Usefulness of DARPA dataset for intrusion detection system evaluation

The MIT Lincoln Laboratory IDS evaluation methodology is a practical solution in terms of evaluating the performance of Intrusion Detection Systems, which has contributed tremendously to the research progress in that field. The DARPA IDS evaluation dataset has been criticized and considered by many as a very outdated dataset, unable to accommodate the latest trend in attacks. Then naturally the question arises as to whether the detection systems have improved beyond detecting these old level of attacks. If not, is it worth thinking of this dataset as obsolete? The paper presented here tries to provide supporting facts for the use of the DARPA IDS evaluation dataset. The two commonly used signature-based IDSs, Snort and Cisco IDS, and two anomaly detectors, the PHAD and the ALAD, are made use of for this evaluation purpose and the results support the usefulness of DARPA dataset for IDS evaluation.

Selection of intrusion detection system threshold bounds for effective sensor fusion

The motivation behind the fusion of Intrusion Detection Systems was the realization that with the increasing traffic and increasing complexity of attacks, none of the present day stand-alone Intrusion Detection Systems can meet the high demand for a very high detection rate and an extremely low false positive rate. Multi-sensor fusion can be used to meet these requirements by a refinement of the combined response of different Intrusion Detection Systems. In this paper, we show the design technique of sensor fusion to best utilize the useful response from multiple sensors by an appropriate adjustment of the fusion threshold. The threshold is generally chosen according to the past experiences or by an expert system. In this paper, we show that the choice of the threshold bounds according to the Chebyshev inequality principle performs better. This approach also helps to solve the problem of scalability and has the advantage of failsafe capability. This paper theoretically models the fusion of Intrusion Detection Systems for the purpose of proving the improvement in performance, supplemented with the empirical evaluation. The combination of complementary sensors is shown to detect more attacks than the individual components. Since the individual sensors chosen detect sufficiently different attacks, their result can be merged for improved performance. The combination is done in different ways like (i) taking all the alarms from each system and avoiding duplications, (ii) taking alarms from each system by fixing threshold bounds, and (iii) rule-based fusion with a priori knowledge of the individual sensor performance. A number of evaluation metrics are used, and the results indicate that there is an overall enhancement in the performance of the combined detector using sensor fusion incorporating the threshold bounds and significantly better performance using simple rule-based fusion.

Secure Routing with an Integrated Localized Key Management Protocol in MANETs

A routing protocol in a mobile ad hoc network (MANET) should be secure against both the outside attackers which do not hold valid security credentials and the inside attackers which are the compromised nodes in the network. The outside attackers can be prevented with the help of an efficient key management protocol and cryptography. However, to prevent inside attackers, it should be accompanied with an intrusion detection system (IDS). In this paper, we propose a novel secure routing with an integrated localized key management (SR-LKM) protocol, which is aimed to prevent both inside and outside attackers. The localized key management mechanism is not dependent on any routing protocol. Thus, unlike many other existing schemes, the protocol does not suffer from the key management - secure routing interdependency problem. The key management mechanism is lightweight as it optimizes the use of public key cryptography with the help of a novel neighbor based handshaking and Least Common Multiple (LCM) based broadcast key distribution mechanism. The protocol is storage scalable and its efficiency is confirmed by the results obtained from simulation experiments.

A method of fraud & intrusion detection for e-payment systems in mobile

The need for paying with mobile devices has urged the development of payment systems for mobile electronic commerce. In this paper we have considered two important abuses in electronic payments systems for detection. The fraud, which is an intentional deception accomplished to secure an unfair gain, and an intrusion which are any set of actions that attempt to compromise the integrity, confidentiality or availability of a resource. Most of the available fraud and intrusion detection systems for e-payments are specific to the systems where they have been incorporated. This paper proposes a generic model called as Activity-Event-Symptoms(AES) model for detecting fraud and intrusion attacks which appears during payment process in the mobile commerce environment. The AES model is designed to identify the symptoms of fraud and intrusions by observing various events/transactions occurs during mobile commerce activity. The symptoms identification is followed by computing the suspicion factors for event attributes, and the certainty factor for a fraud and intrusion is generated using these suspicion factors. We have tested the proposed system by conducting various case studies, on the in-house established mobile commerce environment over wired and wire-less networks test bed.

Mathematical Analysis of Sensor Fusion for Intrusion Detection Systems

Fusion of multiple intrusion detection systems results in a more reliable and accurate detection for a wider class of intrusions. The paper presented here introduces the mathematical basis for sensor fusion and provides enough support for the acceptability of sensor fusion in performance enhancement of intrusion detection systems. The sensor fusion system is characterized and modeled with no knowledge of the intrusion detection systems and the intrusion detection data. The theoretical analysis is supported with an experimental illustration with three of the available intrusion detection systems using the DARPA 1999 evaluation data set.

Parametric Studies on Saltwater Intrusion into Coastal Aquifers for Anticipate Sea Level Rise

Saltwater intrusion into coastal aquifers is a global issue, exacerbated by increasing demands for freshwater in coastal regions. This study investigates into the parametric analysis on saltwater intrusion in a conceptual, coastal, unconfined aquifer considering wide range of freshwater draft and anticipated sea level rise. The saltwater intrusion under various circumstances is simulated through parametric studies using MODFLOW, MT3DMS and SEAWAT. The MODFLOW is used to simulate the groundwater flow system under changing hydro-dynamics in coastal aquifer. To simulate solute transport MT3DMS and SEAWAT is used. The saltwater intrusion process has direct bearing on hydraulic conductivity and inversely related to porosity. It may also be noted that increase in recharge rate considered in the study does not have much influence on saltwater intrusion. Effect of freshwater draft at locations beyond half of the width of the aquifer considered has marginal effect and hence can be considered as safe zone for freshwater withdrawals. Due to the climate change effect, the anticipated rise in sea level of 0.88 m over a century is considered in the investigation. This causes increase in salinity intrusion by about 25%. The combined effect of sea level rise and freshwater draft (C) 2015 The Authors. Published by Elsevier B.V.