tailieunhanh - Research on Intrusion Detection and Response: A Survey

Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors, or even internal employees. In fact, according to several studies, more than half of all network attacks are waged internally. The Computer Security Institute (CSI) in San Francisco estimates that between 60 and 80 percent of network misuse comes from inside the enterprises where the misuse has taken place. To determine the best ways to protect against attacks, IT managers should understand the many types of attacks that can be instigated and the damage that these. | International Journal of Network Security Sep. 2005 http ijns 84 Research on Intrusion Detection and Response A Survey Peyman Kabiri and Ali A. Ghorbani Corresponding author Ali A. Ghorbani Faculty of Computer Science University of New Brunswick Fredericton NB E3B 5A3 Canada Email kabiri ghorbani @ Received June 15 2005 revised and accepted July 4 2005 Abstract With recent advances in network based technology and increased dependability of our every day life on this technology assuring reliable operation of network based systems is very important. During recent years number of attacks on networks has dramatically increased and consequently interest in network intrusion detection has increased among the researchers. This paper provides a review on current trends in intrusion detection together with a study on technologies implemented by some researchers in this research area. Honey pots are effective detection tools to sense attacks such as port or email scanning activities in the network. Some features and applications of honey pots are explained in this paper. Keywords Detection methods honey pots intrusion detection network security 1 Introduction In the past two decades with the rapid progress in the Internet based technology new application areas for computer network have emerged. At the same time wide spread progress in the Local Area Network LAN and Wide Area Network WAN application areas in business financial industry security and healthcare sectors made us more dependent on the computer networks. All of these application areas made the network an attractive target for the abuse and a big vulnerability for the community. A fun to do job or a challenge to win action for some people became a nightmare for the others. In many cases malicious acts made this nightmare to become a reality. In addition to the hacking new entities like worms Tro jans and viruses introduced more panic into the networked society. As the .