Comparison of the Host Based Intrusion Detection Systems and Network Based Intrusion Detection Systems

Abstract

Recently, Advanced Persistent Threat (APT) has emerged as sophisticated and tailor-made attacks. APTs pose threats mainly targeting institutions such as military, defense and security infrastructure, high profile companies and governments etc. Particularly as a counter measure for APT attacks done by hactivists and cyber warriors and cyber terrorists over government institutions and e-government applications intrusion detection mechanisms are of crucial importance in effective defense. In this study, Intrusion detection and prevention systems have been studied in detail after being referred to the tasks and abilities of the intrusion detection systems that are at the core of the computer security technology presented today in order to meet the increasing need for information and network security. This paper’s aim is the specifying the differences between Host Based Intrusion Detection Systems (HIDS) and Network Based Intrusion Detection Systems (NIDS) and compares the tools which are using HIDS and NIDS. It is asserted that in order to have a better assurance for APT attacks there should be set up a Hybrid IDS approach covering both networks and hosts using both signature and behavioral detection mechanism based on machine learning.

Keywords

• Intrusion detection systems
• Host based intrusion detection systems (HIDS)
• Network based Intrusion detection systems (NIDS), Hybrid IDS, e-government security

References

1. [1]. Bahman Nikkhahan, Akbar Jangi Aghdam, and Sahar Sohrabi, “E-government security: A honeynet approach”, International Journal of Advanced Science and Technology Volume 5, April, 2009 http://www.sersc.org/journals/IJAST/vol5/5.pdf
2. [2]. Niva Das, Tanmoy Sarkar, “Survey on Host and Network Based Intrusion Detection System” Department of Information Technology, University of Calcutta, Kolkata Email: niva.cu@gmail.com Int. J. Advanced Networking and Applications Volume: 6 Issue: 2 Pages: 2266-2269 (2014) ISSN : 0975-0290
3. [3]. Yousef Farhaoui, Ahmed Asimi, “Creating a Complete Model of an Intrusion Detection System effective on the LAN” (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 3, No. 5, 2012
4. [4]. Zhitian Zhou, Congyang Hu, “Study on the E-government Security Risk Management”, International Journal of Computer Science and Network Security, VOL.8 No.5, May 2008 Manuscript received May 5, 2008 Manuscript revised May 20, 2008
5. [5]. Wallner R., Intrusion Detection Systems, 2007, http://www.kiv.zcu.cz/~ledvina/DHT/tugraz/IDS.pdf
6. [6]. S. Young and D. Aitel, The hacker’s handbook: the strategy behind breaking into and defending networks. CRC Press, 2003.
7. [7]. K. Timm, “Strategies to reduce false positives and false negatives in nids,” Tech. Rep., Access Date 10 Oct, 2015. [Online]. Available: http://www.symantec.com/connect/articles/strategies-reduce-false-positives-and-false-negatives-nids .
8. [8]. K. Julisch and M. Dacier, “Mining intrusion detection alarms for actionable knowledge,” in Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining-KDD 02. Association for Computing Machinery (ACM), 2002.

9. [9]. T. Chyssler, St. Burschka, M. Semling, T. Lingvall and K. Burbeck, “Alarm Reduction and Correlation in Intrusion Detection Systems” http://www.ida.liu.se/labs/rtslab/publications/2004/Chyssler04_DIMVA.pdf
10. [10]. W. Yang, W. Wan, L. Guo and L.J. Zhang, “An Efficient Intrusion Detection Model Based on Fast Inductive Learning”, Internation Conference on Machine Learning and Cybernetics.
11. [11]. D. Xuetao, J. Chunfu and Y. Fu, “A Typical Set Method of Intrusion Detection Technology Based on Computer Audit Data”, International Conference on Computational Intelligence and Security.
12. [12]. J. Pikoulas, W. Buchanan, M. Mannion and K. Triantafylopoulos, “An Intelligent Agent Security Intrusion System”, 9th Annual IEEE International Conference and Workshop on the Engineering of Computer-Based Systems.
13. [13]. F. Jemili, M. Zaghdoud and M. Ben Ahmed, “A Framework for an Adaptive Intrusion Detection System using Bayesian Network”, IEEE Intelligence and Security Informatics.
14. [14]. B. Pahlevanzadeh and A. Samsudin, “Distributed Hierarchical IDS for MANET over AODV+”, IEEE Internatinal Conference on Telecommunications and Malaysia Interntional Conference on Communications.
15. [15]. Y. Bai and H. Kobayashi, “Intrusion Detection Systems: Technology and Development”, 17th International Conference on Advanced Information Networking Applications.
16. [16]. David J. Chaboya, Richard A. Raines, Rusty O. Baldwin, Barry E. Mullins, “Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion”, IEEE Security and Privacy.
17. [17]. M. Silva, D. Lopez and Z. Abdelouahab, “A Remote IDS based on Multi Agent Systems, Web Services and MDA”, International Conference on Software Engineering Advances.
18. [18] Irfan Gul, M. Hussain, “Distributed Cloud Intrusion Detection Model” International Journal of Advanced Science and Technology Vol. 34, September, 2011 https://pdfs.semanticscholar.org/9e13/4e4ea8319869f95cc4efabc372fb5fbabe01.pdf
19. [19]. Hassen M. Alsafi, Wafaa Mustafa Abduallah, Al-Sakib Khan Pathan, IDPS: An Integrated Intrusion Handling Model for Cloud, March 2012, https://arxiv.org/abs/1203.3323
20. [20]. Chintan Kacha, Kirtee A. Shevade, “Comparison of Different Intrusion Detection and Prevention Systems” International Journal of Emerging Technology and Advanced Engineering Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 2, Issue 12, December 2012)
21. [21]. Mahmood Khalel Ibrahim et al, “Secure E-Government Framework: Design and Implementation”, IJCSET |May 2013 | Vol 3, Issue 5, 186-193 http://ijcset.net/docs/Volumes/volume3issue5/ ijcset2013030509.pdf