IMAT5262 Project Proposal: Network Intrusion Detection Ethics
VerifiedAdded on Ā 2021/06/18
|29
|4575
|98
Project
AI Summary
This project proposal, developed for an MSc in Information Systems Management at De Montfort University, focuses on the ethical considerations within Network Intrusion Detection and Prevention Systems (NIDPS). The research aims to explore intrusion profiling and policy implementation techniques in a collaborative networking environment, specifically examining the deployment of signature-based network IPS. The proposal addresses key research questions regarding network hacking methodologies, incident response, and security team collaboration for attack profiling and control implementation. The literature review covers the evolution of cyber threats, the limitations of traditional security measures, and the importance of advanced protection methods including intrusion profiling. The methodology section outlines the approach to be taken, including a qualitative study. The proposal also includes a project plan, an ethical review form, and consent form. The research underscores the need for advanced intrusion-profiling techniques, collaborative security policies, and continuous monitoring to address the increasing sophistication of cyber threats. The study seeks to contribute to the development of more robust and ethical network security practices.
MSc Information Systems Management
IMAT5262 Research, Ethics &
Professionalism in Computing
Assignment - Project Proposal
Ethics in Network Intrusion
Detection and Prevention Systems
Pxxxxxxxx
De Montfort University
DO NOT INCLUDE YOUR
NAME AS THE WORK WILL BE
ANONYMOUSLY MARKED
IMAT5262 Research, Ethics &
Professionalism in Computing
Assignment - Project Proposal
Ethics in Network Intrusion
Detection and Prevention Systems
Pxxxxxxxx
De Montfort University
DO NOT INCLUDE YOUR
NAME AS THE WORK WILL BE
ANONYMOUSLY MARKED
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
Abstract
This dissertation prospectus was developed to assist the researcher and his
dissertation committee grasps the understanding and scope for the proposed study,
which allowed the core functionality of the direction of the research, a more
directional approach, planning and logical outline in order for the study to gain
prosperity and success. This prospectus will focus on briefly describing the various
concepts of the study in order to examine how they conclude and define the overall
study objectives. This research proposal is pertaining to collaborative assessment of
network and computer intrusion threats by carrying out intrusion profiling. The
objective of this dissertation is to present a detailed insight into intrusion profiling and
policy implementation techniques in a collaborative environment of networking Host
Intrusion Detection and Prevention Systems.
Key Words
Network Intrusion Detection and Prevention Systems, Ethics, network threats,
Internet Protocol Service, Network Admission Control.
1
Computing
Abstract
This dissertation prospectus was developed to assist the researcher and his
dissertation committee grasps the understanding and scope for the proposed study,
which allowed the core functionality of the direction of the research, a more
directional approach, planning and logical outline in order for the study to gain
prosperity and success. This prospectus will focus on briefly describing the various
concepts of the study in order to examine how they conclude and define the overall
study objectives. This research proposal is pertaining to collaborative assessment of
network and computer intrusion threats by carrying out intrusion profiling. The
objective of this dissertation is to present a detailed insight into intrusion profiling and
policy implementation techniques in a collaborative environment of networking Host
Intrusion Detection and Prevention Systems.
Key Words
Network Intrusion Detection and Prevention Systems, Ethics, network threats,
Internet Protocol Service, Network Admission Control.
