Anomaly Detection Scheme for Prevention of Online Attacks - Dissertation Example

 Anomaly Detection Scheme for Prevention of Online Attacks Detection of time-domain change is essential in recognizing availability of a possible attack. The time parameter reflects any deviation from the normal (duration taken) in disseminating information and receiving of the feedback. The efficiency of communication is therefore slowed down and this cripples the activities of an institution. Hacking of the internet system distorts the original information that was fed and may bring about a jam. All these are prevented by use of highly advanced and sophisticated modern devices that quickly sense and produce signals to notify the comptroller (Chiang, 2004). Data analysis must be undertaken to confirm and ensure only the vital information is online and accessed by the target population. The systems are made in a way that they are able to identify the geographical location of an attacker who can then be easily trailed, and legal action may be taken. The coming attacks may also be blocked by an automated program in the system. Updating should always be done to facilitate prompt detection of attacks. This ensures the system remains at pace with any new technological changes. When all security measures are considered, the privacy of an institution remains secured. They remain at the disposal of the authorized authorities. Transmission of information must be sufficient at the shortest time possible. According to Chiang (2004), visualization of system level is done to integrate technology with the systems hardware, software or both. This ensures protection by offering an opportunity to study and analyze visual patterns that indicate any possible attack. Sensors are used to detect and send an alert signal inform of graphs on a screen. Multiple attacks are easily displayed and tracked down from their sources. This calls for a quick action in order to protect the data which includes resetting of the connection. All the forecasting and analysis is done in a data warehouse. This method ensures a quick and smooth action is taken to counteract any attack at the shortest time possible. Selection of heterogeneous threshold and conduct of a proper correlation analysis ensures systems are well set to accommodate large amounts of data and detect any slight attacks at any moment. A web of links is made that connects the major system to several others. A threshold value is also set which sounds an alarm when exceeded. The ease of detection of attacks becomes easier since either of them signals the main server (Chiang, 2004). An internal program is installed to ensure the system is able to detect any foreign data and differentiate self from non-self before sending a signal. The system becomes protected from collapsing and is encompassed with appropriate buffer zones to ensure the best possible results are obtained. Anomaly refers to deviation from the normal way in which information systems operate. This compromises the confidentiality and security of information contained within the system. Any delay in detection and streamlining back to normal may result to great negative impacts. Computers should therefore be protected from any form of attack by installation of a specialized and highly sensitive detector. This is called a detection scheme. It is backed up by additional security features which limit access to specific individuals and from a central point. The system is well cushioned and security guaranteed. Most institutions trust the viability of this security measure. A research was conducted by Lazarevic (2003) in order to identify data attacks and anomaly detection schemes in various computer systems. In most organizations, they gave out efficient and perfect results. Intrusion Prevention System is one with extremely amazing outcomes. It allows service delivery irrespective of any obstacles which may try to inhibit the process. A system of coordinated computer programs facilitates blocking and neutralization of any collective attacks. These include: Time remains a critical factor in detecting attacks. Transmission of messages and obtaining of feedback may get longer than usual (reaction and response time).This is a clear indicator of attacks which may be manual, automatic or semi-automatic. The second form is from within the system and is rarely detected before its occurrence. Most of the attacks are sent as short-term bursts in order to remain camouflaged. Many of the attackers make use of slow time dynamics of transmission time out. Here the attacker sends short-term bursts. In order to overcome the attackers in good time, there should be a means for real-time attack classification and a defense mechanism. This means that data mining by the detection system should be real-time, putting into consideration efficiency, accuracy, and usability, (Axelsson, 1999). To ensure high accuracy in a short time, data mining process uses programs that analyze the data and at the same time distinguish between genuine actions and malicious attacks. To ensure high efficiency, the costs of the extracted features are calculated and the cost approach is useful in production of efficient detection model. Usability improvement is by adapting algorithms that facilitate fast updating of the system to enhance quick attack detection (Barbara, 2001). Audit data analysis and mining (ADAM) is the system that proposes use of data mining methods and detects abnormalities in the audit data. A good example is the program researched and documented by (Barabra, 2001) which is used to check the data and store the packets that are transmitted and along the network. ADAM, can in a very flexible manner, represent known patterns in a network while detecting the unknown attack patterns which cannot be detected using others. System level visualization is the integration of a system’s requirements like hardware and software with the appropriate technology to overcome collaborative attacks. Some systems are beyond protection by the traditional intrusions detection systems (SANS Institute, 1999). Therefore, the mitigation of the attacks is by analyzing visual patterns using several visualization tools that are in place for use in early detection of attacks. These tools include detectors, sensors and data warehouses to improve scalability and efficiency of the anomaly detection systems as well as to enhance sharing of data to update the system. When using sensors, exchange of information happens in real-time while ensuring that data structure is intact. The amount of data reduces by filtering the high entropies. When a sensor detects an attack, it tries to match the attacker’s packet with the signature database of the attack. The sensor reports a match of the two the console and takes an action depending on its configuration. Some of the actions include sending an alert email to an administrator or resetting the connection of the TCP, (Chiang, 2004). A data warehouse in this case is useful for analysis, which is necessary for decision making about dealing with attacks and forecasting. References Axelsson, S. (1999). Research in intrusion-detection systems: A survey. Technical report TR 98-17, Goteborg, Sweden: Department of Computer Engineering, Chalmers University of Technology. Barbara, D., Couto, J., Jajodia, S. and Wu, N. (2002). An architecture for anomaly detection. Applications of Data Mining in Computer Security, 63-76. Champion, T., Durst, R., Miller, E., Spagnuolo, L. and Witten, B. (1999). Testing and evaluating computer intrusion detection systems. Communications of the ACM, (42)7, 53. Chiang, M., Zilic, Z., Chenard, J. and Radecka, K. (2004). Architectures of Increased Availability Wireless Sensor Network Nodes. Anaheim, CA: International Test Conference, IEEE. Ghosh, A., Wanken, J. and Charron, F. (1998). Proceedings of the IEEE Computer Society 14th annual computer security applications conference. Detecting anomalous and unknown intrusions against programs. Los Alamitos, CA. Hofmeyr, S., Forrest, S. and Somayaji, A. (1998). Intrusion detection using sequences of system calls. Journal of Computer Security, 6, 151-180. Kumar, S. (1995). Classification and detection of computer intrusions. (Unpublished doctoral dissertation), Purdue University. Lazarevic, A., Ozgur, A., Ertoz, L., Srivastava, J. and Kumar, V. (2003). Proceedings from SIAM International Conference on Data Mining: A comparative study of anomaly detection schemes in network intrusion detection. Buenos Aires. Mannila, H., Toivonen, H. and Verkamo, A. (1995). Discovering frequent episodes in sequences. Menlo Park,CA: AAAI Press. SANS Institute, (1999). Intrusion Detection Systems: Definition, Need and Challenges. Retrieved on March 9, 2013from http://secinf.net/info/ids/nvh_ids/. Read More