A centralized management framework of network-based Intrusion Detection and Prevention System

Many network attacks on the internet such as Denial of Service, Port Scanning, and Internet Worm can cause a lot of problems to a network system and tend to be more severe. Therefore, awareness of internet attacks is important. In this paper, we propose a centralized management framework of network-based Intrusion Detection and Prevention System (IDPS) via web application, which allows the network administrator to remotely and efficiently manage the smultiple network-based IDPSsecurity of network system. In our new framework design, multiple network-based IDPSs can be placed in various locations to inspect internet packets in the network. Each IDPS can be easily managed from anywhere and anytime by using a personal computer or a mobile device through a web browser. The web-based management system allows the network administrator to remotely monitor and handle security issues such as managing network port and IP address, updating new network information to identify new malware attacks, as well as displaying the system performance and result analysis. In addition, our network-based IDPS approach can efficiently detect network attacks and internet worms within a short time (i.e., within 2-3 seconds). Several well-known machine learning algorithms can be applied as traffic classification technique in our IDPS approach. From experimental results, we found that our network-based IDPS can analyze internet traffic which include normal packets and malware packets with high accuracy (more than 99%) as well as can immediately protect the network after intrusion detection.