1
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
Table of Contents
1. Background................................................................................................................................3
2. Research questions.................................................................................................................4
3. Literature Review......................................................................................................................5
4. Methodology Review..............................................................................................................10
4.1 SECTION 1 ā REVIEW..................................................................................................................10
4.2 SECTION 2 ā SELECTION.............................................................................................................11
5. Conclusion...............................................................................................................................12
6. References...............................................................................................................................13
7. Appendices..............................................................................................................................16
Appendix (I): Project Plan.........................................................................................................16
Appendix (II): Ethical Review Form..........................................................................................0
Appendix (III): Consent Form.....................................................................................................5
Appendix (IV): Pilot study...........................................................................................................7
2
Computing
Table of Contents
1. Background................................................................................................................................3
2. Research questions.................................................................................................................4
3. Literature Review......................................................................................................................5
4. Methodology Review..............................................................................................................10
4.1 SECTION 1 ā REVIEW..................................................................................................................10
4.2 SECTION 2 ā SELECTION.............................................................................................................11
5. Conclusion...............................................................................................................................12
6. References...............................................................................................................................13
7. Appendices..............................................................................................................................16
Appendix (I): Project Plan.........................................................................................................16
Appendix (II): Ethical Review Form..........................................................................................0
Appendix (III): Consent Form.....................................................................................................5
Appendix (IV): Pilot study...........................................................................................................7
2
ā This is a preview!ā
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
1. Background
The primary focus of the dissertation is on detailed implementation methodology
of exploit prevention using signature-based network Internet Protocol Service (IPS)
after analysing the logs on multiple Intrusion Detection and Prevention Systems
(IDPS) that host while installed on the network. In this context, research will be
conducted to work out a detailed mechanism of deployment of a Network Intrusion
Detection and Prevention Systems (NIDPS) to establish a future roadmap of
implementation for Network Admission Control (NAC) on a production computer
network that will enhance systems that enable these advanced intrusion-profiling
techniques. This research proposal will function within a qualitative nature to attempt
to discover the outcomes of the study (Akal, 2012).
Security is a psychological impulse within ourselves so we feel comfortable and
protected. Security is the idea of something being in a location unable to be
modified, stolen, damaged and or removed without permission. According to the
American Heritage Dictionary of English Language (2006) secure is a word
describing freedom of danger, attack and risk of loss. A sense of security has
always been an element of the human infrastructure to protect what is theirs from
outside intruders (Rash, Orebaugh, & Clark, 2014). We can see this in the methods
by which ancient people constructed their homes and the usage of fortifications in
their villages, towns and cities. These ancient protections were an essential part of
life, to live in safety and comfort while the daily activities were carried out. In modern
times our military, the civilian police force and other government services reflect
such protective methods. A major difference is, while physical fortifications were
sufficient for our ancestors, we must incorporate cyber fortifications to meet the
challenges of todayās environment (Amoroso, 2013).
3
Computing
1. Background
The primary focus of the dissertation is on detailed implementation methodology
of exploit prevention using signature-based network Internet Protocol Service (IPS)
after analysing the logs on multiple Intrusion Detection and Prevention Systems
(IDPS) that host while installed on the network. In this context, research will be
conducted to work out a detailed mechanism of deployment of a Network Intrusion
Detection and Prevention Systems (NIDPS) to establish a future roadmap of
implementation for Network Admission Control (NAC) on a production computer
network that will enhance systems that enable these advanced intrusion-profiling
techniques. This research proposal will function within a qualitative nature to attempt
to discover the outcomes of the study (Akal, 2012).
Security is a psychological impulse within ourselves so we feel comfortable and
protected. Security is the idea of something being in a location unable to be
modified, stolen, damaged and or removed without permission. According to the
American Heritage Dictionary of English Language (2006) secure is a word
describing freedom of danger, attack and risk of loss. A sense of security has
always been an element of the human infrastructure to protect what is theirs from
outside intruders (Rash, Orebaugh, & Clark, 2014). We can see this in the methods
by which ancient people constructed their homes and the usage of fortifications in
their villages, towns and cities. These ancient protections were an essential part of
life, to live in safety and comfort while the daily activities were carried out. In modern
times our military, the civilian police force and other government services reflect
such protective methods. A major difference is, while physical fortifications were
sufficient for our ancestors, we must incorporate cyber fortifications to meet the
challenges of todayās environment (Amoroso, 2013).
