Detecting Cyber Threats With a Graph-Based NIDPS

Detecting Cyber Threats With a Graph-Based NIDPS

Brendan Ooi Tze Wen, Najihah Syahriza, Nicholas Chan Wei Xian, Nicki Gan Wei, Tan Zheng Shen, Yap Zhe Hin, Siva Raja Sindiramutty, Teah Yi Fan Nicole
Copyright: © 2024 |Pages: 39
DOI: 10.4018/978-1-6684-7625-3.ch002
OnDemand:
(Individual Chapters)
Available
$37.50
Current Special Offers
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

This chapter explores the topic of a novel network-based intrusion detection system (NIDPS) that utilises the concept of graph theory to detect and prevent incoming threats. With technology progressing at a rapid rate, the number of cyber threats will also increase accordingly. Thus, the demand for better network security through NIDPS is needed to protect data contained in networks. The primary objective of this chapter is to explore the concept of a novel graph based NIDPS through four different aspects: data collection, analysis engine, preventive action, and reporting. Besides analysing existing NIDS technologies in the market, various research papers and journals were explored. The authors' solution covers the basic structure of an intrusion detection system, from collecting and processing data to generating alerts and reports. Data collection explores various methods like packet-based, flow-based, and log-based collections in terms of scale and viability.
Chapter Preview
Top

Introduction

According to Kumar, Gupta, and Arora (2021) and Sulaiman et. al. (2021), an intrusion detection system abbreviated as IDS, is software that can detect unauthorised traffic or entry into a host or network by detecting unusual behaviours or by examining multiple data streams within the host or network processes. The demand for sophisticated IDSs is necessary in the 21st century due to rapid advancements in the field of Internet of Things (IoT) with more devices than ever being connected to the Internet. Such advancements have also encouraged the wide-spread use of cloud technologies, which may be storing confidential or sensitive user data (Sulaiman et al., 2021). The move to cloud technologies have caused these services to be prone to cyber-attacks from malicious users resulting in data breaches, Distributed Denial of Services (DDoS), compromised communication between senders and receivers among other issues (Kumar, Gupta and Arora, 2021; Ponnusamy, Humayun, et al., 2022). Before the discovery and deployment of the IDS, other steps have been taken to overcome the vulnerabilities such as the implementation of more secure internet protocols. HyperText Transfer Protocol Secure (HTTPS) and Secure Socket Layer (SSL) were among the protocols introduced as well as Firewalls and various cryptography techniques to further secure these spaces. Figure 1.0 provides an overview of the types, detection mechanisms and techniques used in various types of IDS.

Figure 1.

Overview of IDS

978-1-6684-7625-3.ch002.f01
Source: Aljanabi, Ismail, and Ali (2021)

Definition and Importance of IDS and NIDS

Among the common detection mechanisms that are employed on Intrusion Detection Systems are rule-based detection and statistical-based detection (Adnan et. al, 2021). Rule-based detection also known as knowledge-based detection is where an administrator or a super-user would define set parameters also known as rules for normal use. When a user who may be a regular user or intruder performs an action or activity that is not within the defined parameters, an alert will be sounded, and countermeasures will take place. Such systems could also be trained using datasets that contain information on normal activities or actions, an intrusion into the system will then be detected when an action outside of the training model is performed (Aljanabi, Ismail, and Ali, 2021; Ponnusamy, Aun, et al., 2022). Another detection mechanism that is commonly employed is statistical-based detection. Statistical-based detection is where an IDS would compare the traffic of a system with a general model of defined or known normal usage patterns. The IDS would know an attack is taking place when the difference between the reported model and general model is sufficiently large (Adnan et. al., 2021; Annadurai et al., 2022).  Another example of how statistical models work would be through the application of multiple mathematical models or techniques and specialist structures to create the profile of a normal user through the analysis of the collected data. An attack profile will be put together for actions that do not match the profile of a normal user. The primary goal of a Network Based IDS or Network Intrusion Detection System (NIDS) is to identify and log information as well as report the abnormality to the network admin (Kumar, Gupta and Arora, 2021; Seong et al., 2021). Figure 2.0 shows the components of a NIDS:

Figure 2.

NIDS with its components

978-1-6684-7625-3.ch002.f02
Source: Kumar, Gupta, and Arora (2021)

Among the logical components in a NIDS would be a detection machine, management machine and database. The detection machine is responsible for running the detection software which detects abnormalities within the data stream. The management machine is responsible for managing the detection algorithms and strategies. The database component in a NIDS is used for general data logging, to keep track of abnormalities as well as normal data. To maximise the efficiency of the NIDS, it is usually installed at switches and routers within a network to screen data packets and user traffic.

Complete Chapter List

Search this Book:
Reset