit, but
locating and targeting the small corporate companies because they don’t maintain high security
on the internet. But they do believe that they have strong security connections that no one could
enter the area and access the data. Their intention is completely wrong because Cyber trap is a
huge background trap that takes out the data from their site with ease of effort. They are
otherwise called as attackers of corporates who enjoy a lot in trapping and getting out the data
at the most level (Akhil Gupta, et al., 2018) (Navneet Kambow et al., 2014).
According to a recent survey, it is obvious that 96% of the business people are fooled by
the Cyber Trap method. To know about the happenings, the company brought out an idea to
detect the attack made by the internet user. Then there was an emergence of a processor called
honeypots to detect the malware capture, which is placed in a corner of a network to capture the
attackers. The proposed system is capable of detecting the network attacks on significant
resources and to capture the malware being spread in the network. This system consists of
various modules to monitor the system after knowing and understanding the basics from the
human interaction. During the initial process of the detectors, they learn about the signature and
INTRODUCTION
INTRODUCTION
Cyber Trap becomes the trendsetting word in the growing generations’ minds who work
upon a lot on the internet. This word will be more familiar for the corporate companies as they
come through such problems day-to-day basis. They make their process on the internet which
will make their work so easier and instant. Believing in this, these crew people collect data
from the internet but they were not aware of the problems which will affect them later. Due to
this access of internet, the hidden side of the internet gets wild and gains a lot of profit, but
locating and targeting the small corporate companies because they don’t maintain high security
on the internet. But they do believe that they have strong security connections that no one could
enter the area and access the data. Their intention is completely wrong because Cyber trap is a
huge background trap that takes out the data from their site with ease of effort. They are
otherwise called as attackers of corporates who enjoy a lot in trapping and getting out the data
at the most level (Akhil Gupta, et al., 2018) (Navneet Kambow et al., 2014).
According to a recent survey, it is obvious that 96% of the business people are fooled by
the Cyber Trap method. To know about the happenings, the company brought out an idea to
detect the attack made by the internet user. Then there was an emergence of a processor called
honeypots to detect the malware capture, which is placed in a corner of a network to capture the
attackers. The proposed system is capable of detecting the network attacks on significant
resources and to capture the malware being spread in the network. This system consists of
various modules to monitor the system after knowing and understanding the basics from the
human interaction. During the initial process of the detectors, they learn about the signature and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
the behaviour of the malware. Later they were fed with the modern executables and binaries
system which them capable to find out the malware which harms the computing network. This
package checks for the malicious match to find out the harm material (Chaitali Choure, et al.,
2018).
Then cyber trap came into charge, the Intrusion Detection module which acts more effective
which watches out for the intrusion chances. When an attack is made, it comes into act making
an attentive alarm which intends in creating a honeypot to which will be the replica of the
victim resource. All the services which were running on the victim machine will be faked into
the honeypot, in case of this, the attacker will redirect. But the IDS are very conscious clear that
the redirected work should not be found out by the attacker. This additional feature of this
makes a good hype in this intrusion module detector. This even too provides a system called
sandbox, which will not harm the operation of the original resources and maintain the records
in a safe manner. There comes along an automated honeypot management system which
manages such critical circumstances. Every particular process will have a design feature which
goes from initial to final stages. This design has made with five different modules namely
Malware detector, an Intrusion detector, Honeypot Manager, Auditor and Backup manager
(Chau Tran, et al., 2017).
To know about the attackers, the inventors had different methods of a plan to make the
attackers attract towards their honeypots. To make this happen they made their trap by making
the server most requested one and high ranking one which will lure more attackers. By that
time, the initial stage which is the Malware detector checks for the incoming threats whereas
the other modules will not get into charge unless they are needed. The honeypot manager
created the honeypots for the attackers to be detected to the server, then the Auditor checks the
system which them capable to find out the malware which harms the computing network. This
package checks for the malicious match to find out the harm material (Chaitali Choure, et al.,
2018).
Then cyber trap came into charge, the Intrusion Detection module which acts more effective
which watches out for the intrusion chances. When an attack is made, it comes into act making
an attentive alarm which intends in creating a honeypot to which will be the replica of the
victim resource. All the services which were running on the victim machine will be faked into
the honeypot, in case of this, the attacker will redirect. But the IDS are very conscious clear that
the redirected work should not be found out by the attacker. This additional feature of this
makes a good hype in this intrusion module detector. This even too provides a system called
sandbox, which will not harm the operation of the original resources and maintain the records
in a safe manner. There comes along an automated honeypot management system which
manages such critical circumstances. Every particular process will have a design feature which
goes from initial to final stages. This design has made with five different modules namely
Malware detector, an Intrusion detector, Honeypot Manager, Auditor and Backup manager
(Chau Tran, et al., 2017).
To know about the attackers, the inventors had different methods of a plan to make the
attackers attract towards their honeypots. To make this happen they made their trap by making
the server most requested one and high ranking one which will lure more attackers. By that
time, the initial stage which is the Malware detector checks for the incoming threats whereas
the other modules will not get into charge unless they are needed. The honeypot manager
created the honeypots for the attackers to be detected to the server, then the Auditor checks the
system for any malicious activity and in the generated logs after particular events next comes
the Backup manager who will in charge to backup the resources and honeypots whenever
necessary (Chau Tran, et al., 2017).
Malware Detector
The malware detector works with collaboration and runs independently on the internet
to detect and capture any malware in the network. This module consists of various functions,
search for malware in different ways, and later submits the result to the server for further
research. This module has 3 types naming fetcher, watcher and hunter. A fetcher is a service
which does cross-matching to catch any malicious files. Watcher watches the network for any
harm file to capture. Hunter is a pre-processor which extracts Windows binaries which come
into the network and checks them for the unwanted harm files (David Ahmad Effendy, et al.,
2017).
Intrusion detector
Intrusion detector is similar when compared with the Hunter detector which is a pre-
processor which controls the calling of other modules. Whenever there is an intrusion, the
intrusion detector detects and shoots out an alert and calls other modules if necessary alone.
The intrusion detector module has a function for log parsing, which keeps its eyes on the log
for intrusion attempts. Even in this case, if a harm is detected an alarm is provided to the
administrator. The module looks for the harm, if any harm is detected, it connects with the
honeypot module to create a honeypot and deal further with the attacker (David Ahmad
Effendy, et al., 2017).
the Backup manager who will in charge to backup the resources and honeypots whenever
necessary (Chau Tran, et al., 2017).
Malware Detector
The malware detector works with collaboration and runs independently on the internet
to detect and capture any malware in the network. This module consists of various functions,
search for malware in different ways, and later submits the result to the server for further
research. This module has 3 types naming fetcher, watcher and hunter. A fetcher is a service
which does cross-matching to catch any malicious files. Watcher watches the network for any
harm file to capture. Hunter is a pre-processor which extracts Windows binaries which come
into the network and checks them for the unwanted harm files (David Ahmad Effendy, et al.,
2017).
Intrusion detector
Intrusion detector is similar when compared with the Hunter detector which is a pre-
processor which controls the calling of other modules. Whenever there is an intrusion, the
intrusion detector detects and shoots out an alert and calls other modules if necessary alone.
The intrusion detector module has a function for log parsing, which keeps its eyes on the log
for intrusion attempts. Even in this case, if a harm is detected an alarm is provided to the
administrator. The module looks for the harm, if any harm is detected, it connects with the
honeypot module to create a honeypot and deal further with the attacker (David Ahmad
Effendy, et al., 2017).
Honeypot Manager
This is one of the important modules is the honeypot manager, which creates a honeypot
to locate the threats. The main function of this is to create a honeypot to take out the threats by
fetching information from the intrusion detector. This module provides a sandbox feature so
that the attacker can play inside the honeypot without interrupting the original resources (Elike
Hodo, et al., 2017).
Auditor
The auditor module functions to collect all the data connecting to the network to check
for the intrusion or network changes. It checks for all changes which should be sent to the
Honeypot manager so that it can able to create an absolute replica of the damaged data
(Ennahbaoui, M. Idrissi, H, 2018).
Backup Manager
The function of the Backup manager is so relevant to the name of the heading that it
should keep a backup of resources and the honeypots. This module takes regular backups and
always will be ready to provide the replica of resources and honeypots, to provide restoration in
case of any sudden events. It would also be capable of creating a Honeypot which was
previously attacked by the attacker. When instead of getting a clean honeypot, if an attacker
gets a resource with plenty amount, he might tend to leave some traces as the attacker will be
keen on taking out the data and the attacker will not be recognising that they are playing with
honeypot which would easily find out the attacker. The Honeypot manager too contains the
backup of the resource (Elike Hodo, et al., 2017).
This is one of the important modules is the honeypot manager, which creates a honeypot
to locate the threats. The main function of this is to create a honeypot to take out the threats by
fetching information from the intrusion detector. This module provides a sandbox feature so
that the attacker can play inside the honeypot without interrupting the original resources (Elike
Hodo, et al., 2017).
Auditor
The auditor module functions to collect all the data connecting to the network to check
for the intrusion or network changes. It checks for all changes which should be sent to the
Honeypot manager so that it can able to create an absolute replica of the damaged data
(Ennahbaoui, M. Idrissi, H, 2018).
Backup Manager
The function of the Backup manager is so relevant to the name of the heading that it
should keep a backup of resources and the honeypots. This module takes regular backups and
always will be ready to provide the replica of resources and honeypots, to provide restoration in
case of any sudden events. It would also be capable of creating a Honeypot which was
previously attacked by the attacker. When instead of getting a clean honeypot, if an attacker
gets a resource with plenty amount, he might tend to leave some traces as the attacker will be
keen on taking out the data and the attacker will not be recognising that they are playing with
honeypot which would easily find out the attacker. The Honeypot manager too contains the
backup of the resource (Elike Hodo, et al., 2017).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1.2 INTRUSION PREVENTION SERVER
Intrusion prevention is as similar to intrusion detector in which it is detected and taken
out, but the advanced level of it is the intrusion prevention which prevents the attackers enter
into the network which is much required every corporate company who maintain their most
valuable and important data in the network. An exploit may carry out an instant after the
attackers gain access whereas the intrusion prevention detector has the ability to take quick
action on it based on some kind of rules framed by the administrator. An effective intrusion
detector should perform very complex monitoring and analysis such as watching to the activity
and responding to the administrator patterns and individual patterns. To be factual, an Intrusion
Prevention System should use any product or method that is used to keep away the attackers
from compromising the networking using some concepts like firewalls and anti-virus software
(Fang-YieLeu, et al., 2015).
1.3 FIREWALL
Firewall is an internet security which controls the incoming signals and outgoing signals
in the networking server. Network firewalls filter the traffic between the signals and run on
computer hardware. Mostly, a firewall is always installed away from the remaining network so
that no other illegal signals enter into the private sector of the company.
The firewall has three layers which protect the data to be attacked.
1. Packet filters firewall
2. Stateful filters firewall
3. Application layer firewall
Intrusion prevention is as similar to intrusion detector in which it is detected and taken
out, but the advanced level of it is the intrusion prevention which prevents the attackers enter
into the network which is much required every corporate company who maintain their most
valuable and important data in the network. An exploit may carry out an instant after the
attackers gain access whereas the intrusion prevention detector has the ability to take quick
action on it based on some kind of rules framed by the administrator. An effective intrusion
detector should perform very complex monitoring and analysis such as watching to the activity
and responding to the administrator patterns and individual patterns. To be factual, an Intrusion
Prevention System should use any product or method that is used to keep away the attackers
from compromising the networking using some concepts like firewalls and anti-virus software
(Fang-YieLeu, et al., 2015).
1.3 FIREWALL
Firewall is an internet security which controls the incoming signals and outgoing signals
in the networking server. Network firewalls filter the traffic between the signals and run on
computer hardware. Mostly, a firewall is always installed away from the remaining network so
that no other illegal signals enter into the private sector of the company.
The firewall has three layers which protect the data to be attacked.
1. Packet filters firewall
2. Stateful filters firewall
3. Application layer firewall
1.4 CHALLENGES OF INTRUSIVE DETECTION SERVER
Network and intrusion detection systems play a wide role in securing the data by
preventing the data entry into the servers of corporates. To know the capacity of the
technology, the organizations must face a number of challenges (Gisung Kim, et al., 2014).
The challenges are,
Ensuring an effective deployment
While receiving such threats from the attackers, the organisations must make sure that
the security is in a high level that is an effective deployment. In the world, many companies
were not aware of their entire view of the network so deploying Intrusive Detection server can
be so difficult.So the organization has to make sure that they ensure a good deployment
(Gisung Kim, et al., 2014).
1.4.1 Managing the high volume of alerts
To manage high-level threats, the server is fixed with a great alert signal which indicates
the illegal entry in the network or when the receiving signal does not match the pattern. So that
the alert volume should be hyperactive so that the company can compete for the internet world
with full confidence which too helps them maintain their data in a secure manner (Gisung Kim,
et al., 2014).
1.4.2 Understanding and investigating the alerts
Intrusive Detection Server consists of a very base level security, it looks so normal type of
security when it is placed alone. When updated with an alert, it looks good and effective for
detecting the threats. When the IDS is investigated for its alerts it takes very less time and
Network and intrusion detection systems play a wide role in securing the data by
preventing the data entry into the servers of corporates. To know the capacity of the
technology, the organizations must face a number of challenges (Gisung Kim, et al., 2014).
The challenges are,
Ensuring an effective deployment
While receiving such threats from the attackers, the organisations must make sure that
the security is in a high level that is an effective deployment. In the world, many companies
were not aware of their entire view of the network so deploying Intrusive Detection server can
be so difficult.So the organization has to make sure that they ensure a good deployment
(Gisung Kim, et al., 2014).
1.4.1 Managing the high volume of alerts
To manage high-level threats, the server is fixed with a great alert signal which indicates
the illegal entry in the network or when the receiving signal does not match the pattern. So that
the alert volume should be hyperactive so that the company can compete for the internet world
with full confidence which too helps them maintain their data in a secure manner (Gisung Kim,
et al., 2014).
1.4.2 Understanding and investigating the alerts
Intrusive Detection Server consists of a very base level security, it looks so normal type of
security when it is placed alone. When updated with an alert, it looks good and effective for
detecting the threats. When the IDS is investigated for its alerts it takes very less time and
fewer resources when compared to the other system which tends to determine the seriousness
of the alarm. Special skills are required for interrupting the system output where the
organization may lack the security in performing such functions (Gisung Kim, et al., 2014).
1.4.3 Knowing how to respond to threats
IDS is very much effective in identifying the appropriate problem which is a great
feedback for the corporate companies but they couldn’t be too confident that they have high
security because Intrusion detection server just locates the problem which is just half the
problem solved. To solve the problem is important whereas responding correctly to the problem
is more important which behaves as the half the process of solving the problem. The lack
happens here in this IDS. Effective incident requires skills in this and have to know about the
robust procedures to solve the problem. To emphasize the importance of having unsuitable
incident response plan, the incoming General Data Protection Regulation(GDPR) requires
organizations that continue any type of data to have perfect controls in a perfect place to report
the security breaches to a related authority within two days or it will lead to a huge amount of
dues (Gisung Kim, et al., 2014).