3
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
Intruders today use malicious binary codes as the latest weaponry for a battering-
ram technique to demolish and bypass our cyber security walls, so they can pillage
and collect the bounty of their victimās cyber home. (Fichera & Bolt, 2013), describe
the growing age of information warfare, which reflect information security as
displaying patterns that expand into a more offensive than defensive stance. Cyber-
criminal profiling, like in the physical world, is when an intruder rampages a cyber-
graphical location, the crime-scene is scanned for evidence to determine the
criminalās profile, which is then introduced on a broadcasting-band throughout the
law enforcement community in order to assist in the capture of the intruder(s).
(Ghorbani, Lu, & Tavallaee, 2010) examines the idea of intruder identity data by
tracing the thumbprints of continuous attacks, even if the intruder obscures their
identity by logging through chains of multiple faces and systems. This study will
interpret how technological experts understand, manage, and implement intruder
profiling within their working environment.
Intruder profiling has been linked to security as long as security has been with the
human mindset of ancient times. Crime scenes are often the charted stepping-
stones to intruder profiling. An investigator would carefully note evidence and image
the scene as it happen in order to profile the intruder of the crime. The intruder
profiling is then used to prevent, detain, prosecute the criminal (Rothrock, 2018).
2. Research questions
(a) What are the primary network hacking methodologies used by attackers?
(b) How can incident identification & response actions be carried out when
distributed attacks are evident on the network?
(c) How can security teams collaborate to carry out attack profiling, analyse the
weaknesses and implement the controls?
4
Computing
Intruders today use malicious binary codes as the latest weaponry for a battering-
ram technique to demolish and bypass our cyber security walls, so they can pillage
and collect the bounty of their victimās cyber home. (Fichera & Bolt, 2013), describe
the growing age of information warfare, which reflect information security as
displaying patterns that expand into a more offensive than defensive stance. Cyber-
criminal profiling, like in the physical world, is when an intruder rampages a cyber-
graphical location, the crime-scene is scanned for evidence to determine the
criminalās profile, which is then introduced on a broadcasting-band throughout the
law enforcement community in order to assist in the capture of the intruder(s).
(Ghorbani, Lu, & Tavallaee, 2010) examines the idea of intruder identity data by
tracing the thumbprints of continuous attacks, even if the intruder obscures their
identity by logging through chains of multiple faces and systems. This study will
interpret how technological experts understand, manage, and implement intruder
profiling within their working environment.
Intruder profiling has been linked to security as long as security has been with the
human mindset of ancient times. Crime scenes are often the charted stepping-
stones to intruder profiling. An investigator would carefully note evidence and image
the scene as it happen in order to profile the intruder of the crime. The intruder
profiling is then used to prevent, detain, prosecute the criminal (Rothrock, 2018).
2. Research questions
(a) What are the primary network hacking methodologies used by attackers?
(b) How can incident identification & response actions be carried out when
distributed attacks are evident on the network?
(c) How can security teams collaborate to carry out attack profiling, analyse the
weaknesses and implement the controls?
4
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
3. Literature Review
For the modern IT enabled businesses, Internet has emerged as the most
significant tool to enhance competitive advantages in almost every aspect of the
business ā sales & marketing, branding, customer services, corporate governance,
employee services, project engagement, etc. However, given the openness, reach &
flexibility of the Internet the threats have increased considerably whereby many of
them are almost always present and can exploit the vulnerabilities of Internet
enabled systems of companies at will against slightest of slippage by the security
administrators (Ghorbani, Lu, & Tavallaee, 2010). The hackers carry out organized
attacks on the web enabled systems using custom programmed, packaged and
tested tools that have the capability to penetrate deep into the Internet enabled IT
systems of the Corporate Networks and provide unwarranted controls to the
attackers regardless of where they are in the world. The purpose of such attacks can
be manifold ā fun, community interests, competition activity, data breaches, service
disruption or sabotage (Scott, Wilson, & Canterbury (N.Z.), 2012). In fact, the overall
magnitude & power of modern threats are very high and hence the traditional
permit/deny policies of Stateful Inspection Firewalls cannot help in protecting the
business. The Stateful Inspection Firewalls can either permit or deny traffic through
the open TCP or UDP ports but cannot inspect the traffic allowed to pass through the
open ports. Hence, advanced protection measures are mandatory that should have
the capability to inspect traffic passing through the open ports and inform the security
administrator about the suspected malicious traffic (Frahim, Santos, & Ossipov,
2014).
