Skip to main content
SpringerLink
Log in

IDSIC: an intrusion detection system with identification capability

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Security is an important but challenging issue in current network environments. With the growth of Internet, application systems in enterprises may suffer from new security threats caused by external intruders. This situation results in the introduction of security auditors (SAs) who perform some test methods with hacking tools the same as or similar to those used by hackers. However, current intrusion detection systems (IDSs) do not consider the role of security auditors despite its importance. This causes IDSs to generate many annoying alarms. In this paper, we are motivated to extend a current IDS functionality with Identification Capability, called IDSIC, based on the auditing viewpoint to separate auditing traffic from malicious attacks. The IDSIC architecture includes two components: fingerprint adder and fingerprint checker, which can provide a separability of security auditors and hackers. With this architecture, we show that IDSICs can lower the consequential costs in the current IDSs. Therefore, such IDSICs can ensure a more stable system performance during the security examination process.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Symantec Internet Security Threat Report Volume IX, March 2006 (2006), https://www.enterprise.symantec.com/enterprise/whitepaper.cfm?id=2238

  2. Gehani A., Kedem, G.: RheoStat: real-time risk management. In: Proceedings of Recent Advances in Intrusion Detection: 7th International Symposium, RAID 2004, pp. 296–314 (2004)

  3. BS 7799/ISO 27001:2005, http://www.bsi-global.com/Global/ iso27001.xalter (2005)

  4. COBIT http://www.isaca.org/

  5. ISACA Standards Board IS Auditing Guideline, http://www. isaca.org

  6. Deshpande, Y., Chandrarathna, A., Ginige, A.: Web site auditing—first step towards re-engineering. In: Proceedings of SEKE’02, pp. 731–737 (2002)

  7. Chen, P.T., Tseng, B., Laih, C.S.: A modeling of intrusion detection system with identification capability. In: Lee, D.T., Shieh, S.P., Tygar, J.D. (eds.) Computer Security in the 21st Century ISBN: 0-387-24005-5 (2005)

  8. Fan, W., Lee, W., Stolfo, S., Miller, M.: A multiple model cost- sensitive approach for intrusion detection. In: Proc. Eleventh European Conference of Machine Learning, Barcelona Spain, pp. 148–156 (2000)

  9. Lee, W., Fan, W., Miller, Matt, Stolfo, Sal, Zadok, E.: Toward cost sensitive modeling for intrusion detection and response. J. Comput. Security 10, (2002)

  10. Denning D.E. (1987). An intrusion-detection model. IEEE Trans. Softw. Eng. SE- 13(2): 222–232

    Article  Google Scholar 

  11. Newman, D., Snyder, J., Thayer, R.: Crying wolf: false alarms hide attacks, http://www.nwfusion.com/techinsider/2002/ 0624security1.html (2002)

  12. Bace, R., Mell, P.: NIST Special Publication on Intrusion Detection System, http://www.csrc.nist.gov/publications/nistpubs/ 800-31/sp800-31.pdf (2001)

  13. Verwoerd T. and Hunt R. (2002). Intrusion detection techniques and approaches. Comput. Commun. 25: 1356–1365

    Article  Google Scholar 

  14. Debar H., Dacier M. and Wespi A. (2000). A revised taxonomy for intrusion detection systems. Ann. Telecommun. 55: 361–378

    Google Scholar 

  15. Cannady, J.: An Adaptive Neural Network Approach to Intrusion Detection and Response. Ph.D Thesis, Nova Southeastern University (2000)

  16. Anderson T., Roscoe T. and Wetherall D. (2004). Preventing Internet Denial-of-Service with Capabilities. ACM SIGCOMM Computer Communication Review (CCR) 34(1): 39–44

    Article  Google Scholar 

  17. Lippmann, R.P., Fried, D.J., Graf, I., et al.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (2000)

  18. Nessus, http://www.nessus.org/

  19. Nikto, http://www.cirt.net/code/nikto.shtml

  20. Xfocus, http://www.xfocus.org/exploits/

  21. Wang X. and Yu H (2005). How to Break MD5 and Other Hash Functions, Eurocrypt 2005, LNCS 3494. Springer, Heidelberg

    Google Scholar 

  22. Stallings, W.: Cryptography and Network Security, 4/E. Chap 11. ISBN 0-13-187316-4 (2006)

  23. Krawczyk, H., Bellare M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication. Internet RFC 2104 (1997)

  24. PacketStorm, http://www.packetstormsecurity.org/

  25. Packet Length Distributions. Available at http://www.caida.org/analysis/AIX/plen_hist/on August 2004 (2004)

  26. Lee, W., Miller, M., Stolfo, S., et al.: Toward cost-sensitive modeling for intrusion detection. Columbia University Computer Science Technical Report CUCS-002-00 (2000)

  27. Cabrera, J.B.D., Gosar, J., Lee, W., Mehra, R.K.: On the statistical distribution of processing times in network intrusion detection. In: Proceedings of The 43rd IEEE Conference on Decision and Control (CDC 2004), Bahamas, December 2004 (2004)

  28. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography, Chap 12 (1997)

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, National Cheng Kung University, No.1, Ta-Hsueh Road, Tainan, 701, Taiwan

    Pei-Te Chen & Chi-Sung Laih

Authors
  1. Pei-Te Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chi-Sung Laih
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pei-Te Chen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Chen, PT., Laih, CS. IDSIC: an intrusion detection system with identification capability. Int. J. Inf. Secur. 7, 185–197 (2008). https://doi.org/10.1007/s10207-007-0024-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-007-0024-z

Keywords

Search

Navigation