1.5 ADVANTAGES OF INTRUSION DETECTION SERVER
1.5.1 Constant Network Monitoring
Constant Network monitoring continuously works all 24*7 for the corporates which
make them fear free from the attackers. This feature allows the server to be safe even when the
user is in sleep or awake. It maintains security and detects the attacker and produces an alert
signal to the management (PeymanKabiri and Ali A.Ghorbani, 2005).
of the alarm. Special skills are required for interrupting the system output where the
organization may lack the security in performing such functions (Gisung Kim, et al., 2014).
1.4.3 Knowing how to respond to threats
IDS is very much effective in identifying the appropriate problem which is a great
feedback for the corporate companies but they couldn’t be too confident that they have high
security because Intrusion detection server just locates the problem which is just half the
problem solved. To solve the problem is important whereas responding correctly to the problem
is more important which behaves as the half the process of solving the problem. The lack
happens here in this IDS. Effective incident requires skills in this and have to know about the
robust procedures to solve the problem. To emphasize the importance of having unsuitable
incident response plan, the incoming General Data Protection Regulation(GDPR) requires
organizations that continue any type of data to have perfect controls in a perfect place to report
the security breaches to a related authority within two days or it will lead to a huge amount of
dues (Gisung Kim, et al., 2014).
1.5 ADVANTAGES OF INTRUSION DETECTION SERVER
1.5.1 Constant Network Monitoring
Constant Network monitoring continuously works all 24*7 for the corporates which
make them fear free from the attackers. This feature allows the server to be safe even when the
user is in sleep or awake. It maintains security and detects the attacker and produces an alert
signal to the management (PeymanKabiri and Ali A.Ghorbani, 2005).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1.5.2 Versatility of the system
Intrusive detection server is customizable to accommodate special client needs. The
appointment will be based on the versatile performance of an individual so that he can be
efficient enough to analyse the attacks and produce solutions to it. The system can monitor the
threats from both the inside and outside the network with the help of the system behaviour the
threats can be identified (Gulshan Kumar, et al., 2018).
1.6 DISADVANTAGE OF INTRUSIVE DETECTION SERVER
1.6.1 Telling a threat from a friend
The main disadvantage is that they do not have the ability to tell the information from friend to
foe. Users inside may have a harmless activity which will lead to lockdown to the network. It
will be as same as locked until an undetermined amount of time. The professional has to be
available all time to identify and reset the threat. For a business class people, this can cause a
drastic loss of revenue an client confidence, as any of companies partner may take business
elsewhere to a company with a reliable network (Gulshan Kumar, et al., 2018).
1.7 AIM AND OBJECTIVES
The main aim of this project is to find out that whether the organizations have
enough security measures to protect or prevent the information and data from
cyber-attacks on the World Wide Web.
The main objectives for selecting this project are to find out whether the
available security standards and security practices are capable to protect the
organizational data and information from security threats and attacks.
Intrusive detection server is customizable to accommodate special client needs. The
appointment will be based on the versatile performance of an individual so that he can be
efficient enough to analyse the attacks and produce solutions to it. The system can monitor the
threats from both the inside and outside the network with the help of the system behaviour the
threats can be identified (Gulshan Kumar, et al., 2018).
1.6 DISADVANTAGE OF INTRUSIVE DETECTION SERVER
1.6.1 Telling a threat from a friend
The main disadvantage is that they do not have the ability to tell the information from friend to
foe. Users inside may have a harmless activity which will lead to lockdown to the network. It
will be as same as locked until an undetermined amount of time. The professional has to be
available all time to identify and reset the threat. For a business class people, this can cause a
drastic loss of revenue an client confidence, as any of companies partner may take business
elsewhere to a company with a reliable network (Gulshan Kumar, et al., 2018).
1.7 AIM AND OBJECTIVES
The main aim of this project is to find out that whether the organizations have
enough security measures to protect or prevent the information and data from
cyber-attacks on the World Wide Web.
The main objectives for selecting this project are to find out whether the
available security standards and security practices are capable to protect the
organizational data and information from security threats and attacks.
1.8 BACKGROUND AND MOTIVATION
Cyber trap products nowadays installed in the private and public sectors all over the
world. Cyber trap products mainly applied to analyze the big data for monitoring the traffic in
the network and provide visibility on both the end of the network of the organizations. It also
provides a plan for the organization to show how they can secure their data and information.
Also, the cyber trap system is going to provide the information about IP and other suspicious
activities of the user as well as a system administrator. The cyber trap technology is going to
support the different type of technology among currently available technologies in the market
and from another different type of security threat situations.
1.9 PROBLEM
Nowadays, different types of organizations that have daily multiple types of traffic
generations at the applications level and from another different type of security threats use a
cyber trap to protect their network. Different types of security threats are possible so that most
of the largest global organization uses cyber trap methods to manage and secure the
information and identities as well as their technology infrastructure.
1.10 PROPOSED SOLUTION
Cyber trap is the leading solutions that can provide security to loss of data and
information over the system network of the organizations.
1.11 STRUCTURE OF THESIS
The thesis starts with the chapter 1.Introduction of next generation cybertrap for the
corporate. In chapter 2.Literature review about the intrusion prevention and detection are
Cyber trap products nowadays installed in the private and public sectors all over the
world. Cyber trap products mainly applied to analyze the big data for monitoring the traffic in
the network and provide visibility on both the end of the network of the organizations. It also
provides a plan for the organization to show how they can secure their data and information.
Also, the cyber trap system is going to provide the information about IP and other suspicious
activities of the user as well as a system administrator. The cyber trap technology is going to
support the different type of technology among currently available technologies in the market
and from another different type of security threat situations.
1.9 PROBLEM
Nowadays, different types of organizations that have daily multiple types of traffic
generations at the applications level and from another different type of security threats use a
cyber trap to protect their network. Different types of security threats are possible so that most
of the largest global organization uses cyber trap methods to manage and secure the
information and identities as well as their technology infrastructure.
1.10 PROPOSED SOLUTION
Cyber trap is the leading solutions that can provide security to loss of data and
information over the system network of the organizations.
1.11 STRUCTURE OF THESIS
The thesis starts with the chapter 1.Introduction of next generation cybertrap for the
corporate. In chapter 2.Literature review about the intrusion prevention and detection are
surveyed. In chapter 3. Technologies used in the intrusion detection and prevention systems are
explained. In chapter 4. Design methodology used in the system is briefly explained. In chapter
5. Approaches used in the intrusion detection and prevention systems are illustrated. In chapter
6. Implementation of design is described. In chapter 7. Conclusion and future work of the
project is described.
1.12 SUMMARY
Next Generation Intrusion Prevention System is also called as Intrusion Detection and
Prevention System (IDPS) where the cyber trap is implemented in the corporate for improving
its safety and security. Even though there are many security applications in the enterprise they
need additional security that to be implemented. The report is based on the explanation of
different mitigation methods or techniques that are used for storing the information and data in
the secure network system.
explained. In chapter 4. Design methodology used in the system is briefly explained. In chapter
5. Approaches used in the intrusion detection and prevention systems are illustrated. In chapter
6. Implementation of design is described. In chapter 7. Conclusion and future work of the
project is described.
1.12 SUMMARY
Next Generation Intrusion Prevention System is also called as Intrusion Detection and
Prevention System (IDPS) where the cyber trap is implemented in the corporate for improving
its safety and security. Even though there are many security applications in the enterprise they
need additional security that to be implemented. The report is based on the explanation of
different mitigation methods or techniques that are used for storing the information and data in
the secure network system.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
CHAPTER 2
LITERATURE REVIEW
2.1 INTRUSION PREVENTION AND DETECTION IN NFV
In this paper, they focused on Intrusion Detection Systems (IDS) and Intrusion
Prevention Systems (IPS), where it is designed for monitoring and detecting the malicious
software and unwanted actions that attacker try to compromise, modify the computer system..
They stop or dismiss them at their happening time and describe with the brief outline of IDS or
IPS and their typical applications and then precisely discuss NFV-based implementations
(panelZonghuaZhang, AhmedMeddahi, 2017).
2.2 INTELLIGENT INTRUSION DETECTION SYSTEM FEATURING A VIRTUAL
FENCE, ACTIVE INTRUDER DETECTION, CLASSIFICATION, TRACKING, AND
ACTION RECOGNITION
An intrusion detection system (IDS) is mainly used to protect nuclear power plants
against exterior threats, namely sabotage and various malicious attacks. Still, an operator
constructs previous versions of IDSs to spot an intruder from the pictorial review. It has the
difficulties of needful reserve human resources and trusting on capabilities of the operator. Here
they proposed an image-based intelligent intrusion detection system (IIDS) with a virtual fence,
recognition the motion, active intruder detection, classification, and tracking to solve these
limits. An integrated gaining device was factory-made joining optical and thermal cameras to
recompense for the drawbacks of optical cameras, major trouble in detecting an intrusion at night
time, under argumentative weather conditions.The virtual fence has a purpose to establish the
border between surveillance and exterior areas in a graphical user interface and to describe an
early pre-alarm area if essential. The contextual model is calculated to sense moving objects and
LITERATURE REVIEW
2.1 INTRUSION PREVENTION AND DETECTION IN NFV
In this paper, they focused on Intrusion Detection Systems (IDS) and Intrusion
Prevention Systems (IPS), where it is designed for monitoring and detecting the malicious
software and unwanted actions that attacker try to compromise, modify the computer system..
They stop or dismiss them at their happening time and describe with the brief outline of IDS or
IPS and their typical applications and then precisely discuss NFV-based implementations
(panelZonghuaZhang, AhmedMeddahi, 2017).
2.2 INTELLIGENT INTRUSION DETECTION SYSTEM FEATURING A VIRTUAL
FENCE, ACTIVE INTRUDER DETECTION, CLASSIFICATION, TRACKING, AND
ACTION RECOGNITION
An intrusion detection system (IDS) is mainly used to protect nuclear power plants
against exterior threats, namely sabotage and various malicious attacks. Still, an operator
constructs previous versions of IDSs to spot an intruder from the pictorial review. It has the
difficulties of needful reserve human resources and trusting on capabilities of the operator. Here
they proposed an image-based intelligent intrusion detection system (IIDS) with a virtual fence,
recognition the motion, active intruder detection, classification, and tracking to solve these
limits. An integrated gaining device was factory-made joining optical and thermal cameras to
recompense for the drawbacks of optical cameras, major trouble in detecting an intrusion at night
time, under argumentative weather conditions.The virtual fence has a purpose to establish the
border between surveillance and exterior areas in a graphical user interface and to describe an
early pre-alarm area if essential. The contextual model is calculated to sense moving objects and
sensed objects are segmented into bounding boxes. The proposed IIDS helps to meet the
protection requirements suggested in the nuclear controlling guidelines. It is predictable to do
more lively and consistent intrusion detection in mixture with existing sensors, such as electric
fields, and fence disturbance sensors, microwaves in a nuclear power plant (Seung HyunKim. et
al, 2018).
2.3 A NOVEL HONEYPOT BASED SECURITY APPROACH FOR REAL-TIME
INTRUSION DETECTION AND PREVENTION SYSTEMS
In this paper, the author describes the honeypot based approach for intrusion
detection/prevention systems (ID/PS). In this paper, they have developed an honeypot server
application which is shared with IDSs to analyse data in happening-time and to function
efficiently. Furthermore, by correlating the rewards of the interaction of honeypot with low and
high parameters, a superior hybrid honeypot system is achieved. The proposed system is a
honeypot based intrusion detection and prevention system (IDPS) type and it is intelligent to a
demonstration of network traffic on visualizing the real-time animation servers and also it offers
the system data effortlessly. In conclusion, the system which is developed is used to find a zero-
day attack because of Intrusion detection system configuration. This gives more advantage in
finding the low positive level in the Intrusion Detection Systems. The virtualization technology
and corporate networks are used to reduce the configuration cost, maintenance cost and system
management are done effectively (panelMuhammet, Baykara ResulDas, 2018).
2.4 TRUST AWARE SUPPORT VECTOR MACHINE INTRUSION DETECTION AND
PREVENTION SYSTEM IN VEHICULAR AD HOC NETWORKS
The author mainly focused to improve safety and security on the road by using Vehicular
Ad Hoc Networks (VANETs) to provide various benefits to travellers. Though VANETs is a
protection requirements suggested in the nuclear controlling guidelines. It is predictable to do
more lively and consistent intrusion detection in mixture with existing sensors, such as electric
fields, and fence disturbance sensors, microwaves in a nuclear power plant (Seung HyunKim. et
al, 2018).
2.3 A NOVEL HONEYPOT BASED SECURITY APPROACH FOR REAL-TIME
INTRUSION DETECTION AND PREVENTION SYSTEMS
In this paper, the author describes the honeypot based approach for intrusion
detection/prevention systems (ID/PS). In this paper, they have developed an honeypot server
application which is shared with IDSs to analyse data in happening-time and to function
efficiently. Furthermore, by correlating the rewards of the interaction of honeypot with low and
high parameters, a superior hybrid honeypot system is achieved. The proposed system is a
honeypot based intrusion detection and prevention system (IDPS) type and it is intelligent to a
demonstration of network traffic on visualizing the real-time animation servers and also it offers
the system data effortlessly. In conclusion, the system which is developed is used to find a zero-
day attack because of Intrusion detection system configuration. This gives more advantage in
finding the low positive level in the Intrusion Detection Systems. The virtualization technology
and corporate networks are used to reduce the configuration cost, maintenance cost and system
management are done effectively (panelMuhammet, Baykara ResulDas, 2018).
2.4 TRUST AWARE SUPPORT VECTOR MACHINE INTRUSION DETECTION AND
PREVENTION SYSTEM IN VEHICULAR AD HOC NETWORKS
The author mainly focused to improve safety and security on the road by using Vehicular
Ad Hoc Networks (VANETs) to provide various benefits to travellers. Though VANETs is a
wireless type of communication network, it is traditional to use frequent security adventures that
exist in the environment. They also provide preventive methods are fine as receptive resolutions
for network intrusions for monitoring and detecting potential intrusions that are continuing in the
network. Live network bouts are usually calculated to decrease or suspend the accessibility of the
network. The outcome of these attackers on the network can be identified by selecting
parameters, it turns to be used as the main role for spotting malicious activities. Here they
proposed full IDS in VANET by combining data collection method and Support Vector Machine
(SVM) techniques for analysing the data to create the trust among the values in all vehicle on the
networks as named Trust-Aware SVM-Based IDS (TSIDS) (panelErfan A. et al, 2018).
2.5 AN ANOMALY-BASED INTRUSION DETECTION SYSTEM IN PRESENCE OF
BENIGN OUTLIERS WITH VISUALIZATION CAPABILITIES
The author focused on the Abnormal network traffic examination using Intrusion
Detection Systems (IDSs) and visualization techniques has significantly converted vital research
area to defend computer system from the intruders. It makes very challenging to plan a precise a
vigorous IDS with visualization abilities to determine cyber threats owed to the large value of
network traffic. In this work, they introduced and described a novel anomaly-based intrusion
detection system in the happening of high-range independence data called benign outliers.They
use neural forecast architecture by a modified Self-Organizing Map (SOM) to sense attacks but
also to give a report about the identified attacks with accurate evidence to the end users. The
newly proposed method allows healthier examination by integration of a core value of network
traffic into a simple way to understand the format in 2Dand a modest user communication.The
data has been tested by using the benchmark datasets (NSL-KDD, UNSW-NB15, AAGM and
VPN-non VPN) that can be applied in this domain (panelAminKarami. et al, 2018).
exist in the environment. They also provide preventive methods are fine as receptive resolutions
for network intrusions for monitoring and detecting potential intrusions that are continuing in the
network. Live network bouts are usually calculated to decrease or suspend the accessibility of the
network. The outcome of these attackers on the network can be identified by selecting
parameters, it turns to be used as the main role for spotting malicious activities. Here they
proposed full IDS in VANET by combining data collection method and Support Vector Machine
(SVM) techniques for analysing the data to create the trust among the values in all vehicle on the
networks as named Trust-Aware SVM-Based IDS (TSIDS) (panelErfan A. et al, 2018).