In modern era of Globalization and stringent competitiveness, businesses can
be exposed to almost recurring risk of losing market shares if they are not alerted
5
Computing
3. Literature Review
For the modern IT enabled businesses, Internet has emerged as the most
significant tool to enhance competitive advantages in almost every aspect of the
business ā sales & marketing, branding, customer services, corporate governance,
employee services, project engagement, etc. However, given the openness, reach &
flexibility of the Internet the threats have increased considerably whereby many of
them are almost always present and can exploit the vulnerabilities of Internet
enabled systems of companies at will against slightest of slippage by the security
administrators (Ghorbani, Lu, & Tavallaee, 2010). The hackers carry out organized
attacks on the web enabled systems using custom programmed, packaged and
tested tools that have the capability to penetrate deep into the Internet enabled IT
systems of the Corporate Networks and provide unwarranted controls to the
attackers regardless of where they are in the world. The purpose of such attacks can
be manifold ā fun, community interests, competition activity, data breaches, service
disruption or sabotage (Scott, Wilson, & Canterbury (N.Z.), 2012). In fact, the overall
magnitude & power of modern threats are very high and hence the traditional
permit/deny policies of Stateful Inspection Firewalls cannot help in protecting the
business. The Stateful Inspection Firewalls can either permit or deny traffic through
the open TCP or UDP ports but cannot inspect the traffic allowed to pass through the
open ports. Hence, advanced protection measures are mandatory that should have
the capability to inspect traffic passing through the open ports and inform the security
administrator about the suspected malicious traffic (Frahim, Santos, & Ossipov,
2014).
In modern era of Globalization and stringent competitiveness, businesses can
be exposed to almost recurring risk of losing market shares if they are not alerted
5
ā This is a preview!ā
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
against intrusions occurring from the Internet. The economies across continents are
well connected in this era and hence activities carried out by attackers in one country
can impact other countries across the globe. The Internet is no longer a test bed for
the intruders ā they have evolved beyond the fundamentals of the hacking
technologies. As analyzed by (Herrero & Corchado, 2011), the current threats to
organizations are more from sophisticated intruders because the existing security
technologies are well equipped to protect organizations against the standard threats.
Well-funded groups around the world that break into US Government networks for
gathering sensitive information. The reader shall appreciate that it is a multi-step
process that is executed in a number of days. If the security administrators are able
to track the traces left by the steps executed by the attackers, they can block the
attacks and protect valuable information of the organization. Tracking such traces is
a very complex process and is normally as sophisticated as the methodology used
by the attacker (Stallings, 2017).
The intruder host first tries to locate the weakest host(s) on the network (to
which the attacker connected through Internet or unsecured wireless network) using
tools that can help in finding them using hit and trail and multiple configuration
options (Yang, 2016). Once such hosts are identified, the attacker uses them as
proxy hosts (also called launch-pads) and attempts to connect to the command and
control hosts (like domain controllers or authentication servers). The proxy hosts
help them to inject certain sniffing and spoofing tools into the command and control
hosts that help in stealing administrative privileges (Huang, S. C.-H, MacCallum, &
Du, 2010). Once the command and control hosts are conquered, then the attacker
becomes an externally placed network administrator and is able to steal and push
data wherever he wants either in hidden folders within the network or outside the
6
Computing
against intrusions occurring from the Internet. The economies across continents are
well connected in this era and hence activities carried out by attackers in one country
can impact other countries across the globe. The Internet is no longer a test bed for
the intruders ā they have evolved beyond the fundamentals of the hacking
technologies. As analyzed by (Herrero & Corchado, 2011), the current threats to
organizations are more from sophisticated intruders because the existing security
technologies are well equipped to protect organizations against the standard threats.
