A new vision for intrusion detection system in information systems

In recent years, information systems have seen an amazing increase in attacks. Intrusion detection systems have become the mainstream of information assurance. While firewalls and the two basic systems of cryptography (symmetric and asymmetric) do provide some protection, they do not provide complete protection and still need to be supplemented by an intrusion detection system. Most of the work done on the IDS is based on two approaches; the anomaly approach and misuse approach. Each of these approaches whether they are implemented in HIDS or NIDS have weaknesses. To respond these limitations, we propose a new way of seeing in intrusion detection systems. This vision can be described as follows: "Instead of taking and analyzing each attack separately one from the other (have several signature for each type of attack knowing that there is various attacks and several variant of these attacks) or, instead of analyzing log files of the system, so why not see the consequences of these attacks and try to ensure that the security properties affected by these attacks will not be compromise". To do so, we will take the language which is realized by Jonathan Rouzauld Cornabas to modelize the system\´s entities to protect. This paper represents only the idea on which we will base on, in order to design an effective IDS in the operating system running in user space.