2.5 AN ANOMALY-BASED INTRUSION DETECTION SYSTEM IN PRESENCE OF
BENIGN OUTLIERS WITH VISUALIZATION CAPABILITIES
The author focused on the Abnormal network traffic examination using Intrusion
Detection Systems (IDSs) and visualization techniques has significantly converted vital research
area to defend computer system from the intruders. It makes very challenging to plan a precise a
vigorous IDS with visualization abilities to determine cyber threats owed to the large value of
network traffic. In this work, they introduced and described a novel anomaly-based intrusion
detection system in the happening of high-range independence data called benign outliers.They
use neural forecast architecture by a modified Self-Organizing Map (SOM) to sense attacks but
also to give a report about the identified attacks with accurate evidence to the end users. The
newly proposed method allows healthier examination by integration of a core value of network
traffic into a simple way to understand the format in 2Dand a modest user communication.The
data has been tested by using the benchmark datasets (NSL-KDD, UNSW-NB15, AAGM and
VPN-non VPN) that can be applied in this domain (panelAminKarami. et al, 2018).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2.6 ATTACK DETECTION/PREVENTION SYSTEM AGAINST CYBER-ATTACK IN
INDUSTRIAL CONTROL SYSTEMS
Industrial control systems (ICS) are very important for industrial facilities and critics.
Since it is not sufficient for security test and evaluations against the security attacks they need to
prevent the data in the ICS. Every day they are exposed to the new threats. So they must be
protected against the intruder in order to secure the infrastructure to protect the data and the
information. So preventing the data has become more significant other than preventing it. So in
this paper, they have carried out a research on the weakness and types of detection that is
possible in the system. Programmable logic controllers do it and it is very important in ICS. To
stop the attack rules and principles are created. With the help of the rule table, the previous
attacks can be prevented without making any harm to the business. Finally, the analysis showed
that this way reduces the attacks in the systems. The system is tested using PLC devices (Ercan
NurcanYılmaz, SerkanGönen, 2018).
2.7 DENDRON: GENETIC TREES DRIVEN RULE INDUCTION FOR NETWORK
INTRUSION DETECTION SYSTEMS
The author describes the Intrusion detection systems (IDSs) are extremely important
things/businesses in a network topology aiming to safeguard the (honest and good
quality/wholeness or completeness) and availability of sensitive valuable things in the protected
systems. In misuse detection systems, in this paper major purpose, the detection process depends
on clearly stated on particular attack signatures rules in an effort to tell the difference between
legal/real and true and evil and cruel network traffic. Generally, three major challenges are
related to any IDS of this category: identifying patterns of new attacks with high (quality of
being very close to the truth or true number), (making better) the human(the ease of reading
INDUSTRIAL CONTROL SYSTEMS
Industrial control systems (ICS) are very important for industrial facilities and critics.
Since it is not sufficient for security test and evaluations against the security attacks they need to
prevent the data in the ICS. Every day they are exposed to the new threats. So they must be
protected against the intruder in order to secure the infrastructure to protect the data and the
information. So preventing the data has become more significant other than preventing it. So in
this paper, they have carried out a research on the weakness and types of detection that is
possible in the system. Programmable logic controllers do it and it is very important in ICS. To
stop the attack rules and principles are created. With the help of the rule table, the previous
attacks can be prevented without making any harm to the business. Finally, the analysis showed
that this way reduces the attacks in the systems. The system is tested using PLC devices (Ercan
NurcanYılmaz, SerkanGönen, 2018).
2.7 DENDRON: GENETIC TREES DRIVEN RULE INDUCTION FOR NETWORK
INTRUSION DETECTION SYSTEMS
The author describes the Intrusion detection systems (IDSs) are extremely important
things/businesses in a network topology aiming to safeguard the (honest and good
quality/wholeness or completeness) and availability of sensitive valuable things in the protected
systems. In misuse detection systems, in this paper major purpose, the detection process depends
on clearly stated on particular attack signatures rules in an effort to tell the difference between
legal/real and true and evil and cruel network traffic. Generally, three major challenges are
related to any IDS of this category: identifying patterns of new attacks with high (quality of
being very close to the truth or true number), (making better) the human(the ease of reading
something) of the detection rules, and rightly selecting/naming the category these attacks belong
to. To this end, we propose Dendron, a way(s) of doing things for creating new detection rules
which can classify both common and rare types of attacks. Our way(s) of doing things takes
advantage of both Decision Trees and (related to tiny chemical assembly instructions inside of
living things) Sets of computer instructions for the benefit of changing (and getting better)
(language-related) understand/explainable and (very close to the truth or true number) detection
rules. It also (combines different things together so they work as one unit) (experience-based
thinking) methods in the (related to things slowly changing for the better over time) process
aiming to deal with the challenging nature of the network traffic, which generally biases machine
learning ways of doing things to neglect the minority classes of a dataset. The experimental
results, using KDDCup'99, NSL-KDD and UNSW-NB15 datasets, show about that Dendron can
(accomplish or gain with effort) superior results over other (the best design available now)
(something given to future people) ways of doing things under (more than two, but not a lot of)
classification numbers that measure things, while at the same time can significantly detect rare
rude (because of getting personal) events (panel Dimitrios, et al. 2018).
2.8 A REAL-TIME ANOMALY-BASED IDS FOR CYBER-ATTACK DETECTION AT
THE INDUSTRIAL PROCESS LEVEL OF CRITICAL INFRASTRUCTURES
In this paper, they proposed an anomaly-based intrusion detection system which helps to
find the critical condition of the organization. The algorithm is created based on the two phases.
At first, they learn the identical behaviour of the system process and it is detected for the
intrusion behaviour. If any misbehaviour is found then it rises an alarm finding the irregular
performance of the system. The main aim of this research is to detect the attacks in the network
devices with the critical organization process. They proposed a new IDS to grab the complex
to. To this end, we propose Dendron, a way(s) of doing things for creating new detection rules
which can classify both common and rare types of attacks. Our way(s) of doing things takes
advantage of both Decision Trees and (related to tiny chemical assembly instructions inside of
living things) Sets of computer instructions for the benefit of changing (and getting better)
(language-related) understand/explainable and (very close to the truth or true number) detection
rules. It also (combines different things together so they work as one unit) (experience-based
thinking) methods in the (related to things slowly changing for the better over time) process
aiming to deal with the challenging nature of the network traffic, which generally biases machine
learning ways of doing things to neglect the minority classes of a dataset. The experimental
results, using KDDCup'99, NSL-KDD and UNSW-NB15 datasets, show about that Dendron can
(accomplish or gain with effort) superior results over other (the best design available now)
(something given to future people) ways of doing things under (more than two, but not a lot of)
classification numbers that measure things, while at the same time can significantly detect rare
rude (because of getting personal) events (panel Dimitrios, et al. 2018).
2.8 A REAL-TIME ANOMALY-BASED IDS FOR CYBER-ATTACK DETECTION AT
THE INDUSTRIAL PROCESS LEVEL OF CRITICAL INFRASTRUCTURES
In this paper, they proposed an anomaly-based intrusion detection system which helps to
find the critical condition of the organization. The algorithm is created based on the two phases.
At first, they learn the identical behaviour of the system process and it is detected for the
intrusion behaviour. If any misbehaviour is found then it rises an alarm finding the irregular
performance of the system. The main aim of this research is to detect the attacks in the network
devices with the critical organization process. They proposed a new IDS to grab the complex
problems of monitoring the data by Industrial Control System. Finally, it is tested and validated
using a detailed report that is obtained on a management plan (panelXavier, et al. 2018).
2.9 AN EFFECTIVE AODV-BASED FLOODING DETECTION AND PREVENTION
FOR SMART METER NETWORK
In this paper, the author investigates the overflow attack and prevention method in a
smaller network. The default Adhoc On-Demand Distance Vector (AODV) protocol is at risk of
overflow attacks because of midway meters forward packets recklessly. For sensing and
preventing the system from the attack, they proposed a new protocol for overflow attack called
AODV-based routing protocol.They keep in mind about the IP spoofing. If IP spoofing does not
exist then the direction of the request is changed by adding new features. The main idea used in
this approach is to give permission to the one-hop neighbour meters to identify the attackers. The
results are collected by the meter and it regulates the system by a one-hop neighbour to source or
not. If it is true then the meter updates with the request counter when they receive each request
from the source. By using this way the receiver can prevent the attacks without an IP spoofing.
If IP spoofing exists then the protocol hides an original IP address. Here the algorithm becomes
more complex and include the trust of neighbours in the table. When the request is continued
then it is rejected by the protocol. The whole process is implemented using the NS3 simulation to
show the performance of the proposed algorithm (panelMd RaqibullHasan et al. 2018).
2.10 A SURVEY ON INTRUSION DETECTION SYSTEMS AND HONEYPOT BASED
PROACTIVE SECURITY MECHANISMS IN VANETS AND VANET CLOUD
Here the author describes the Vehicular Ad-hoc Network (VANET) is an emergent
category of Mobile Ad-hoc Networks (MANETs) through outstanding applications in the
intellectual traffic structure. Applications in VANETs are lifetime critical subsequently hominoid
using a detailed report that is obtained on a management plan (panelXavier, et al. 2018).
2.9 AN EFFECTIVE AODV-BASED FLOODING DETECTION AND PREVENTION
FOR SMART METER NETWORK
In this paper, the author investigates the overflow attack and prevention method in a
smaller network. The default Adhoc On-Demand Distance Vector (AODV) protocol is at risk of
overflow attacks because of midway meters forward packets recklessly. For sensing and
preventing the system from the attack, they proposed a new protocol for overflow attack called
AODV-based routing protocol.They keep in mind about the IP spoofing. If IP spoofing does not
exist then the direction of the request is changed by adding new features. The main idea used in
this approach is to give permission to the one-hop neighbour meters to identify the attackers. The
results are collected by the meter and it regulates the system by a one-hop neighbour to source or
not. If it is true then the meter updates with the request counter when they receive each request
from the source. By using this way the receiver can prevent the attacks without an IP spoofing.
If IP spoofing exists then the protocol hides an original IP address. Here the algorithm becomes
more complex and include the trust of neighbours in the table. When the request is continued
then it is rejected by the protocol. The whole process is implemented using the NS3 simulation to
show the performance of the proposed algorithm (panelMd RaqibullHasan et al. 2018).
2.10 A SURVEY ON INTRUSION DETECTION SYSTEMS AND HONEYPOT BASED
PROACTIVE SECURITY MECHANISMS IN VANETS AND VANET CLOUD
Here the author describes the Vehicular Ad-hoc Network (VANET) is an emergent
category of Mobile Ad-hoc Networks (MANETs) through outstanding applications in the
intellectual traffic structure. Applications in VANETs are lifetime critical subsequently hominoid
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
lives are at pale and consequently, communication between nodes (vehicles) must be recognised
in the most protected manner. To afford security for VANETs, several security methods are
planned, the further most widespread of which is Intrusion Detection Systems (IDSs). IDS has
previously proved its value in the detection of malicious nodes in old-style networks but
smearing the IDS in VANET identical networks is in some way different and challenging due to
its abnormal characteristics such as resource-constrained nodes, the high mobility of nodes,
specific protocols stacks, and standards. Here the author presents a brief summary about the
numerous IDSs, in wide-ranging, to catch the readers well familiar with the idea of IDS
subsequently which a painstaking survey of various IDSs that are propounded for VANETs is
put advancing shadowed by analysing and associating each technique along with advantages and
disadvantages. Approximately simple instructions to be presented for increasing IDSs that have a
potential application in VANET and VANET cloud. The major aim of the author is to identify
foremost trends, open challenges, and upcoming research directions in the placement of IDS in
VANET (panelSparshSharma, AjayKaul, 2018).
in the most protected manner. To afford security for VANETs, several security methods are
planned, the further most widespread of which is Intrusion Detection Systems (IDSs). IDS has
previously proved its value in the detection of malicious nodes in old-style networks but
smearing the IDS in VANET identical networks is in some way different and challenging due to
its abnormal characteristics such as resource-constrained nodes, the high mobility of nodes,
specific protocols stacks, and standards. Here the author presents a brief summary about the
numerous IDSs, in wide-ranging, to catch the readers well familiar with the idea of IDS
subsequently which a painstaking survey of various IDSs that are propounded for VANETs is
put advancing shadowed by analysing and associating each technique along with advantages and
disadvantages. Approximately simple instructions to be presented for increasing IDSs that have a
potential application in VANET and VANET cloud. The major aim of the author is to identify
foremost trends, open challenges, and upcoming research directions in the placement of IDS in
VANET (panelSparshSharma, AjayKaul, 2018).
SURVEY QUESTIONS
1. What is the need for Creating Usable Security Products for Consumers?
2. What is the need for AI in the field of security?
3. How MANET and VANET are used in intellectual traffic structure?
4. How effective are proactive security mechanisms in the network?
5. Why detection systems are being fooled ?
6. Is the design model is enough to design the IDS system ?
7. How to implement IDS system with Wireless Distributed Heterogeneous network?
8. Why industry control system fail against cyber attacks
9. What is the possibility of identifying patterns of new attacks with high accuracy ?
10. How to identify real-time anomaly-based ids for cyber-attack detection
11. How to track real-time anomaly-based ids for cyber-attack detection
12. Presenting Advancement in IDS with ability of the system with the rapid change in
the network.
13. 13 what are the addition parameter to consider when NXGEN IDS is to be
implemented in the system.
14. To know the factors that are affected while implementing the new security system .
15. what will be the performance of the system after the upgrade ?
16. To know the Rate of increase in the Malware Detection
17. Generate a report on shrinking rate of your security attack
18. To increase the scalable protection to end to end device that are connected
19. To check the efficiency of the system with cross evaluation and distribution
20. How to improve the Activation and Automate security protocols?
1. What is the need for Creating Usable Security Products for Consumers?
2. What is the need for AI in the field of security?
3. How MANET and VANET are used in intellectual traffic structure?
4. How effective are proactive security mechanisms in the network?
5. Why detection systems are being fooled ?
6. Is the design model is enough to design the IDS system ?
7. How to implement IDS system with Wireless Distributed Heterogeneous network?
8. Why industry control system fail against cyber attacks
9. What is the possibility of identifying patterns of new attacks with high accuracy ?
10. How to identify real-time anomaly-based ids for cyber-attack detection
11. How to track real-time anomaly-based ids for cyber-attack detection
12. Presenting Advancement in IDS with ability of the system with the rapid change in
the network.
13. 13 what are the addition parameter to consider when NXGEN IDS is to be
implemented in the system.
14. To know the factors that are affected while implementing the new security system .
15. what will be the performance of the system after the upgrade ?