Well-funded groups around the world that break into US Government networks for
gathering sensitive information. The reader shall appreciate that it is a multi-step
process that is executed in a number of days. If the security administrators are able
to track the traces left by the steps executed by the attackers, they can block the
attacks and protect valuable information of the organization. Tracking such traces is
a very complex process and is normally as sophisticated as the methodology used
by the attacker (Stallings, 2017).
The intruder host first tries to locate the weakest host(s) on the network (to
which the attacker connected through Internet or unsecured wireless network) using
tools that can help in finding them using hit and trail and multiple configuration
options (Yang, 2016). Once such hosts are identified, the attacker uses them as
proxy hosts (also called launch-pads) and attempts to connect to the command and
control hosts (like domain controllers or authentication servers). The proxy hosts
help them to inject certain sniffing and spoofing tools into the command and control
hosts that help in stealing administrative privileges (Huang, S. C.-H, MacCallum, &
Du, 2010). Once the command and control hosts are conquered, then the attacker
becomes an externally placed network administrator and is able to steal and push
data wherever he wants either in hidden folders within the network or outside the
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
network on the Internet. The intruder first targets the weakest hosts on the network,
exploits them and develops them as launch-pads (Yu, Tsai, & J. J.-P, 2011).
Thereafter, the intruder communicates with the command & control hosts on the
network through the compromised host and attempts to find out as much information
about data repositories as possible (IP address, passwords, commands, etc.). After
getting adequate information, the intruder is able to attack the command & control
host directly such that commands can be run on the data repositories and stolen
data exported to external repositories (Jakubowicz et al., 2017).
Most cyber-attacks begin with āsniffing for vulnerabilitiesā that help the
attacker plan an exploit strategy. Example of such a sniffing tool is the Network
Mapper (NMAP). Mapping is a mechanism of silent sniffing that is used by hackers
to detect Internet enabled Host IP addresses and the operating systems, running
applications and the ports and services open on them. This method is used to gather
information about the Internet enabled hosts to carry out attack profiling
(http:/nmap.org) whereby the results are used to plan the attack. Attack profiling is
essential for an attacker such that no time is wasted trying endless attacks on hosts.
If the profiling is carried out accurately, the attacker can know the vulnerabilities to
be exploited and choose the most appropriate exploits and payloads. Such exploits
(with payloads) can then be launched using deadly exploit and hacking tools like the
Metasploit Framework (Jaswal, 2014). Such a framework can practically penetrate
any application or operating system of the world. Many security consultants use this
tool to carry out Penetration Testing of the web enabled hosts over the Internet for
their clients. In the following paragraphs the author hereby presents how an attack
can be executed with the help of the sniffed information and the exploits with
payloads available on Metasploit framework (Jaswal, 2014).
7
Computing
network on the Internet. The intruder first targets the weakest hosts on the network,
exploits them and develops them as launch-pads (Yu, Tsai, & J. J.-P, 2011).
Thereafter, the intruder communicates with the command & control hosts on the
network through the compromised host and attempts to find out as much information
about data repositories as possible (IP address, passwords, commands, etc.). After
getting adequate information, the intruder is able to attack the command & control
host directly such that commands can be run on the data repositories and stolen
data exported to external repositories (Jakubowicz et al., 2017).
Most cyber-attacks begin with āsniffing for vulnerabilitiesā that help the
attacker plan an exploit strategy. Example of such a sniffing tool is the Network
Mapper (NMAP). Mapping is a mechanism of silent sniffing that is used by hackers
to detect Internet enabled Host IP addresses and the operating systems, running
applications and the ports and services open on them. This method is used to gather
information about the Internet enabled hosts to carry out attack profiling
(http:/nmap.org) whereby the results are used to plan the attack. Attack profiling is
essential for an attacker such that no time is wasted trying endless attacks on hosts.
