Portal de Periódicos da CAPES

Enterprise network intrusion detection and prevention system (ENIDPS)

2007; SPIE; Volume: 6538; Linguagem: Inglês

10.1117/12.719994

1996-756X

Cajetan M. Akujuobi, Nana K. Ampah,

Advanced Malware Detection Techniques

Securing enterprise networks comes under two broad topics: Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). The right combination of selected algorithms/techniques under both topics produces better security for a given network. This approach leads to using layers of physical, administrative, electronic, and encrypted systems to protect valuable resources. So far, there is no algorithm, which guarantees absolute protection for a given network from intruders. Intrusion Prevention Systems like IPSec, Firewall, Sender ID, Domain Keys Identified Mail (DKIM) etc. do not guarantee absolute security just like existing Intrusion Detection Systems. Our approach focuses on developing an IDS, which will detect all intruders that bypass the IPS and at the same time will be used in updating the IPS, since the IPS fail to prevent some intruders from entering a given network. The new IDS will employ both signature-based detection and anomaly detection as its analysis strategy. It should therefore be able to detect known and unknown intruders or attacks and further isolate those sources of attack within the network. Both real-time and off-line IDS predictions will be applied under the analysis and response stages. The basic IDS architecture will involve both centralized and distributed/heterogeneous architecture to ensure effective detection. Pro-active responses and corrective responses will be employed. The new security system, which will be made up of both IDS and IPS, should be less expensive to implement compared to existing ones. Finally, limitations of existing security systems have to be eliminated with the introduction of the new security system.