16. To know the Rate of increase in the Malware Detection
17. Generate a report on shrinking rate of your security attack
18. To increase the scalable protection to end to end device that are connected
19. To check the efficiency of the system with cross evaluation and distribution
20. How to improve the Activation and Automate security protocols?
CHAPTER 3
3. TECHNOLOGY
In today’s business world, cybersecurity is a critical issue. It is the protection of computer
systems from disruption or misdirection of the services. It refers to the structure of technologies
and processes which is designed to protect networks, devices, data and programs from attacks or
unauthorized access. Cybertrap is the next evolution of cyber security which offers an advanced
level of deception technology. It traps malicious access into its digital environment. The Next-
Generation Intrusion Prevention Server (NGIPS) provides protection from threats that blocks
intrusions and safeguards the things which are valuable. Also, Next Generation Intrusion
Detection Server (NGIDS) will detect the vulnerabilities occurs in the networks and devices.
Some benefits of Next-Generation Intrusion Prevention Server (NGIPS) are (Jean Philippe
Condomines, et al., 2018).
1. It will detect intrusions in which traditional Intrusion Prevention Servers can’t see
2. It has 30% faster Resolution time
3. It will increase the Analyst Efficiency
4. It will shrink your security stack
5. Also adapts as your needs change
3.1 INTRUSION PREVENTION SERVER (IPS) VS INTRUSION DETECTION SERVER
(IDS)
IDS and IPS servers work under both network-based and host-based. The problem with
intrusion detection servers it doesn’t stop the attacks from happening. It will only detect the
attacks that are happened in the network. But the intrusion prevention server will identify the
3. TECHNOLOGY
In today’s business world, cybersecurity is a critical issue. It is the protection of computer
systems from disruption or misdirection of the services. It refers to the structure of technologies
and processes which is designed to protect networks, devices, data and programs from attacks or
unauthorized access. Cybertrap is the next evolution of cyber security which offers an advanced
level of deception technology. It traps malicious access into its digital environment. The Next-
Generation Intrusion Prevention Server (NGIPS) provides protection from threats that blocks
intrusions and safeguards the things which are valuable. Also, Next Generation Intrusion
Detection Server (NGIDS) will detect the vulnerabilities occurs in the networks and devices.
Some benefits of Next-Generation Intrusion Prevention Server (NGIPS) are (Jean Philippe
Condomines, et al., 2018).
1. It will detect intrusions in which traditional Intrusion Prevention Servers can’t see
2. It has 30% faster Resolution time
3. It will increase the Analyst Efficiency
4. It will shrink your security stack
5. Also adapts as your needs change
3.1 INTRUSION PREVENTION SERVER (IPS) VS INTRUSION DETECTION SERVER
(IDS)
IDS and IPS servers work under both network-based and host-based. The problem with
intrusion detection servers it doesn’t stop the attacks from happening. It will only detect the
attacks that are happened in the network. But the intrusion prevention server will identify the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
attacks and stops it and also prevents from its happening. Intrusion detection system is just like
an alarm to detect the attacks and potential threats which occur in the network or host. It will
raise the awareness for the users. The intrusion prevention server (IPS) is similar to an intrusion
detection server (IDS), except that it can protect from attacks and blocks from potential threats.
The IDS can monitor, log and report the activities, likewise, IPS has the capability of stopping
threats without anyone getting involved. If an IPS is not working properly, it can create more
traffic in the network (Khalvati, L. et al., 2018).
3.2 NEXT GENERATION INTRUSION DETECTION SERVER (NGIDS)
The Next Generation IDS is to detect a wide variety of network-based attacks such as
Malware attacks, worms, web attacks, scan attacks, Brute force attacks, Denial-of-service attacks
etc. It monitors traffic and system events and determines whether an event is an intrusion or not
(Latika Mehrotra, et al., 2018).
3.2.1 Requirements for an NGIDS
Behaviour-based analysis
Abdication of a learning phase
No payload evaluation
Network-based evaluation and use of agents
Cross-evaluation and distribution
Active and automated prevention
an alarm to detect the attacks and potential threats which occur in the network or host. It will
raise the awareness for the users. The intrusion prevention server (IPS) is similar to an intrusion
detection server (IDS), except that it can protect from attacks and blocks from potential threats.
The IDS can monitor, log and report the activities, likewise, IPS has the capability of stopping
threats without anyone getting involved. If an IPS is not working properly, it can create more
traffic in the network (Khalvati, L. et al., 2018).
3.2 NEXT GENERATION INTRUSION DETECTION SERVER (NGIDS)
The Next Generation IDS is to detect a wide variety of network-based attacks such as
Malware attacks, worms, web attacks, scan attacks, Brute force attacks, Denial-of-service attacks
etc. It monitors traffic and system events and determines whether an event is an intrusion or not
(Latika Mehrotra, et al., 2018).
3.2.1 Requirements for an NGIDS
Behaviour-based analysis
Abdication of a learning phase
No payload evaluation
Network-based evaluation and use of agents
Cross-evaluation and distribution
Active and automated prevention
3.3 NEXT GENERATION INTRUSION PREVENTION SERVER (NGIPS):
The next generation intrusion prevention servers (NGIPS) take a boom in the years
between 2011 and 2015. These technologies have emerged as a minimum baseline control for the
internal network. It includes the features like user control and application. It provides wide
coverage of network communication protocols to detect various kinds of attacks and application
to set the limited services of an application about the usage of the users. Also, it provides user
control, to allow a limited number of people to access the application. It also includes extensive
coverage of network protocols, contextual awareness and content awareness. It performs
advanced threat protection and actionable threat intelligence on sperm, phishing, malicious
websites, malware detections, embedded IP-based and etc. It also integrates with sandboxing
analysis which is an important feature included in NGIPS (Latika Mehrotra, et al., 2018).
3.3.1 Key Components
Some of the key components that differentiate NGIPS from traditional IPS are Threat
Intelligence, Application Control, Intrusion Prevention System and some form of File analysis
engine. These will work together to form multiple layers of specialized control. A good NGIPS
will provide protection and relief from the immediate need to patch affected systems. The
NGIPS must catch refined attacks while producing as few false positives as possible (Mohamad
Nazrin Napiah, et al., 2018).
3.3.2 Use Cases
Some of the use cases that are included in NGIPS are
Effectiveness, performance and openness
Compliance and Segmentation Security
The next generation intrusion prevention servers (NGIPS) take a boom in the years
between 2011 and 2015. These technologies have emerged as a minimum baseline control for the
internal network. It includes the features like user control and application. It provides wide
coverage of network communication protocols to detect various kinds of attacks and application
to set the limited services of an application about the usage of the users. Also, it provides user
control, to allow a limited number of people to access the application. It also includes extensive
coverage of network protocols, contextual awareness and content awareness. It performs
advanced threat protection and actionable threat intelligence on sperm, phishing, malicious
websites, malware detections, embedded IP-based and etc. It also integrates with sandboxing
analysis which is an important feature included in NGIPS (Latika Mehrotra, et al., 2018).
3.3.1 Key Components
Some of the key components that differentiate NGIPS from traditional IPS are Threat
Intelligence, Application Control, Intrusion Prevention System and some form of File analysis
engine. These will work together to form multiple layers of specialized control. A good NGIPS
will provide protection and relief from the immediate need to patch affected systems. The
NGIPS must catch refined attacks while producing as few false positives as possible (Mohamad
Nazrin Napiah, et al., 2018).
3.3.2 Use Cases
Some of the use cases that are included in NGIPS are
Effectiveness, performance and openness
Compliance and Segmentation Security
System Hardening
Protecting Dynamic Workloads
Separation of Duties
3.3.3 Features and advantages
On-time Contextual Awareness
Advanced Threat Protection
Global threat intelligence
Intelligent security automation
High-performance appliances
Networking and security features
Scalable protection
Simplified Threat Management
3.3.4 Technologies and Resources
Server intrusions are now become to be a very normal thing in the day to day life.
According to the recent survey, it is found that the industries are getting affected by phishing
attacks and now another new intrusion is expected to spoil around 9billion by the end of 2018.
Below are the various types of security tools which are used in IDS and IPS to find the third
party intrusions before they damage anything (Mohammed Hasan Ali, et al., 2018).
3.3.4 .1 McAfee Network Security Plan
This network plan offers you to block any type of malware and also helps to target the
advanced attacks on the network. This provides an extended protection beyond the IPS signature
Protecting Dynamic Workloads
Separation of Duties
3.3.3 Features and advantages
On-time Contextual Awareness
Advanced Threat Protection
Global threat intelligence
Intelligent security automation
High-performance appliances
Networking and security features
Scalable protection
Simplified Threat Management
3.3.4 Technologies and Resources
Server intrusions are now become to be a very normal thing in the day to day life.
According to the recent survey, it is found that the industries are getting affected by phishing
attacks and now another new intrusion is expected to spoil around 9billion by the end of 2018.
Below are the various types of security tools which are used in IDS and IPS to find the third
party intrusions before they damage anything (Mohammed Hasan Ali, et al., 2018).
3.3.4 .1 McAfee Network Security Plan
This network plan offers you to block any type of malware and also helps to target the
advanced attacks on the network. This provides an extended protection beyond the IPS signature
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
mapping technique with a signature-less technology which fights against the new intrusions. This
provides prevention and threat solution to protect both system and data of the organization in
their data warehouse (Ravi Kiran, P. et al., 2018).
McAfee Network Security plan could be defined by a reference guide – “ Network Security
Platform Quick Tour” which helps you to understand the overview of how to use and manipulate
NSP policy.
Intrusions of any third party will first get your basic details of credit card and send you unwanted
programs and the intruders will launch attacks via the internet and inject Trojans into your
system to hack all the confidential data. This security plan will protect the data from any kind of
network intrusions that is happening to your system or organization (Nagaraju, S. Sudhakara
Reddy, P. 2018).
3.3.4.2 Trend Micro Tipping Point
TippingPoint IPS have offered a very good protection against threats and evasive targeted
attacks with high accuracy. Using techniques like deep packet inspection, threat reputation and
malware analysis, this provides an effective way of security. This mainly used to pinpoint, track
and block the suspicious activities that are prevailing in the network to stop the free movement of
the malware and ensure that the available network enhanced its performance. This could be
installed without IP address and it is easy to remove the suspicious activity prevailing in the
system. This normally gives protection to the entire network system and making it away from
intrusions. This is considered to control or monitor the incoming and outgoing network traffic
from different countries (Samarjeet Borah, et al., 2018).
provides prevention and threat solution to protect both system and data of the organization in
their data warehouse (Ravi Kiran, P. et al., 2018).
McAfee Network Security plan could be defined by a reference guide – “ Network Security
Platform Quick Tour” which helps you to understand the overview of how to use and manipulate
NSP policy.
Intrusions of any third party will first get your basic details of credit card and send you unwanted
programs and the intruders will launch attacks via the internet and inject Trojans into your
system to hack all the confidential data. This security plan will protect the data from any kind of
network intrusions that is happening to your system or organization (Nagaraju, S. Sudhakara
Reddy, P. 2018).
3.3.4.2 Trend Micro Tipping Point
TippingPoint IPS have offered a very good protection against threats and evasive targeted
attacks with high accuracy. Using techniques like deep packet inspection, threat reputation and
malware analysis, this provides an effective way of security. This mainly used to pinpoint, track
and block the suspicious activities that are prevailing in the network to stop the free movement of
the malware and ensure that the available network enhanced its performance. This could be
installed without IP address and it is easy to remove the suspicious activity prevailing in the
system. This normally gives protection to the entire network system and making it away from
intrusions. This is considered to control or monitor the incoming and outgoing network traffic
from different countries (Samarjeet Borah, et al., 2018).
This is also considered to have high standby capability in prevention. Appliance failover is
complete without any manual intervention. This provides rate shaping to prioritize traffic flows
in the network (Seung Hyun Kim, et al., 2018).
Deep security prevention will also have a threat intelligence which will have a track on the
threats which are prevailing in the network and also have cloud integration to have a detailed
description of the software attack and its IP details.
3.3.4.3 Darktrace Enterprise Immune System
Darktrace Enterprise Immune System was inspired by a human immune system which is
an AI basically. This new class of technology will help the organizations to protect themselves in
a different fundamental way by providing new techniques which are followed in machine
learning. The main advantage of this is that the attacks are noted automatically and it is not
required any previous experience in potential threating. This works automatically with
knowledge or sign, when attacked to intrusion, it will automatically raise walls against them.
This method is considered to be innovative as it deals with a number of issues. As it does not
have the habit of capturing the existing attack or threat, i.e“ no known threat”, this does not
detect existing known attacks. This method is widely used across large enterprises (Seung Hyun
Kim, et al., 2018).
3.3.4 .4 NSFocus
NSFocus offers a wide range of network security to large enterprises and also helps in
providing a solution to network threats. This offers a hybrid distributed denial of service (DDoS)
which is widely used by all organizations. This also helps in protecting the system or server or
complete without any manual intervention. This provides rate shaping to prioritize traffic flows
in the network (Seung Hyun Kim, et al., 2018).
Deep security prevention will also have a threat intelligence which will have a track on the
threats which are prevailing in the network and also have cloud integration to have a detailed
description of the software attack and its IP details.
3.3.4.3 Darktrace Enterprise Immune System
Darktrace Enterprise Immune System was inspired by a human immune system which is
an AI basically. This new class of technology will help the organizations to protect themselves in
a different fundamental way by providing new techniques which are followed in machine
learning. The main advantage of this is that the attacks are noted automatically and it is not
required any previous experience in potential threating. This works automatically with
knowledge or sign, when attacked to intrusion, it will automatically raise walls against them.
This method is considered to be innovative as it deals with a number of issues. As it does not
have the habit of capturing the existing attack or threat, i.e“ no known threat”, this does not
detect existing known attacks. This method is widely used across large enterprises (Seung Hyun
Kim, et al., 2018).
3.3.4 .4 NSFocus
NSFocus offers a wide range of network security to large enterprises and also helps in
providing a solution to network threats. This offers a hybrid distributed denial of service (DDoS)
which is widely used by all organizations. This also helps in protecting the system or server or
network from advanced persistent threats (APTs). The products from NSFocus are majorly
concentrated on threat intelligence so organizations are empowered with a smart and simple way
of attaching detection. They also provide services on a long-term scale for the protection of
organizations data. They provide a server for almost 8000 plus customers all over the world. This
will maximize the availability and security and trust made to the threat detection activity (Shawq
Malik Mehibs et al., 2018).
They also have products which detect the traffic which is prevailing in the network. They also
provide threat protection services as all the products are oriented to detect threats. They discover
and block the intrusions happening in the network. They also give security feature which will
help you to be online and also helps in traffic prioritization and shaping to ensure bandwidth for
crucial customers (Tarfa Hamed, et al., 2018).
This monitors the overall traffic by collecting and analyzing the traffic data. This helps the
networks to enable the network administrators to have a programmatic approach to the traffic
load and trends to use the network application resources. This monitors the traffic by defined
subnets and key servers.
This will provide them with a detailed information about the data which are analyzed from the
total traffic volume. Correlation analysis will be performed for objects which are of different
dimensions and in order to provide clarity of the network composition. With a very minimum
granular analysis of about 30 sec, it is capable of reflecting and detecting the network traffic
prevailing in real time. This system prevention also provides analysis on data storage for a year
or so. They generally rely on long-term data or analysis on a historical data. This can track the
traffic distributed across the network in specific with time, region and the direction of flow. This
concentrated on threat intelligence so organizations are empowered with a smart and simple way
of attaching detection. They also provide services on a long-term scale for the protection of
organizations data. They provide a server for almost 8000 plus customers all over the world. This
will maximize the availability and security and trust made to the threat detection activity (Shawq
Malik Mehibs et al., 2018).