If the profiling is carried out accurately, the attacker can know the vulnerabilities to
be exploited and choose the most appropriate exploits and payloads. Such exploits
(with payloads) can then be launched using deadly exploit and hacking tools like the
Metasploit Framework (Jaswal, 2014). Such a framework can practically penetrate
any application or operating system of the world. Many security consultants use this
tool to carry out Penetration Testing of the web enabled hosts over the Internet for
their clients. In the following paragraphs the author hereby presents how an attack
can be executed with the help of the sniffed information and the exploits with
payloads available on Metasploit framework (Jaswal, 2014).
7
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
The signature based exploit detection can help only if the packets have traces
of the signatures. But if somehow the exploit is successful and traffic is already
started then the signature based IPS systems cannot differentiate between the
bogus traffic and useful traffic. In such a scenario, the Flow based detection system
can be used that takes into account the ābehavioral anomaly detectionā. These
systems record the flow patterns of packets among the hosts which can be analyzed
by the attack profiling tools to detect compromised hosts that are generating bogus
traffic. For example, Cisco has built in feature called āNet flowā that records flow
patterns and presents to the attack profilers for analysis (Kanopy (Firm), 2014).
The modern network & host based IDPS systems need to employ all the
popular detection & prevention strategies at various levels of the network. Such a
system needs to operate in collaborative mode such that the attack profilers can
collate all the alerts & alarms and carry out root cause analysis and apply
collaborative security policies. The primary objective of this dissertation is to present
the implementation & management of the collaborative Intrusion Detection and
Prevention system by developing attack profiling with the help of traces found on all
the systems (Loukas, 2015).
(Messier, 2016) presented a report on the LDRD research project that
presents a distributed framework of integrated security. The information about latest
anomalies & signatures are propagated to āSensor Enginesā (can be viewed as the
probes on the network) on the network by a centralized information processing
engine. The framework comprised of three key components ā Intrusion Detection
System, Localization of Attack Source and Attack containment. These components
operate with the help of central information fusion method that supports host &
network level anomaly detection and identification of attack source. The researchers
8
Computing
The signature based exploit detection can help only if the packets have traces
of the signatures. But if somehow the exploit is successful and traffic is already
started then the signature based IPS systems cannot differentiate between the
bogus traffic and useful traffic. In such a scenario, the Flow based detection system
can be used that takes into account the ābehavioral anomaly detectionā. These
systems record the flow patterns of packets among the hosts which can be analyzed
by the attack profiling tools to detect compromised hosts that are generating bogus
traffic. For example, Cisco has built in feature called āNet flowā that records flow
patterns and presents to the attack profilers for analysis (Kanopy (Firm), 2014).
The modern network & host based IDPS systems need to employ all the
popular detection & prevention strategies at various levels of the network. Such a
system needs to operate in collaborative mode such that the attack profilers can
collate all the alerts & alarms and carry out root cause analysis and apply
collaborative security policies. The primary objective of this dissertation is to present
the implementation & management of the collaborative Intrusion Detection and
Prevention system by developing attack profiling with the help of traces found on all
the systems (Loukas, 2015).
(Messier, 2016) presented a report on the LDRD research project that
presents a distributed framework of integrated security. The information about latest
anomalies & signatures are propagated to āSensor Enginesā (can be viewed as the
probes on the network) on the network by a centralized information processing
engine. The framework comprised of three key components ā Intrusion Detection
System, Localization of Attack Source and Attack containment. These components
operate with the help of central information fusion method that supports host &
network level anomaly detection and identification of attack source. The researchers
8
ā This is a preview!ā
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
developed a strategy of āsource isolationā by allowing the routers & firewalls to set
packet filters & port blocks automatically by virtue of decision supporting rules. They
used the packet inspection strategy of SNORT to compare the headers & contents of
network packets with known signatures and match the information with source
information such that the malicious ones can be blocked automatically by instructing
the routers & firewalls to establish blockades. This framework has the risk of false
positives which was recommended by the authors as future enhancements. Looking
into the challenge of false positives, (Panko & Panko, 2015) developed a
commendable collaborative system of a number of Network Intrusion Detection
Systems especially targeted to fight co-ordinated attacks like Distributed Denial of
Service (DDOS) and Worm outbreaks. In their system, a number of Intrusion
Detection Systems, acting as probes were deployed across the network to detect
anomalies at the network level and share the information in two stages of correlation.
