Developing a Host Intrusion Prevention System by Using Data Mining

Author

Al-Hamami, Alaa Hussein ; Alawneh, T.

fYear

2012

fDate

26-28 Nov. 2012

Firstpage

409

Lastpage

413

Abstract

Intrusion Prevention Systems (IPS) is the most important solution for providing a high level of security all over the networks today. IPS is evolving recently in a way that is expected eventually to replace other security solutions such as firewalls and anti-viruses. To over come the static signature detecting mechanism to identify intruders that exists in all host based IPSs which in turn needs to be updated from time to time to insure the most accurate detection. In this paper we introduce a four tier host based IPS that uses data mining technique, namely decision tree, as a detecting mechanism. The input parameters for the prior decision tree algorithm are the most infected or targeted computer resources by intruders, instead of a static signature database. Three test scenarios were performed to investigate the ability of the proposed IPS to classify intruders correctly.

Keywords

computer network security; data mining; decision trees; digital signatures; computer resources; data mining; decision tree algorithm; four-tier host-based IPS; host intrusion prevention system; input parameters; intruder classification; intruder identification; static signature database; static signature detection mechanism; Intrusion prevention system; and information security; data mining; decision tree; intruder;

fLanguage

English

Publisher

ieee

Conference_Titel

Advanced Computer Science Applications and Technologies (ACSAT), 2012 International Conference on

Conference_Location

Kuala Lumpur

Print_ISBN

978-1-4673-5832-3

Type

conf

DOI

10.1109/ACSAT.2012.103

Filename

6516390