They also have products which detect the traffic which is prevailing in the network. They also
provide threat protection services as all the products are oriented to detect threats. They discover
and block the intrusions happening in the network. They also give security feature which will
help you to be online and also helps in traffic prioritization and shaping to ensure bandwidth for
crucial customers (Tarfa Hamed, et al., 2018).
This monitors the overall traffic by collecting and analyzing the traffic data. This helps the
networks to enable the network administrators to have a programmatic approach to the traffic
load and trends to use the network application resources. This monitors the traffic by defined
subnets and key servers.
This will provide them with a detailed information about the data which are analyzed from the
total traffic volume. Correlation analysis will be performed for objects which are of different
dimensions and in order to provide clarity of the network composition. With a very minimum
granular analysis of about 30 sec, it is capable of reflecting and detecting the network traffic
prevailing in real time. This system prevention also provides analysis on data storage for a year
or so. They generally rely on long-term data or analysis on a historical data. This can track the
traffic distributed across the network in specific with time, region and the direction of flow. This
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
also helps data centers and other institutions to gain a deep understanding of the business
demands and have a decision made based on the network traffic (Shawq Malik Mehibs et al.,
2018).
3.3.4 .5 H3C SecBlade IPS
This is another type of high-performance intrusion prevention model for the H3C switch
and SR routers. This integrates the functions like intruder detection, intruder prevention, virus
sorting and allocation bandwidth to the critical systems. This is the technology leading integrated
intrusion to discover and prevent the intrusion systems. This can perform Layer 4 to 7 depth
analysis and detection and therefore preventing the network attacks such as Trojans, malware
etc. Hence this IPS offers a complete protection of the system, network and infrastructure of the
applications (Tarfa Hamed, et al., 2018).
H3C IPS Guide explains the audience of the intrusion and also about the conventions which
describe the keywords that need to be maintained. The audiences consist of network organizers,
technical support people and service engineers and also the network administrators working on
H3C intrusion system
3.3.4 .6 Frequently used conventions
Convention Description
Boldface Bold text tells about the instructions and keywords that you need to go in
exactly as shown.
Italic Italic text explains about the parameters that you swap with genuine
values.
[ ] Square brackets enclose selections (keywords or point of view).
{ x | y | ... } Braces given with required syntax choices parted by perpendicular blocks,
demands and have a decision made based on the network traffic (Shawq Malik Mehibs et al.,
2018).
3.3.4 .5 H3C SecBlade IPS
This is another type of high-performance intrusion prevention model for the H3C switch
and SR routers. This integrates the functions like intruder detection, intruder prevention, virus
sorting and allocation bandwidth to the critical systems. This is the technology leading integrated
intrusion to discover and prevent the intrusion systems. This can perform Layer 4 to 7 depth
analysis and detection and therefore preventing the network attacks such as Trojans, malware
etc. Hence this IPS offers a complete protection of the system, network and infrastructure of the
applications (Tarfa Hamed, et al., 2018).
H3C IPS Guide explains the audience of the intrusion and also about the conventions which
describe the keywords that need to be maintained. The audiences consist of network organizers,
technical support people and service engineers and also the network administrators working on
H3C intrusion system
3.3.4 .6 Frequently used conventions
Convention Description
Boldface Bold text tells about the instructions and keywords that you need to go in
exactly as shown.
Italic Italic text explains about the parameters that you swap with genuine
values.
[ ] Square brackets enclose selections (keywords or point of view).
{ x | y | ... } Braces given with required syntax choices parted by perpendicular blocks,
from which you need to select one.
[ x | y | ... ] Square brackets given with of noncompulsory arrangement choices
detached by upright blocks, since which you need to handpicked unique or
nothing.
{ x | y | ... } * Asterisk marked braces given with a group of necessary syntax picks
separated by erect bars, in which you choose at least one.
3.3.4 .7 GUI conventions
Convention Description
Boldface Window names, key names, field names, and set menu items are given in
Boldface. For example, the Fresh User opening appears; tick OK.
> Multi-level menus are parted by position brackets. For example,
File>Create>Folder.
3.3.4 .8 Symbols
Convention Description
Worth reader is tremendously careful. Inappropriate operation shall cause
physical injury.
3.3.4 .9 Network topology icons
Convention Description
[ x | y | ... ] Square brackets given with of noncompulsory arrangement choices
detached by upright blocks, since which you need to handpicked unique or
nothing.
{ x | y | ... } * Asterisk marked braces given with a group of necessary syntax picks
separated by erect bars, in which you choose at least one.
3.3.4 .7 GUI conventions
Convention Description
Boldface Window names, key names, field names, and set menu items are given in
Boldface. For example, the Fresh User opening appears; tick OK.
> Multi-level menus are parted by position brackets. For example,
File>Create>Folder.
3.3.4 .8 Symbols
Convention Description
Worth reader is tremendously careful. Inappropriate operation shall cause
physical injury.
3.3.4 .9 Network topology icons
Convention Description
Characterizes an IPS Product.
Characterizes a general network device, such as a router, control,
or firewall.
Characterizes a routing-capable product, such as a router or
Level 3 switch.
Characterizes a general switch, such as a Level 2 or Level 3
switch, or a router that provisionsLevel 2 forwarding and other
Layer 2 features.
3.3.4 .10 Huawei NIP
The Network Intelligent Police is a new technology which uses session-based intelligence to
make a note on traffic and intruders. NIP has a powerful prevention system which emerges by
combining the dynamic response from the security system of the NIP IDS with a stable security
system. So this will protect the user’s network and servers from external as well as internal
threats. This is especially capable for the institutions with high demand on security measures
such as law enforcement areas, auditing areas and also large-scale enterprises such as net service
providers which has sensitive information (Wei-Chao Lin, et al., 2015).
The NIP Manager guide consists of the audience and conventions which are needed to be
followed. The intended audience is the network team, system maintenance and data
configuration team who will have the control over the overall data revolving in organizations
(Xianwei Hu, et al., 2018).
Characterizes a general network device, such as a router, control,
or firewall.
Characterizes a routing-capable product, such as a router or
Level 3 switch.
Characterizes a general switch, such as a Level 2 or Level 3
switch, or a router that provisionsLevel 2 forwarding and other
Layer 2 features.
3.3.4 .10 Huawei NIP
The Network Intelligent Police is a new technology which uses session-based intelligence to
make a note on traffic and intruders. NIP has a powerful prevention system which emerges by
combining the dynamic response from the security system of the NIP IDS with a stable security
system. So this will protect the user’s network and servers from external as well as internal
threats. This is especially capable for the institutions with high demand on security measures
such as law enforcement areas, auditing areas and also large-scale enterprises such as net service
providers which has sensitive information (Wei-Chao Lin, et al., 2015).
The NIP Manager guide consists of the audience and conventions which are needed to be
followed. The intended audience is the network team, system maintenance and data
configuration team who will have the control over the overall data revolving in organizations
(Xianwei Hu, et al., 2018).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
3.3.4.11 Symbol Conventions
The symbols and the description of their conversions are given below.
Symbol Description
It shows a danger state when the system condition is serious or
it should avoid or prevent any intrusion to the system.
It shows a warning symbol when the system is yet to face any
serious conditions or which should be avoided before any
critical damage.
It shows a caution symbol when the system condition is unsafe
and which it should be avoided or resulted in damage.
It shows a notice symbol when the system is in harmful
condition and if it not checked and avoided it may result in a
serious damage, loss of information, lower performance and
unexpected results.
3.3.4 .12 Command Resolutions:
Convention Description
Boldface The keywords of a command line are in boldface.
The symbols and the description of their conversions are given below.
Symbol Description
It shows a danger state when the system condition is serious or
it should avoid or prevent any intrusion to the system.
It shows a warning symbol when the system is yet to face any
serious conditions or which should be avoided before any
critical damage.
It shows a caution symbol when the system condition is unsafe
and which it should be avoided or resulted in damage.
It shows a notice symbol when the system is in harmful
condition and if it not checked and avoided it may result in a
serious damage, loss of information, lower performance and
unexpected results.
3.3.4 .12 Command Resolutions:
Convention Description
Boldface The keywords of a command line are in boldface.
Convention Description
Italic Command arguments are in italics.
[ ] Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... } Elective items are assembled in braces and parted by vertical
bars. One piece is selected.
[ x | y | ... ] Elective items are gathered in brackets and parted by vertical
bars. One piece is selected or no article is selected.
{ x | y | ... } * Elective items are gathered in braces and parted by vertical
bars. A smallest of one item or extreme of all items can be
carefully chosen.
[ x | y | ... ] * Elective items are assembled in brackets and parted by vertical
bars. Numerous items or no item can be nominated.
3.3.4.13 GUI Conventions
The GUI conventions that might originate in this document are defined as follows.
Convention Description
Boldface Switches, list of options, restrictions, tabs, window and dialog
headings are in boldface. For example, SelectOK.
> Multi-level set menu is in boldface and part by the ">" signs.
Italic Command arguments are in italics.
[ ] Items (keywords or arguments) in brackets [ ] are optional.
{ x | y | ... } Elective items are assembled in braces and parted by vertical
bars. One piece is selected.
[ x | y | ... ] Elective items are gathered in brackets and parted by vertical
bars. One piece is selected or no article is selected.
{ x | y | ... } * Elective items are gathered in braces and parted by vertical
bars. A smallest of one item or extreme of all items can be
carefully chosen.
[ x | y | ... ] * Elective items are assembled in brackets and parted by vertical
bars. Numerous items or no item can be nominated.
3.3.4.13 GUI Conventions
The GUI conventions that might originate in this document are defined as follows.
Convention Description
Boldface Switches, list of options, restrictions, tabs, window and dialog
headings are in boldface. For example, SelectOK.
> Multi-level set menu is in boldface and part by the ">" signs.
Convention Description
For example, choose File>Create>Folder.
3.3.4 .14 Cisco Firepower NGIPS
Cisco Firepower NGIPS provides a real-time contextual awareness on the fact that if you can’t
see, you can’t protect them. They also provide advanced threat protection via a fully integrated
malware protection and sandboxing the solutions. They correlate the threats with an intended
vulnerability of targets to shortlist the threat which is mostly used. The Firepower is used to stop
both known and unknown threats and also increases the time spent in the detection of threats
(Xianwei Hu, et al., 2018).
CHAPTER 4
4. APPROACH
For example, choose File>Create>Folder.
3.3.4 .14 Cisco Firepower NGIPS
Cisco Firepower NGIPS provides a real-time contextual awareness on the fact that if you can’t
see, you can’t protect them. They also provide advanced threat protection via a fully integrated
malware protection and sandboxing the solutions. They correlate the threats with an intended
vulnerability of targets to shortlist the threat which is mostly used. The Firepower is used to stop
both known and unknown threats and also increases the time spent in the detection of threats
(Xianwei Hu, et al., 2018).
CHAPTER 4
4. APPROACH
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Intrusion Detection server (or) system is simply referred to as “ IDS” which helps in
improving the security level of traffic prevailing in networks and also helps in monitoring
suspicious data. IPS (Intrusion Prevention Server (or) System) is again used for the same purpose
wherein IDS detects the Trojan and IPS protects the server from it (panelSparshSharma,
AjayKaul, 2018) (Praneeth Nskh, et al., 2016).
There are different types of approaches that are being used in IDS and IPS and below are the
details of few approaches that are widely used in day-to-day life.
3.1 Rule-based Expert System
This is a commonly used in IDS. This method could be used in both glitch detection
system and mistreatment detection system. There are 3 main components used in this system
and they are (Basant Subba, et al., 2016),
Facts base: Contains pre-processed audit records
Rules Base system: Contains rules prevailing in intrusions
Inference or deduction engine: Contains necessary details to
identify an intrusion.
The following is the famously used sysntax: “Prolog-like syntax “mainly used in
detection :
Buffer overflow attack
audit_typ(Y, "execution"),
audit_userid(Y, Uid1, Uid2),
improving the security level of traffic prevailing in networks and also helps in monitoring
suspicious data. IPS (Intrusion Prevention Server (or) System) is again used for the same purpose
wherein IDS detects the Trojan and IPS protects the server from it (panelSparshSharma,
AjayKaul, 2018) (Praneeth Nskh, et al., 2016).
There are different types of approaches that are being used in IDS and IPS and below are the
details of few approaches that are widely used in day-to-day life.
3.1 Rule-based Expert System
This is a commonly used in IDS. This method could be used in both glitch detection
system and mistreatment detection system. There are 3 main components used in this system
and they are (Basant Subba, et al., 2016),
Facts base: Contains pre-processed audit records
Rules Base system: Contains rules prevailing in intrusions
Inference or deduction engine: Contains necessary details to
identify an intrusion.
The following is the famously used sysntax: “Prolog-like syntax “mainly used in
detection :
Buffer overflow attack
audit_typ(Y, "execution"),
audit_userid(Y, Uid1, Uid2),
audit_parameters(Y, Length,_,_),
Lengh> PARAMETER_NORMAL_LENGTH,
param_non_printable(X).
In general, this detection approach uses 3 different algorithms:
Classification: Categorizing the data into specific groups like abnormal and
normal.
Link Analysis: Analyzing the link between various factors in audit info.
Sequence analysis: Modelling the audit data in a sequential order.
4.2 State Transition analysis
This study was established little years back by means of the Dependable Software
collection of individuals in California. This is based on premise that all the intrusions will have
these 2 characteristics: an intruder will get admission to a target organization in one or other way
and intrusion will marks in attainment by the intruder some capabilities which he did not have
before (panelSparshSharma, AjayKaul, 2018). This approach follows the below steps:
Connect to the TCP port number 244
Lengh> PARAMETER_NORMAL_LENGTH,
param_non_printable(X).
In general, this detection approach uses 3 different algorithms:
Classification: Categorizing the data into specific groups like abnormal and
normal.
Link Analysis: Analyzing the link between various factors in audit info.
Sequence analysis: Modelling the audit data in a sequential order.
4.2 State Transition analysis
This study was established little years back by means of the Dependable Software
collection of individuals in California. This is based on premise that all the intrusions will have
these 2 characteristics: an intruder will get admission to a target organization in one or other way
and intrusion will marks in attainment by the intruder some capabilities which he did not have
before (panelSparshSharma, AjayKaul, 2018). This approach follows the below steps:
Connect to the TCP port number 244
Perform “ Form set” command which will do a factory reset for the server
The system will reboot and this could be done by some of the other attaches.
Perform a "Z" command. This will login and ask for the super-user password. As
the server is factory reset, this option will be eliminated and the attacker will get
the system.
4.3 Bayesian alarm networks
This is a new approach which is very often used with autonomous agents. This is a
focused acyclic graph that represents probability distribution for a large set of variables. This arcs
will describe the stochastic parent-child dependences between two nodes. These nodes represent
the stochastic variables which are either normal or abnormal. This idea fits pretty well with IDS
which deals with a huge amount of dependent variables and meaningfully shortens intrusion
situations illustration (panelSparshSharma, AjayKaul, 2018).
Figure 1. Intrusion Detection System approach
4.4 Host Based intrusion
The system will reboot and this could be done by some of the other attaches.