The primary objective of their research was to identify āhotspotsā (heavily loaded IDS
systems) on the network such that the load can be distributed among other IDS
systems through active collaborations. The IDS systems were allowed to sanitize the
logs locally and then distribute them to the core IDS systems tasked to collate all
logs and generate collective information. They developed a Load Balancing
algorithm to achieve high detection accuracy that were simulated on network
simulation tools to prove their algorithm comprising of simulated worm outbreak and
real world stealthy scanning using intrusion logs (Perez, 2014a).
(Perez, 2014b) argues that correlation of IDS logs with Vulnerability Analysis
results in the probability of increasing true positives and reducing false positives is
quite high. The Vulnerability Analysis is procedure used by network & host based
scanning tools to detect the security weaknesses of the hosts & network components
9
Computing
developed a strategy of āsource isolationā by allowing the routers & firewalls to set
packet filters & port blocks automatically by virtue of decision supporting rules. They
used the packet inspection strategy of SNORT to compare the headers & contents of
network packets with known signatures and match the information with source
information such that the malicious ones can be blocked automatically by instructing
the routers & firewalls to establish blockades. This framework has the risk of false
positives which was recommended by the authors as future enhancements. Looking
into the challenge of false positives, (Panko & Panko, 2015) developed a
commendable collaborative system of a number of Network Intrusion Detection
Systems especially targeted to fight co-ordinated attacks like Distributed Denial of
Service (DDOS) and Worm outbreaks. In their system, a number of Intrusion
Detection Systems, acting as probes were deployed across the network to detect
anomalies at the network level and share the information in two stages of correlation.
The primary objective of their research was to identify āhotspotsā (heavily loaded IDS
systems) on the network such that the load can be distributed among other IDS
systems through active collaborations. The IDS systems were allowed to sanitize the
logs locally and then distribute them to the core IDS systems tasked to collate all
logs and generate collective information. They developed a Load Balancing
algorithm to achieve high detection accuracy that were simulated on network
simulation tools to prove their algorithm comprising of simulated worm outbreak and
real world stealthy scanning using intrusion logs (Perez, 2014a).
(Perez, 2014b) argues that correlation of IDS logs with Vulnerability Analysis
results in the probability of increasing true positives and reducing false positives is
quite high. The Vulnerability Analysis is procedure used by network & host based
scanning tools to detect the security weaknesses of the hosts & network components
9
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
on the network. Vulnerability analysis can be carried out by using advanced tools
that possess vulnerability analytics capability on the supported operating systems
and generate easy to understand logs.
4. Methodology Review
4.1 SECTION 1 ā REVIEW
This research shall employ the use of questionnaire and then one to one interviews
with the target respondents. Thereafter, the responses shall be collated and
analyzed such that critical discussions can be carried out and conclusions drawn at
the end. The questionnaire shall be designed based on the theoretical foundation
established with the help of the literature review (Pino, 2014).
This researcher has analyzed the differences between qualitative and quantitative
methods of research for this dissertation. As discussed by (In Jason & In Glenwick,
2016), the researcher in qualitative research carries out systematic collection,
sorting, organizing and interpretation of the textual inputs that are collected from
interviews, discussions, answers to questionnaire and observations. The following
contexts that are associated with qualitative research have been evaluated by the
author as against quantitative research:
(a) Reflexivity: A systematic construction of knowledge at every step of the
research and not only at the end as is normally carried out in quantitative
surveys. The knowledge construction depends upon the background of the
researcher, the place/region where she/he belongs to, the environment &
study sources accessible to her/him, passion & commitment of the researcher
pertaining to the subject of the research, etc (In Jason & In Glenwick, 2016).
