Browse > Article
http://dx.doi.org/10.3837/tiis.2019.09.021

Intrusion Detection System for Home Windows based Computers  

Zuzcak, Matej (Department of Informatics and Computers, Faculty of Science University of Ostrava)
Sochor, Tomas (Department of Informatics and Computers, Faculty of Science University of Ostrava)
Zenka, Milan (Department of Informatics and Computers, Faculty of Science University of Ostrava)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.13, no.9, 2019 , pp. 4706-4726 More about this Journal
Abstract
The paper is devoted to the detailed description of the distributed system for gathering data from Windows-based workstations and servers. The research presented in the beginning demonstrates that neither a solution for gathering data on attacks against Windows based PCs is available at present nor other security tools and supplementary programs can be combined in order to achieve the required attack data gathering from Windows computers. The design of the newly proposed system named Colander is presented, too. It is based on a client-server architecture while taking much inspiration from previous attempts for designing systems with similar purpose, as well as from IDS systems like Snort. Colander emphasizes its ease of use and minimum demand for system resources. Although the resource usage is usually low, it still requires further optimization, as is noted in the performance testing. Colander's ability to detect threats has been tested by real malware, and it has undergone a pilot field application. Future prospects and development are also proposed.
Keywords
Network intrusion detection system; IDS; packet; threat; threat analysis; signature;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Sophos, "Troj/Banker-FTC," 2017. https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj-Banker-FTC/detailed-analysis.aspx
2 McAfee, "An Analysis of the WannaCry Ransomware Outbreak," 2017. https://securingtomorrow.mcafee.com/executive-perspectives/analysis-wannacry-ransomware-outbreak/
3 B. Feinstein and G. Matthews, "The Intrusion Detection Exchange Protocol (IDXP)," IETF, 2007.
4 Microsoft, "Microsoft Security Bulletin MS17-010 - Critical," 2017. https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010.
5 H. Hu, H. Zhang, Y. Liu and Y. Wang, "Quantitative Method for Network Security Situation Based on Attack Prediction," Security and Communication Networks, Vol 2017, 2017.
6 Luo, Y., Xiang, K., Fan, J., Zhang, C. "Distributed intrusion detection with intelligent network interfaces for future networks," in Proc. of IEEE International Conference on Communications, 2009.
7 M. Iturbe, I-aki Garitano, Urko Zurutuza, and Roberto Uribeetxeberria, "Towards Large-Scale, Heterogeneous Anomaly Detection Systems in Industrial Networks: A Survey of Current Trends," Security and Communication Networks, Vol. 2017, 2017.
8 Symantec, "Internet Security Threat Report," April 2017. https://www.symantec.com/security-center/threat-report
9 E. Cooke, M. Bailey, D. Watson, F. Jahanian, and J. Nazario, "The Internet motion sensor: A distributed global scoped Internet threat monitoring system," Technical Report CSE-TR-491-04, University of Michigan, Electrical Engineering and Computer Science, 2004.
10 M. Sourour, B. Adel, and A. Tarek, "Ensuring security in depth based on heterogeneous network security technologies," Int. J. Inf. Secur., vol. 8, pp. 233-246, 2009.   DOI
11 Khan, M.A., Salah, K., "IoT security: Review, blockchain solutions, and open challenges," Future Generation Computer Systems, vol. 82, pp. 395-411, 2018.   DOI
12 W. Huang and J. Yang, "New network security based on cloud computing," in Proc. of Education Technology and Computer Science (ETCS), 2010 Second International Workshop on. IEEE, pp. 604-609, 2010.
13 Rengaraju, P., Ramanan, V. R., and Lung, C. H., "Detection and prevention of DoS attacks in Software-Defined Cloud networks," in Proc. of Dependable and Secure Computing, (2017) IEEE Conference on (pp. 217-223), IEEE, 2017.
14 R. Russell, "iptables (8) - Linux man page,". https://linux.die.net/man/8/iptables
15 Fail2ban. https://www.fail2ban.org/wiki/index.php/Main_Page
16 PN. Ayuso, RM Gasca and L. Lefevre, "FT-FW: A cluster-based fault-tolerant architecture for stateful firewalls," COMPUTERS & SECURITY, Vol. 31, Issue. 4 pp. 524-539, 2012.   DOI
17 S. X. Wu and W. Banzhaf, "The use of computational intelligence in intrusion detection systems: A review," Applied Soft Computing, 10(1), pp 1-35, 2010.   DOI
18 P. Garcia-Teodoro, J. Diaz-Verdejoa, G. Macia-Fernandeza, E. Vazquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges" Computers & security, vol. 28, no. 1-2, pp 18-28, 2009.   DOI
19 F. Hock, and P- Kortis, "Commercial and open-source based Intrusion Detection System and Intrusion Prevention System (IDS/IPS) design for an IP networks," in Proc. of Emerging eLearning Technologies and Applications (ICETA), 2015 13th International Conference on (pp. 1-4). IEEE, 2015.
20 H. Debar, D. Curry and B. Feinstein, "The Intrusion Detection Message Exchange Format (IDMEF)," IETF, 2007.
21 The Snort Project, "SNORT Users Manual 2.9.9," chapter 3. Revision 2016. http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node27.html
22 J. T. Rodfoss, "Comparison of Open Source Network Intrusion Detection Systems," 2011. https://www.duo.uio.no/bitstream/handle/10852/8951/Rodfoss.pdf
23 S. Antonatos, K. Anagnostakis, and E. Markatos, "Honey@ home: a new approach to large-scale threat monitoring," in Proc. of the 2007 ACM workshop on recurring malcode, pp. 38-45, ACM, 2007.
24 D. K. Sadhasivan and K Balasubramanian, "A Fusion of Multiagent Functionalities for Effective Intrusion Detection System," Security and Communication Networks, Vol. 2017, 2017.
25 R. Kozik and M Choras, "Pattern Extraction Algorithm for NetFlow-Based Botnet Activities Detection," Security and Communication Networks, Vol. 2017, 2017.
26 Netmarketshare, "Market Share Reports,". http://www.netmarketshare.com