Perform a "Z" command. This will login and ask for the super-user password. As
the server is factory reset, this option will be eliminated and the attacker will get
the system.
4.3 Bayesian alarm networks
This is a new approach which is very often used with autonomous agents. This is a
focused acyclic graph that represents probability distribution for a large set of variables. This arcs
will describe the stochastic parent-child dependences between two nodes. These nodes represent
the stochastic variables which are either normal or abnormal. This idea fits pretty well with IDS
which deals with a huge amount of dependent variables and meaningfully shortens intrusion
situations illustration (panelSparshSharma, AjayKaul, 2018).
Figure 1. Intrusion Detection System approach
4.4 Host Based intrusion
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
This intrusion involves individual hosts mainly servers. They will monitor the hard drive and
mutually the incoming and outgoing packets and constantly comparing this with the pre-created
copy of the victim and the host’s packet flow. This idea would be seen as a malicious change. It
monitors both the logical contents of the host’s activity as well as the victim
(panelSparshSharma, AjayKaul, 2018).
4.5 Application Based intrusion
This intrusion is not only for the application but for everything around the host. This
approach monitors almost everything that comes in the way of application. This technique is
mainly used for crucial functions of an organization as because the potential consequences of
attacking is high in these operations (panelSparshSharma, AjayKaul, 2018).
4.6 Network-Based Intrusion
This helps for intruding still further using network or subnetwork. They are more general and
they could be missed as it is taking all the data in the network (panelSparshSharma, AjayKaul,
2018).
4.7 Anomaly-based intrusion
This is also termed to be behaviour-based intrusion as they track the activity of specific
malicious behaviour in system or server. For instance, an outbound URL’s of web activity and
URL’s length or content automatically be blocked. Though it is not a malware, that user tends to
have a business- legitimate reason for the intrusion (panelSparshSharma, AjayKaul, 2018).
4.8 Signature-based intrusion
This also tends to be termed as “Knowledge-based intrusion” as this involves a specific type of
byte combinations. These solutions will give a positive solution than an anomaly based solution
because the search is very specific in nature. These also cover signatures which are searched in
mutually the incoming and outgoing packets and constantly comparing this with the pre-created
copy of the victim and the host’s packet flow. This idea would be seen as a malicious change. It
monitors both the logical contents of the host’s activity as well as the victim
(panelSparshSharma, AjayKaul, 2018).
4.5 Application Based intrusion
This intrusion is not only for the application but for everything around the host. This
approach monitors almost everything that comes in the way of application. This technique is
mainly used for crucial functions of an organization as because the potential consequences of
attacking is high in these operations (panelSparshSharma, AjayKaul, 2018).
4.6 Network-Based Intrusion
This helps for intruding still further using network or subnetwork. They are more general and
they could be missed as it is taking all the data in the network (panelSparshSharma, AjayKaul,
2018).
4.7 Anomaly-based intrusion
This is also termed to be behaviour-based intrusion as they track the activity of specific
malicious behaviour in system or server. For instance, an outbound URL’s of web activity and
URL’s length or content automatically be blocked. Though it is not a malware, that user tends to
have a business- legitimate reason for the intrusion (panelSparshSharma, AjayKaul, 2018).
4.8 Signature-based intrusion
This also tends to be termed as “Knowledge-based intrusion” as this involves a specific type of
byte combinations. These solutions will give a positive solution than an anomaly based solution
because the search is very specific in nature. These also cover signatures which are searched in
the databases. This is considered to be a novel attack which has great success
(panelSparshSharma, AjayKaul, 2018).
4.9 Stateful Protocol Analysis
This is the procedure of associating programmed profiles of accepted definitions of protocol
activity. This relays on the vendor-developed universal profiles for intruding the servers. The
stateful protocol study is capable of understanding and tracking the network, transport and
application protocols which are in motion state. This can also recognize sudden orders of
instructions such as when the user gives repetitive commands or issuing an independent
command. This method also has checkpoints for individual commands and it typically checks the
username of these commands. The only drawback of this is that these are very resource intended
intrusion because this needs a complete analysis and it is bit complex when performed on a large
scale (panelSparshSharma, AjayKaul, 2018).
4.10 Traffic Flooding
An inventive technique of system intrusion basically marks system intrusion recognition
structures by generating traffic piles too dense for the system to passably shade. This resulted in
overfilled and disordered system environment, invaders can occasionally execute an unnoticed
violence and even activate an unnoticed "fail-open" complaint (Nathan Shone, 2018).
4.11 Protocol-Specific Attacks
When executing network activities, devices follow precise instructions and measures. These
protocols such as ARP, TCP in addition to other application protocols—may unintentionally give
starts for system intrusions via protocol impression ("spoofing") or deformed protocol messages.
For instance, Address Resolution Protocol not accomplish verification on mails, allowing
invaders to implement "man-in-the-middle" assaults. Protocol-specific attacks can easily
(panelSparshSharma, AjayKaul, 2018).
4.9 Stateful Protocol Analysis
This is the procedure of associating programmed profiles of accepted definitions of protocol
activity. This relays on the vendor-developed universal profiles for intruding the servers. The
stateful protocol study is capable of understanding and tracking the network, transport and
application protocols which are in motion state. This can also recognize sudden orders of
instructions such as when the user gives repetitive commands or issuing an independent
command. This method also has checkpoints for individual commands and it typically checks the
username of these commands. The only drawback of this is that these are very resource intended
intrusion because this needs a complete analysis and it is bit complex when performed on a large
scale (panelSparshSharma, AjayKaul, 2018).
4.10 Traffic Flooding
An inventive technique of system intrusion basically marks system intrusion recognition
structures by generating traffic piles too dense for the system to passably shade. This resulted in
overfilled and disordered system environment, invaders can occasionally execute an unnoticed
violence and even activate an unnoticed "fail-open" complaint (Nathan Shone, 2018).
4.11 Protocol-Specific Attacks
When executing network activities, devices follow precise instructions and measures. These
protocols such as ARP, TCP in addition to other application protocols—may unintentionally give
starts for system intrusions via protocol impression ("spoofing") or deformed protocol messages.
For instance, Address Resolution Protocol not accomplish verification on mails, allowing
invaders to implement "man-in-the-middle" assaults. Protocol-specific attacks can easily
negotiate or even smash directed devices on a web (panelSparshSharma, AjayKaul, 2018).
4.12 IPS exceptions
We can list two types of exceptions that define sources and destinations of traffic that will be
omitted from the IPS.
4.12.1 Excluded IP addresses
The IP addresses involved indefinite network entities can be omitted from the IPS. In
specific, non-HTTP traffic whose source or destination is an IP discourse tangled in the network
objects registered in the universal IPS exclusion list and HTTP stream of traffic whose source is
an IP statement incorporated in these web units will not be skim through or in any method
exaggerated by the IPS. The network objects incorporated in this grade may be CPUs, computer
groups, webs, network circles, subnets, and IP discourse ranges (panelSparshSharma, AjayKaul,
2018).
4.12.2 Omitted field name sets.
An incline of field name groups can also be omitted from the IPS. HTTP traffic sent to
destinations incorporated in the domain name sets in this list will not be examined or in any
method exaggerated by the IPS (panelSparshSharma, AjayKaul, 2018).
4.13 HOST INTERRUPTION PRECLUSION SYSTEMS (HIPS)
A host interruption preclusion system (HIPS) is amethod to safety that depends on third-
party software tools to recognize and avoid malicious activities.
4.12 IPS exceptions
We can list two types of exceptions that define sources and destinations of traffic that will be
omitted from the IPS.
4.12.1 Excluded IP addresses
The IP addresses involved indefinite network entities can be omitted from the IPS. In
specific, non-HTTP traffic whose source or destination is an IP discourse tangled in the network
objects registered in the universal IPS exclusion list and HTTP stream of traffic whose source is
an IP statement incorporated in these web units will not be skim through or in any method
exaggerated by the IPS. The network objects incorporated in this grade may be CPUs, computer
groups, webs, network circles, subnets, and IP discourse ranges (panelSparshSharma, AjayKaul,
2018).
4.12.2 Omitted field name sets.
An incline of field name groups can also be omitted from the IPS. HTTP traffic sent to
destinations incorporated in the domain name sets in this list will not be examined or in any
method exaggerated by the IPS (panelSparshSharma, AjayKaul, 2018).
4.13 HOST INTERRUPTION PRECLUSION SYSTEMS (HIPS)
A host interruption preclusion system (HIPS) is amethod to safety that depends on third-
party software tools to recognize and avoid malicious activities.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 2.Host-based IPS
Host-based intrusion preclusion structures are naturally used to shield endpoint
strategies. Once the malicious action is noticed, the HIPS device can yield a diversity of actions,
like directing an alarm to the CPU user, cataloging the malicious action for future examination,
rearranging the connection, leaving malicious packets and blocking the traffic from the
suspicious IP address (Matthew Spicer, 2018).
Some host interference preclusion systems permit users to send logs of malicious activity and
fragments of distrustful code straight to the vendor for analysis and possible identification.
Maximum host interruption prevention systems use recognized violence designs, called
autographs, to identify spiteful movement. Signature-based discovery is actual, however, it can
only guard the host method against recognized assaults. This one cannot defend beside zero-day
spells or autographs that are not previously in the provider’s databank (Nathan Shone, 2018).
The second approach to intrusion detection launches a baseline of standard activity and then
associates with the current action against the baseline. The HIPS looks for irregularities like
deviances in bandwidth, procedures, and ports. Once action varies outside of a suitable range
Host-based intrusion preclusion structures are naturally used to shield endpoint
strategies. Once the malicious action is noticed, the HIPS device can yield a diversity of actions,
like directing an alarm to the CPU user, cataloging the malicious action for future examination,
rearranging the connection, leaving malicious packets and blocking the traffic from the
suspicious IP address (Matthew Spicer, 2018).
Some host interference preclusion systems permit users to send logs of malicious activity and
fragments of distrustful code straight to the vendor for analysis and possible identification.
Maximum host interruption prevention systems use recognized violence designs, called
autographs, to identify spiteful movement. Signature-based discovery is actual, however, it can
only guard the host method against recognized assaults. This one cannot defend beside zero-day
spells or autographs that are not previously in the provider’s databank (Nathan Shone, 2018).
The second approach to intrusion detection launches a baseline of standard activity and then
associates with the current action against the baseline. The HIPS looks for irregularities like
deviances in bandwidth, procedures, and ports. Once action varies outside of a suitable range
such as a distant request trying to open an ordinarily shut docks an interruption may be in
progress. Though there is an irregularity like an unexpected point in bandwidth user does not
promise a real attack. Thus this method quantities to a cultured estimate and the coincidence for
wrong positives be able to be great (Qingru Li, et al., 2017).
The third public intrusion-detection method uses stateful examination to measure the real
protocols in packs negotiating the network. The examination is called stateful as the malware
inhibition device trails the national of each etiquette. For a sample, it recognizes in what way
TCP and UDP packs be able to or cannot transmit DNS, SMTP, HTTP and other protocols —
and what ideas should or should not be checked within each packet of each protocol. Stateful
protocol analysis gazes for deviations from usual conditions of procedure content and knows
how to standard a likely attack when sudden deviation occurs. In the meantime stateful analysis
is more alert of actual packet contents, the chances for untrue positives are slightly lower than
arithmetical anomaly detection (Qingru Li, et al., 2017).
HIPS products repeatedly focus on just one of the three methods, though numerous approaches
are occasionally used. For illustration, McAfee’s Multitude Interlude Preclusion for Desktop and
Dell’s Accomplished Sensor Invasion Prevention System (IPS) facility are two contributions that
depend on multiple methods for intrusion prevention.
progress. Though there is an irregularity like an unexpected point in bandwidth user does not
promise a real attack. Thus this method quantities to a cultured estimate and the coincidence for
wrong positives be able to be great (Qingru Li, et al., 2017).
The third public intrusion-detection method uses stateful examination to measure the real
protocols in packs negotiating the network. The examination is called stateful as the malware
inhibition device trails the national of each etiquette. For a sample, it recognizes in what way
TCP and UDP packs be able to or cannot transmit DNS, SMTP, HTTP and other protocols —
and what ideas should or should not be checked within each packet of each protocol. Stateful
protocol analysis gazes for deviations from usual conditions of procedure content and knows
how to standard a likely attack when sudden deviation occurs. In the meantime stateful analysis
is more alert of actual packet contents, the chances for untrue positives are slightly lower than
arithmetical anomaly detection (Qingru Li, et al., 2017).
HIPS products repeatedly focus on just one of the three methods, though numerous approaches
are occasionally used. For illustration, McAfee’s Multitude Interlude Preclusion for Desktop and
Dell’s Accomplished Sensor Invasion Prevention System (IPS) facility are two contributions that
depend on multiple methods for intrusion prevention.
CHAPTER 5
5. DESIGN
For achieving the security in data and information there are many methods and plan that
can be implemented. Generally, in all the organization Cisco internetworking model is widely
used due to its scalability, reliability and cost efficiency. It has a three-layer model which helps
in designing, implementing and creating a cost-effective network. Each layer in this model has
its own functionality and features with the high complexity of the network. It supports
hierarchical model to develop the IT infrastructure of an organization can help in minimizing
costs (Sonal Paliwal, et al., 2015).
Design of the network in IT infrastructure is a very larger field and it needs a high level of
knowledge and experience. The Cisco organization model gives all the benefits of a hierarchical
network design on the infrastructure of the campus and provides the design of bigger and more
scalable networks. It provides flexibility in the design of the network and helps in
troubleshooting as well as the implementation of its functionality. Together these sub-modules
provide increased security and flexibility using the access management (Cisco networking
academy, 2014).
The network design with the hierarchical model provides a solution for the complex problem of
the network into smaller and manageable one. Each different layer in the design will sort out
some set of problems. This method helps the designer to change the hardware and the software to
do some methods. So Cisco provides a three-tier hierarchical model for the enterprise (Cisco
networking academy, 2014).
The Cisco hierarchical internetworking model consists of three layers namely
5. DESIGN
For achieving the security in data and information there are many methods and plan that
can be implemented. Generally, in all the organization Cisco internetworking model is widely
used due to its scalability, reliability and cost efficiency. It has a three-layer model which helps
in designing, implementing and creating a cost-effective network. Each layer in this model has
its own functionality and features with the high complexity of the network. It supports
hierarchical model to develop the IT infrastructure of an organization can help in minimizing
costs (Sonal Paliwal, et al., 2015).
Design of the network in IT infrastructure is a very larger field and it needs a high level of
knowledge and experience. The Cisco organization model gives all the benefits of a hierarchical
network design on the infrastructure of the campus and provides the design of bigger and more
scalable networks. It provides flexibility in the design of the network and helps in
troubleshooting as well as the implementation of its functionality. Together these sub-modules
provide increased security and flexibility using the access management (Cisco networking
academy, 2014).
The network design with the hierarchical model provides a solution for the complex problem of
the network into smaller and manageable one. Each different layer in the design will sort out
some set of problems. This method helps the designer to change the hardware and the software to
do some methods. So Cisco provides a three-tier hierarchical model for the enterprise (Cisco
networking academy, 2014).
The Cisco hierarchical internetworking model consists of three layers namely
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Core layer
Distribution layer and
Access Layer
5.1 CORE LAYER
This layer is considered as a strength of the network and it is needs high-end switches and
cables like fibre. In this layer, there will not be any traffic on the LAN. This layer focuses on the
speed and reliability of the packet transfer. This layer is used for reducing the latency during the
data transfer. While designing the devices in the core layer the following factors should be
considered (Cisco networking academy, 2014).