10
Computing
on the network. Vulnerability analysis can be carried out by using advanced tools
that possess vulnerability analytics capability on the supported operating systems
and generate easy to understand logs.
4. Methodology Review
4.1 SECTION 1 ā REVIEW
This research shall employ the use of questionnaire and then one to one interviews
with the target respondents. Thereafter, the responses shall be collated and
analyzed such that critical discussions can be carried out and conclusions drawn at
the end. The questionnaire shall be designed based on the theoretical foundation
established with the help of the literature review (Pino, 2014).
This researcher has analyzed the differences between qualitative and quantitative
methods of research for this dissertation. As discussed by (In Jason & In Glenwick,
2016), the researcher in qualitative research carries out systematic collection,
sorting, organizing and interpretation of the textual inputs that are collected from
interviews, discussions, answers to questionnaire and observations. The following
contexts that are associated with qualitative research have been evaluated by the
author as against quantitative research:
(a) Reflexivity: A systematic construction of knowledge at every step of the
research and not only at the end as is normally carried out in quantitative
surveys. The knowledge construction depends upon the background of the
researcher, the place/region where she/he belongs to, the environment &
study sources accessible to her/him, passion & commitment of the researcher
pertaining to the subject of the research, etc (In Jason & In Glenwick, 2016).
10
P Number: Pxxxxxxxx IMAT5262 Research, Ethics & Professionalism in
Computing
(b) Preconceptions: Unlike quantitative research that starts with data, qualitative
research starts with preconceptions that depends upon previous knowledge,
experiences, education, perceptions, motivations, explorations,
experimentations, prototyping, etc.
(c) Sound theoretical foundation: In qualitative research, the theoretical
foundations can be developed using much wider sources available in the
world whereas in quantitative research, the previous researches related to the
subject matter is mandatory to be included.
(d) Different representations of the situations as being assessed within the
scope: Qualitative researchers on the same subject may end up having
different representations of the situations although with similarities. This is
because the logical, emotional, & scientific thinking strengths of human minds
are applied against the observations & study. Quantitative researches
normally lead to same results by different researchers because they are
based on statistical tools and data.
4.2 SECTION 2 ā SELECTION
In this research, Online Survey will be the methodology that will be utilized. This will
be done by creating an account with SurveyMonkey and then designing a survey.
After designing a complete survey then a web link is generated. This web link is sent
via SMS, email or any chat services that my target population can use. They will be
required to click on the link and in less than five minutes fill in the questions
Merits of using Online Surveys
a) More Accurate ā data entered by respondent go directly to the online
database and the person doing the survey will not have a chance to alter it
11
Computing
(b) Preconceptions: Unlike quantitative research that starts with data, qualitative
research starts with preconceptions that depends upon previous knowledge,
experiences, education, perceptions, motivations, explorations,
experimentations, prototyping, etc.
(c) Sound theoretical foundation: In qualitative research, the theoretical
foundations can be developed using much wider sources available in the
world whereas in quantitative research, the previous researches related to the
subject matter is mandatory to be included.
(d) Different representations of the situations as being assessed within the
scope: Qualitative researchers on the same subject may end up having
different representations of the situations although with similarities. This is
because the logical, emotional, & scientific thinking strengths of human minds
are applied against the observations & study. Quantitative researches
normally lead to same results by different researchers because they are
based on statistical tools and data.
4.2 SECTION 2 ā SELECTION
In this research, Online Survey will be the methodology that will be utilized. This will
be done by creating an account with SurveyMonkey and then designing a survey.
After designing a complete survey then a web link is generated. This web link is sent
via SMS, email or any chat services that my target population can use. They will be
required to click on the link and in less than five minutes fill in the questions
Merits of using Online Surveys
a) More Accurate ā data entered by respondent go directly to the online
database and the person doing the survey will not have a chance to alter it
11
ā This is a preview!ā
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 29
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
Ā +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright Ā© 2020ā2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.