You may benefit from the following references:
http://www.sciencedirect.com/science/article/pii/S0140366402000373
http://www.cs.ait.ac.th/xmlui/handle/123456789/337
https://books.google.com.bh/books?hl=ar&lr=&id=o39cAgAAQBAJ&oi=fnd&pg=PP1&ots=yDdvI6nuGb&sig=G0MmFd52Hw4JY4JZRBbRbpjjpiA&redir_esc=y#v=onepage&q&f=false
All the best,
ALL approach should be required. Statistical methods are used to infer the meaning full or refine the data. Then we may use knowledge based or machine learning or combination of both approaches to make a immune detection model. Most of the models available now a days are rule based(Snort, bro etc.). Hence combination approach should be used to detect the novel attacks.
It is application specific. For example if it is an embedded system then rule based/decision tree type IDS is usually the only option.
Techniques such as giving priority to IPs of known regular users to filter packets from DDOS attacks work best when you have more computational power and storage.
In the case of machine learning algorithms it depends on whether you are going to train it offline or quasi-online, the useful attributes of the attack, data availability for a particular attack etc. again highly application specific.
Nour, I have proposed a simple algorithm for IDS cloud. You can checkout my paper for the same.
Thank you.
There are many open source projects which have already tackled the topic, such as Snortr, Suricata, Bro, Kismet, and others. In short, there is no single means which is best. The majority of implementations combined multiple layers of IDS targeting different aspects.
Great question, and is probably worth a survey paper. (please let me know if one is published on this)
You can argue each, but we probably need everything and the kitchen sink until the defenders can actually realize they are under attack in the first place. The battle still is too lopsided where attackers have the "Pearl Harbor" element of surprise and defenders are too busy putting out the fires and doing forensics after the fact.
Tim Bass has the most highly cited publication on this, but no true experimental work has been published yet regarding his masterpiece.
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.47.3851&rep=rep1&type=pdf
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.47.3851&rep=rep1&type=pdf
As Richard mentioned, its a great question where extensive research is needed to answer. The time we come with temporary answer for the question, the nature of the internet traffic may have changed leading to the answer, questionable.
- Badges
- Science topic
- Similar topics
- Social Psychology
- Attitude