Cisco switches:
The following switches should be considered during designing the core layer.
7000
7200
7500
12000
Catalyst switches:
The following catalyst switches for LAN should be considered.
6000
4000
5000
5.2 DISTRIBUTION LAYER
Distribution layer and
Access Layer
5.1 CORE LAYER
This layer is considered as a strength of the network and it is needs high-end switches and
cables like fibre. In this layer, there will not be any traffic on the LAN. This layer focuses on the
speed and reliability of the packet transfer. This layer is used for reducing the latency during the
data transfer. While designing the devices in the core layer the following factors should be
considered (Cisco networking academy, 2014).
Cisco switches:
The following switches should be considered during designing the core layer.
7000
7200
7500
12000
Catalyst switches:
The following catalyst switches for LAN should be considered.
6000
4000
5000
5.2 DISTRIBUTION LAYER
In this layer, there are routers and switches based on the LAN. This layer check for the
routing between the subnets and the VLAN in the enterprise. This layer is also known as the
workgroup layer. To perform the routing operation efficiently following policies should be
considered (Cisco networking academy, 2014).
Packet filtering
Quality of Service
Access layer Aggregation Point and
Application Gateways
Routers such as 2600, 4500 and 4000 are considered in the distribution layer.
5.3 ACCESS LAYER
This layer consists of hubs and switches. It is also known as the desktop layer since it does the
connection between the client nodes. So this layer makes sure that the packets are transferred to
the end users. This layer does MAC address filtering, collision domains separation, sharing and
handling the bandwidth (Cisco networking academy, 2014).
routing between the subnets and the VLAN in the enterprise. This layer is also known as the
workgroup layer. To perform the routing operation efficiently following policies should be
considered (Cisco networking academy, 2014).
Packet filtering
Quality of Service
Access layer Aggregation Point and
Application Gateways
Routers such as 2600, 4500 and 4000 are considered in the distribution layer.
5.3 ACCESS LAYER
This layer consists of hubs and switches. It is also known as the desktop layer since it does the
connection between the client nodes. So this layer makes sure that the packets are transferred to
the end users. This layer does MAC address filtering, collision domains separation, sharing and
handling the bandwidth (Cisco networking academy, 2014).
Figure 3. Cisco hierarchical internetworking model
Multi-building network design
Figure 4.Multi-building network design
5.4 BENEFITS OF USING CISCO HIERARCHICAL NETWORK MODEL
The major benefits of the Cisco hierarchical network model are used to design the network,
deploy the network and to maintain the scalability and cost efficiency in the network (Cisco
networking academy, 2014).
This model helps to create a high-performance network.
It helps to manage the network and troubleshoot the network.
It provides scalability.
It provides the redundancy in the network.
Multi-building network design
Figure 4.Multi-building network design
5.4 BENEFITS OF USING CISCO HIERARCHICAL NETWORK MODEL
The major benefits of the Cisco hierarchical network model are used to design the network,
deploy the network and to maintain the scalability and cost efficiency in the network (Cisco
networking academy, 2014).
This model helps to create a high-performance network.
It helps to manage the network and troubleshoot the network.
It provides scalability.
It provides the redundancy in the network.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CHAPTER 6
IMPLEMENTATION
The modular network design has been implemented due to the complexity of the network.
This model separates the network design into different functional network modules (Cisco,
2014).
IMPLEMENTATION
The modular network design has been implemented due to the complexity of the network.
This model separates the network design into different functional network modules (Cisco,
2014).
Figure 5. Modular network design
The various modules in the architecture are
Access Distribution module
Service module
Data center module
Enterprise edge module
The various modules in the architecture are
Access Distribution module
Service module
Data center module
Enterprise edge module
Figure 6. Modules in the network design
6.1 Access Distribution module
This module is also known as a distribution block where this module is the most basic
fundamental element in the network design (Cisco, 2014).
6.2 Service module
This module is used to identify the services used in the network namely wireless controllers,
gateways, Access point protocols etc (Cisco, 2014).
6.3 Data center module
This module is also known as a server farm wherein this module they maintain and manage the
data that is needed by the corporate. Employees, administrators, partners and clients rely on the
resources which help to create and interact the data in the data center (Cisco, 2014).
6.1 Access Distribution module
This module is also known as a distribution block where this module is the most basic
fundamental element in the network design (Cisco, 2014).
6.2 Service module
This module is used to identify the services used in the network namely wireless controllers,
gateways, Access point protocols etc (Cisco, 2014).
6.3 Data center module
This module is also known as a server farm wherein this module they maintain and manage the
data that is needed by the corporate. Employees, administrators, partners and clients rely on the
resources which help to create and interact the data in the data center (Cisco, 2014).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
6.4 Enterprise edge module
This module consists of Internet and WAN edge which provides the connection during the voice
and video communication in the corporate (Cisco, 2014).
6.5 IDS AND IPS IN CISCO NETWORK DESIGN
In network design, IDS and IPS take part together to provide a solution to the security of
the network. Intrusion Detection System is used to detect the threat in a real time and analyze the
threat to avoid the threat that is yet to occur by processing the network system using signatures.
This mode of operation is known as a promiscuous mode. During the detection of the network
for the malicious traffic, IDS sends some files to the network to detect the network for the
malicious activities. It creates a copy of the network traffic. The advantage of creating a copy of
the traffic is to not affect the regular packet flow in the network. The disadvantage is that IDS
can only prevent the malicious traffic rather than it cannot stop the malicious traffic. IDS uses
different network devices such as routers and firewalls to detect and response against the
network (Cisco, 2014).
IPS is used for preventing the network inside the network. This mode of securing the networking
is inline mode. The Intrusion Prevention Server in the third and fourth layer in OSI model
monitors the network. They also analyze the second and seventh layer of the OSI model during
the packet transfer for malicious attacks (Vijayarani, S. and Maria Sylviaa, S. 2015).
Cisco Intrusion Prevention System uses many technologies for detecting the server such as
Profile-based intrusion detection
Signature-based intrusion detection and
This module consists of Internet and WAN edge which provides the connection during the voice
and video communication in the corporate (Cisco, 2014).
6.5 IDS AND IPS IN CISCO NETWORK DESIGN
In network design, IDS and IPS take part together to provide a solution to the security of
the network. Intrusion Detection System is used to detect the threat in a real time and analyze the
threat to avoid the threat that is yet to occur by processing the network system using signatures.
This mode of operation is known as a promiscuous mode. During the detection of the network
for the malicious traffic, IDS sends some files to the network to detect the network for the
malicious activities. It creates a copy of the network traffic. The advantage of creating a copy of
the traffic is to not affect the regular packet flow in the network. The disadvantage is that IDS
can only prevent the malicious traffic rather than it cannot stop the malicious traffic. IDS uses
different network devices such as routers and firewalls to detect and response against the
network (Cisco, 2014).
IPS is used for preventing the network inside the network. This mode of securing the networking
is inline mode. The Intrusion Prevention Server in the third and fourth layer in OSI model
monitors the network. They also analyze the second and seventh layer of the OSI model during
the packet transfer for malicious attacks (Vijayarani, S. and Maria Sylviaa, S. 2015).
Cisco Intrusion Prevention System uses many technologies for detecting the server such as
Profile-based intrusion detection
Signature-based intrusion detection and
Protocol analysis intrusion detection
The technologies used by the Intrusion Detection server and the Intrusion Prevention Server is in
the form of sensors, where it can be various network devices such as Router with Cisco IOS IPS
software configuration and Appliance to provide IPS or IDS services (Cisco, 2014).
The technology is used for monitoring the malicious traffic in two areas. It is monitored in the
host and the devices using the Host-based Intrusion Prevention System.
6.6 ATTACK MITIGATION TECHNIQUES
The network design is monitored using the sensors developed by the Cisco. They use
signature-based analysis is used for monitoring the network. There are many possible attacks like
worms, Trojans in the network. By performing the signature analysis the network is detected for
its malicious activities. After analyzing the network, the signatures are stored in the database i.e
Cisco Secure IDS Network Security Database. The sensor regularly compares the incoming
packet with the Network Security Database. If the updates are done regularly then it will be easy
for identifying the data for the attacks (Jesu Jayarin, P. Blessing Solomon, B., 2018).
In case if the signature is matched with the packet then the following process should be followed.
Enabling the event log
Forwarding the event log to the Network Intrusion Detection System manager
Shun the malicious traffic by the dynamic configuration of network devices.
The following mitigation techniques are used for controlling the malicious attacks in the
network.
The technologies used by the Intrusion Detection server and the Intrusion Prevention Server is in
the form of sensors, where it can be various network devices such as Router with Cisco IOS IPS
software configuration and Appliance to provide IPS or IDS services (Cisco, 2014).
The technology is used for monitoring the malicious traffic in two areas. It is monitored in the
host and the devices using the Host-based Intrusion Prevention System.
6.6 ATTACK MITIGATION TECHNIQUES
The network design is monitored using the sensors developed by the Cisco. They use
signature-based analysis is used for monitoring the network. There are many possible attacks like
worms, Trojans in the network. By performing the signature analysis the network is detected for
its malicious activities. After analyzing the network, the signatures are stored in the database i.e
Cisco Secure IDS Network Security Database. The sensor regularly compares the incoming
packet with the Network Security Database. If the updates are done regularly then it will be easy
for identifying the data for the attacks (Jesu Jayarin, P. Blessing Solomon, B., 2018).
In case if the signature is matched with the packet then the following process should be followed.
Enabling the event log
Forwarding the event log to the Network Intrusion Detection System manager
Shun the malicious traffic by the dynamic configuration of network devices.
The following mitigation techniques are used for controlling the malicious attacks in the
network.
Pattern matching technique
Session-aware pattern matching technique
Context-based signature technique
Protocol Decode Analysis technique
Traffic anomaly analysis technique
Pattern matching technique
This technique is one of the basic techniques that are used for performing the pattern matching
by detecting the number of bytes in a packet that is captured by the Cisco sensor (Cisco
networking academy, 2014).
6.6.1 Session-Aware Pattern Matching Technique
This technique is used to record the information in the TCP layer of the network. The
session is maintained in the TCP network so the packets are arranged in an order to detect the
attacks in the network (Cisco networking academy, 2014).
6.6.2 Context-Based Signatures techniques
This technique is used to identify the malicious attacks using the context. For this
technique, the sensors need to have the capacity of understanding the context and to detect the
patterns in the packet. For example, generally the attack occurs with the URL request. Therefore,
the sensor keeps on watching the buffer signatures when the client requests the server. So the
sensor should be aware of the malicious traffic which is searched in the network (Cisco
networking academy, 2014).
Session-aware pattern matching technique
Context-based signature technique
Protocol Decode Analysis technique
Traffic anomaly analysis technique
Pattern matching technique
This technique is one of the basic techniques that are used for performing the pattern matching
by detecting the number of bytes in a packet that is captured by the Cisco sensor (Cisco
networking academy, 2014).
6.6.1 Session-Aware Pattern Matching Technique
This technique is used to record the information in the TCP layer of the network. The
session is maintained in the TCP network so the packets are arranged in an order to detect the
attacks in the network (Cisco networking academy, 2014).
6.6.2 Context-Based Signatures techniques
This technique is used to identify the malicious attacks using the context. For this
technique, the sensors need to have the capacity of understanding the context and to detect the
patterns in the packet. For example, generally the attack occurs with the URL request. Therefore,
the sensor keeps on watching the buffer signatures when the client requests the server. So the
sensor should be aware of the malicious traffic which is searched in the network (Cisco
networking academy, 2014).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
6.6.3 Protocol Decode Analysis Techniques
This technique is used to decode the different elements in the sequence of packets during the
client and server communication. A certain tool is used for validating the decoding process.
Generally for pattern matching simple signatures techniques is used. But protocol decode
analysis techniques use specific matching techniques that are specified in the RFC document.
The Cisco sensors analyze the following protocols (Cisco networking academy, 2014).
File Transfer Protocol
Simple Message Transfer Protocol
Simple Network Management Protocol
Telecommunication Network
Internet Control Message Protocol
Secure shell
Internet Message Access Protocol
6.6.4 Traffic Anomaly Analysis Techniques
Cisco sensors can detect the deviations that occur in the patterns within the network.
Traffic anomaly analysis technique is used to define the threshold of the network and their types
of traffic. After defining the thresholds the limits are set to find the traffic in the network (Cisco
networking academy, 2014).
This technique can detect the following abnormal events:
UDP packet flooding
ICMP traffic increases
This technique is used to decode the different elements in the sequence of packets during the
client and server communication. A certain tool is used for validating the decoding process.
Generally for pattern matching simple signatures techniques is used. But protocol decode
analysis techniques use specific matching techniques that are specified in the RFC document.
The Cisco sensors analyze the following protocols (Cisco networking academy, 2014).
File Transfer Protocol
Simple Message Transfer Protocol
Simple Network Management Protocol
Telecommunication Network
Internet Control Message Protocol
Secure shell
Internet Message Access Protocol
6.6.4 Traffic Anomaly Analysis Techniques
Cisco sensors can detect the deviations that occur in the patterns within the network.
Traffic anomaly analysis technique is used to define the threshold of the network and their types
of traffic. After defining the thresholds the limits are set to find the traffic in the network (Cisco
networking academy, 2014).
This technique can detect the following abnormal events:
UDP packet flooding
ICMP traffic increases
These techniques can be effective in case of the static environment. But this technique is used to
detect only the attack possibility in the network.
detect only the attack possibility in the network.
CHAPTER 7
6. EVALUATION
Using the Cisco Intrusion Detection and Prevention techniques provides a flexible
deployment solution for securing the data in the corporate (Cisco, 2014). The services are
deployed on the following types:
Cisco PIX firewall
Cisco IOS routers
Cisco IDS 4200
Cisco IDSM
The above services use Cisco IDS software where they run on the Red Hat Linux to secure
the network from the attack. The software can be differentiated by using their performance
levels.
Network Sensor Performance Mbps
4210 45
4215 80
4235 250
4250 500
4250 XL 1000
Table 1. Performance of the network sensor
Based on the performance it can be concluded that the Cisco Sensor 4250 XL has a higher level
of performance in the network system. It can support 3 million Ethernet packets per second and
6. EVALUATION
Using the Cisco Intrusion Detection and Prevention techniques provides a flexible
deployment solution for securing the data in the corporate (Cisco, 2014). The services are
deployed on the following types:
Cisco PIX firewall
Cisco IOS routers
Cisco IDS 4200
Cisco IDSM
The above services use Cisco IDS software where they run on the Red Hat Linux to secure
the network from the attack. The software can be differentiated by using their performance
levels.
Network Sensor Performance Mbps
4210 45
4215 80
4235 250
4250 500
4250 XL 1000
Table 1. Performance of the network sensor
Based on the performance it can be concluded that the Cisco Sensor 4250 XL has a higher level
of performance in the network system. It can support 3 million Ethernet packets per second and
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Gigabit Ethernet interface for network monitoring. So, the Cisco IDS is well suited for the
corporate (Cisco, 2014).
corporate (Cisco, 2014).
CHAPTER 8
CONCLUSION
The increasing growth of cybersecurity threats and attacks nowadays demands a new
critical infrastructure that has control and command system. To reduce the impact of the above
threats an organization must have to explain and adopt a strong security policy without any
interruption by a strong commitment of high management and the policy must include corporate
database security. The plan of risk response mainly involves eliminating or reducing the risk
threats of the cyberspace. Promotion of the Cybersecurity Research & Development works
should cover every aspect like developing a system that is trustworthy, instalments and update in
whole life cycle provide new cybersecurity technology.
At the end we can say that cybersecurity has to be upgraded regularly at different levels,
considering the high rates of cyber threats. The government makes cybersecurity policy
framework very tough by integrating privacy safety which wins the trust and confidence of the
user. There are no security methods which are going to protect your organization from threats,
only they can lower it. For this, the network design of the corporate should be changed by the
Cisco hierarchical model which provides the network sensors to monitor the network and to
reduce the security risk in the organization. This networking model should be implemented in the
organization to provide the security to the data in the organization. When the project is
completed in the organization then we need one more basic step of official approval from all the
section of the organization, that whether the system is correctly working or not to final close of
the project. The signoff process mainly responsible for accountability and control the specific
abilities of the network system. The key of project signoff mainly consists of basic information
about the project and specific sign off field.
CONCLUSION
The increasing growth of cybersecurity threats and attacks nowadays demands a new
critical infrastructure that has control and command system. To reduce the impact of the above
threats an organization must have to explain and adopt a strong security policy without any
interruption by a strong commitment of high management and the policy must include corporate
database security. The plan of risk response mainly involves eliminating or reducing the risk
threats of the cyberspace. Promotion of the Cybersecurity Research & Development works
should cover every aspect like developing a system that is trustworthy, instalments and update in
whole life cycle provide new cybersecurity technology.
At the end we can say that cybersecurity has to be upgraded regularly at different levels,
considering the high rates of cyber threats. The government makes cybersecurity policy
framework very tough by integrating privacy safety which wins the trust and confidence of the
user. There are no security methods which are going to protect your organization from threats,
only they can lower it. For this, the network design of the corporate should be changed by the
Cisco hierarchical model which provides the network sensors to monitor the network and to
reduce the security risk in the organization. This networking model should be implemented in the
organization to provide the security to the data in the organization. When the project is
completed in the organization then we need one more basic step of official approval from all the
section of the organization, that whether the system is correctly working or not to final close of
the project. The signoff process mainly responsible for accountability and control the specific
abilities of the network system. The key of project signoff mainly consists of basic information
about the project and specific sign off field.
REFERENCES
Akhil Gupta, et al., 2018. Bandwidth Spoofing and Intrusion Detection System for
Multistage 5G Wireless Communication Network. IEEE Transactions on Vehicular
Technology. Vol.67. DOI: 10.1109/TVT.2017.2745110
Basant Subba, et al., 2016. Enhancing performance of anomaly based intrusion detection
systems through dimensionality reduction using principal component analysis. In Advanced
Networks and Telecommunications Systems (ANTS). 2016 IEEE International Conference
on. IEEE. 1–6.
Chaitali Choure, et al., 2018. A Literature Survey on Intrusion Detection and Protection
System using Data Mining. International Journal of Advance Research, Ideas and
Innovations in Technology. Vol.4. 61 - 65.
Chau Tran, et al., 2017. HA-IDS: A heterogeneous anomaly-based intrusion detection
system. In Information and Computer Science. 2017 4th NAFOSTED Conference on. IEEE.
156–161.
Cisco 2014. Cisco Network-Based Intrusion Detection—Functionalities and Configuration
Server. Farm Security in the Business Ready Data Center Architecture v2.1.
Cisco networking academy. 2014. Cisco Networking Academy Connecting Networks
Companion Guide: Hierarchical Network Design. Cisco Press.
Cisco. 2014. Cisco Enterprise Campus Infrastructure Best Practices Guide.
David Ahmad Effendy, et al., 2017. Classification of intrusion detection system (IDS) based
on computer network. In Proceedings of 2017 2nd International conferences on Information
Technology. Information Systems and Electrical Engineering (ICITISEE). IEEE. 90–94.
Elike Hodo, et al., 2017. Shallow and deep networks intrusion detection system: A taxonomy
and survey. 1–43.
Ennahbaoui, M. Idrissi, H. 2018. Zero-Knowledge Authentication and Intrusion Detection
System for Grid Computing Security. Information Innovation Technology in Smart Cities.
Ercan NurcanYılmaz, SerkanGönen. 2018. Attack detection/prevention system against cyber
attack in industrial control systems. Computers & Security. Volume 77. Pages 94-105.
Fang-YieLeu, et al., 2015. An Internal Intrusion Detection and Protection System by Using
Data Mining and Forensic Techniques. IEEE Int. Conf. Avail. Rel. Security. Taiwan. pp
1932-8184.
Gisung Kim, et al., 2014. A novel hybrid intrusion detection method integrating anomaly
detection with misuse detection. Pages 1690-1700.
Akhil Gupta, et al., 2018. Bandwidth Spoofing and Intrusion Detection System for
Multistage 5G Wireless Communication Network. IEEE Transactions on Vehicular
Technology. Vol.67. DOI: 10.1109/TVT.2017.2745110
Basant Subba, et al., 2016. Enhancing performance of anomaly based intrusion detection
systems through dimensionality reduction using principal component analysis. In Advanced
Networks and Telecommunications Systems (ANTS). 2016 IEEE International Conference
on. IEEE. 1–6.
Chaitali Choure, et al., 2018. A Literature Survey on Intrusion Detection and Protection
System using Data Mining. International Journal of Advance Research, Ideas and
Innovations in Technology. Vol.4. 61 - 65.
Chau Tran, et al., 2017. HA-IDS: A heterogeneous anomaly-based intrusion detection
system. In Information and Computer Science. 2017 4th NAFOSTED Conference on. IEEE.
156–161.
Cisco 2014. Cisco Network-Based Intrusion Detection—Functionalities and Configuration
Server. Farm Security in the Business Ready Data Center Architecture v2.1.
Cisco networking academy. 2014. Cisco Networking Academy Connecting Networks
Companion Guide: Hierarchical Network Design. Cisco Press.
Cisco. 2014. Cisco Enterprise Campus Infrastructure Best Practices Guide.
David Ahmad Effendy, et al., 2017. Classification of intrusion detection system (IDS) based
on computer network. In Proceedings of 2017 2nd International conferences on Information
Technology. Information Systems and Electrical Engineering (ICITISEE). IEEE. 90–94.
Elike Hodo, et al., 2017. Shallow and deep networks intrusion detection system: A taxonomy
and survey. 1–43.
Ennahbaoui, M. Idrissi, H. 2018. Zero-Knowledge Authentication and Intrusion Detection
System for Grid Computing Security. Information Innovation Technology in Smart Cities.
Ercan NurcanYılmaz, SerkanGönen. 2018. Attack detection/prevention system against cyber
attack in industrial control systems. Computers & Security. Volume 77. Pages 94-105.
Fang-YieLeu, et al., 2015. An Internal Intrusion Detection and Protection System by Using
Data Mining and Forensic Techniques. IEEE Int. Conf. Avail. Rel. Security. Taiwan. pp
1932-8184.
Gisung Kim, et al., 2014. A novel hybrid intrusion detection method integrating anomaly
detection with misuse detection. Pages 1690-1700.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Gulshan Kumar, et al., 2018. Optimized Packet Filtering Honeypot with Snooping Agents in
Intrusion Detection System for WLAN. International Journal of Information Security and
Privacy. DOI: 10.4018/IJISP.2018010105
Jean Philippe Condomines, et al., 2018. Network intrusion detection system for drone fleet
using both spectral analysis and robust controller / observer. ENAC – Ecole Nationale de
l’Aviation Civile.
Jesu Jayarin, P. Blessing Solomon, B. 2018. Survey on Intrusion Detection System.
International Journal of Scientific Research in Computer Science. Engineering and
Information Technology. IJSRCSEIT. Volume 3. Issue 3. ISSN : 2456-3307.
Khalvati, L. et al., 2018. Intrusion Detection based on a Novel Hybrid Learning Approach.
Journal of AI and Data Mining. Vol. 6. 157-162. DOI: 10.22044/JADM.2017.979.
Latika Mehrotra, et al., 2018. A Data Classification Model: For Effective Classification of
Intrusion in an Intrusion Detection System Based on Decision Tree Learning Algorithm.
Information and Communication Technology for Sustainable Development. Vol. 9. Springer.
Matthew Spicer. 2018. Intrusion Detection System for Electronic Communication Buses: A
New Approach.
Mohamad Nazrin Napiah, et al., 2018. Compression Header Analyzer Intrusion Detection
System (CHA-IDS) for 6LoWPAN Communication Protocol. IEEE Access 6. 16623–16638.
Mohammed Hasan Ali, et al., 2018. A new intrusion detection system based on Fast Learning
Network and Particle swarm optimization. IEEE Access 6. 20255–20261.
Nagaraju, S. Sudhakara Reddy, P. 2018. HighThroughput Low-Power Variable Rate
Network Intrusion Detection System Using Unique SRAM Controller. Proceedings of 2nd
International Conference on MicroElectronics, Electromagnetics and Telecommunications.
Vol. 434.
Nathan Shone. 2018. A deep learning approach to network intrusion detection. IEEE
Transactions on Emerging Topics in Computational Intelligence 2, 1 41–50.
[23] Navneet Kambow et al. 2014. Honeypots: The Need of Network Security Navneet.
(IJCSIT) International Journal of Computer Science and Information Technologies. Vol. 5
(5) , Department of Computer Science, Barnala, India.
Panel Amin Karami. et al. 2018. An anomaly-based intrusion detection system in presence of
benign outliers with visualization capabilities. Expert Systems with Applications. Volume
108. Pages 36-60.
Panel Dimitrios, et al. 2018. Dendron : Genetic trees driven rule induction for network
intrusion detection systems. Future Generation Computer Systems. Volume 79. Part 2. Pages
558-574.
Intrusion Detection System for WLAN. International Journal of Information Security and
Privacy. DOI: 10.4018/IJISP.2018010105
Jean Philippe Condomines, et al., 2018. Network intrusion detection system for drone fleet
using both spectral analysis and robust controller / observer. ENAC – Ecole Nationale de
l’Aviation Civile.
Jesu Jayarin, P. Blessing Solomon, B. 2018. Survey on Intrusion Detection System.
International Journal of Scientific Research in Computer Science. Engineering and
Information Technology. IJSRCSEIT. Volume 3. Issue 3. ISSN : 2456-3307.
Khalvati, L. et al., 2018. Intrusion Detection based on a Novel Hybrid Learning Approach.
Journal of AI and Data Mining. Vol. 6. 157-162. DOI: 10.22044/JADM.2017.979.
Latika Mehrotra, et al., 2018. A Data Classification Model: For Effective Classification of
Intrusion in an Intrusion Detection System Based on Decision Tree Learning Algorithm.
Information and Communication Technology for Sustainable Development. Vol. 9. Springer.
Matthew Spicer. 2018. Intrusion Detection System for Electronic Communication Buses: A
New Approach.
Mohamad Nazrin Napiah, et al., 2018. Compression Header Analyzer Intrusion Detection
System (CHA-IDS) for 6LoWPAN Communication Protocol. IEEE Access 6. 16623–16638.
Mohammed Hasan Ali, et al., 2018. A new intrusion detection system based on Fast Learning
Network and Particle swarm optimization. IEEE Access 6. 20255–20261.
Nagaraju, S. Sudhakara Reddy, P. 2018. HighThroughput Low-Power Variable Rate
Network Intrusion Detection System Using Unique SRAM Controller. Proceedings of 2nd
International Conference on MicroElectronics, Electromagnetics and Telecommunications.
Vol. 434.
Nathan Shone. 2018. A deep learning approach to network intrusion detection. IEEE
Transactions on Emerging Topics in Computational Intelligence 2, 1 41–50.
[23] Navneet Kambow et al. 2014. Honeypots: The Need of Network Security Navneet.
(IJCSIT) International Journal of Computer Science and Information Technologies. Vol. 5
(5) , Department of Computer Science, Barnala, India.
Panel Amin Karami. et al. 2018. An anomaly-based intrusion detection system in presence of
benign outliers with visualization capabilities. Expert Systems with Applications. Volume
108. Pages 36-60.
Panel Dimitrios, et al. 2018. Dendron : Genetic trees driven rule induction for network
intrusion detection systems. Future Generation Computer Systems. Volume 79. Part 2. Pages
558-574.
Panel Erfan A. et al. 2018. Trust aware support vector machine intrusion detection and
prevention system in vehicular ad hoc networks. Computers & Security. Volume 78. Pages
245-254.
Panel Md Raqibull Hasan et al. 2018. An Effective AODV-based Flooding Detection and
Prevention for Smart Meter Network. procedia Computer Science. Volume 129. Pages 454-460
Panel Muhammet, Baykara ResulDas. 2018. A novel honeypot based security approach for real-
time intrusion detection and prevention systems. Journal of Information Security and
Applications.Volume 41. Pages 103-116.
Panel Sparsh Sharma, AjayKaul. 2018. A survey on Intrusion Detection Systems and Honeypot
based proactive security mechanisms in VANETs and VANET Cloud. Vehicular
Communications. Volume 12. Pages 138-164.
Panel Xavier, et al. 2018. A real-time anomaly-based IDS for cyber-attack detection at the
industrial process level of Critical Infrastructures. International Journal of Critical Infrastructure
Protection.
Panel Zonghua Zhang, AhmedMeddahi. 2017. Intrusion Prevention and Detection in NFV,
Security in Network Functions Virtualization. Pages 157-172.
Praneeth Nskh, et al., 2016. Principle component analysis based intrusion detection system
using support vector machine. In Recent Trends in Electronics, Information and
Communication Technology (RTEICT). IEEE International Conference on. IEEE. 1344–
1350.
Qingru Li, et al., 2017. An intrusion detection system based on polynomial feature
correlation analysis. IEEE. 978–983.
prevention system in vehicular ad hoc networks. Computers & Security. Volume 78. Pages
245-254.
Panel Md Raqibull Hasan et al. 2018. An Effective AODV-based Flooding Detection and
Prevention for Smart Meter Network. procedia Computer Science. Volume 129. Pages 454-460
Panel Muhammet, Baykara ResulDas. 2018. A novel honeypot based security approach for real-
time intrusion detection and prevention systems. Journal of Information Security and
Applications.Volume 41. Pages 103-116.
Panel Sparsh Sharma, AjayKaul. 2018. A survey on Intrusion Detection Systems and Honeypot
based proactive security mechanisms in VANETs and VANET Cloud. Vehicular
Communications. Volume 12. Pages 138-164.
Panel Xavier, et al. 2018. A real-time anomaly-based IDS for cyber-attack detection at the
industrial process level of Critical Infrastructures. International Journal of Critical Infrastructure
Protection.
Panel Zonghua Zhang, AhmedMeddahi. 2017. Intrusion Prevention and Detection in NFV,
Security in Network Functions Virtualization. Pages 157-172.
Praneeth Nskh, et al., 2016. Principle component analysis based intrusion detection system
using support vector machine. In Recent Trends in Electronics, Information and
Communication Technology (RTEICT). IEEE International Conference on. IEEE. 1344–
1350.
Qingru Li, et al., 2017. An intrusion detection system based on polynomial feature
correlation analysis. IEEE. 978–983.
1 out of 60
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.