Skip to main content
SpringerLink
Log in

Data Mining Approach in Host and Network-Based Intrusion Prevention System

  • Chapter
Intelligent Systems for Science and Information

Part of the book series: Studies in Computational Intelligence ((SCI,volume 542))

  • 1207 Accesses

Abstract

Intrusion Prevention Systems (IPS) as a security solution have their own characteristics in analysing, detecting and preventing intruders’ acts. It provides a quite good service in securing the network, which goes further than the functionality of Intrusion Detection Systems (IDS), firewalls, antivirus and any security applications. This is by actively responding to attacks and affording great flexibility when dealing with security threats.

Host based IPS mostly depend on a static signature mechanism to identify intruders, which in turn needs to be updated from time to time to insure the most accurate detection. The use of improved Network Intrusion Prevention System (NIPS) based on two mechanisms is to detect patterns of known intrusions (misuse detection) and to distinguish anomalous network activity of intrusion from normal network traffic (anomaly detection) effectively. The Data Mining methods have been used in this chapter to enhance NIPS based on anomaly detection.

In this chapter we try to enhance intruders’ detection, by replacing the static database with a dynamic one, and even more adding intelligence to the detecting mechanism through Data Mining. A feedback to the whole process is being made to help in making future inspections to be more realistic.

The use of Data Mining methods will result in the development of a Network Intrusion Prevention System (NIPS) as an internal security gateway for defending against attacks and threats from within and outside the computer network system. In addition, it will help to detect anomalous activity comprising suspicious probing inside the network before it launches any network attacks with damaging effects.

The study aims to enhance the Snort tool, which consists of a NIPS based on both misuse- and anomaly-detection mechanisms, by using two sub-phases of Data Mining approaches: an improved K-mean clustering algorithm and a PF-growth algorithm. The integration of these two sub-phases helps to discover new rules, especially those related to internal network scans; in addition, the unsupervised learning process in the K-mean algorithm is used to discover new clusters which may represent a new type of attack depending on the decisions of analysts.

The Host based IPS will contribute to achieving enhancement in the following: evolving the techniques of investigating activities due to the use of Data Mining, integrate or could eliminate antivirus programs installed on Personal Computer (PC), and Maximize the level of security of the whole network through securing single host.

Integrating of two of Data Mining approaches (K-mean clustering and PF-Growth algorithm) helps to discover new rules especially those related to internal network scans, besides unsupervised learning process in K-mean algorithm is used to discover new cluster may represent a new type of attack depending on decisions of analysts.

All that work, helps to enhance and develop NIPS tool, by involving Data Mining approaches in investigating anomalies. Besides achieve objective to be a complete system performs requirements such as detect probe attack inside source of network and prevent it before launch network attack to the target machine with high performance, reduce false alarm, easy building system with low cost, and compatibility with any operating system. Furthermore, maximize the effectiveness in identifying attacks, thereby helping the users to construct more secure information systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kizza, J.M.: A Guide to Computer Network Security. In: Computer Communications and Networks, ch. 13. System Intrusion Detection and Prevention. Springer-Verlag London Limited (2009)

    Google Scholar 

  2. Tamagna-Darr, L.: Evaluating the Effectiveness of an Intrusion Prevention / Honeypot Hybrid, Masters thesis, Rochester Institute of Technology, B. Thomas Golisano College of Computing and Information Sciences, Department of Network Security and Systems Administration (August 2009)

    Google Scholar 

  3. Al-Hamami Alaa, H.: Data Mining: concepts, techniques and application. Ithraa Publishing and Distribution, Amman (2008)

    Google Scholar 

  4. Brugger Terry, S.: Data Mining Methods for Network Intrusion Detection, PhD thesis, University of California Davis (2004)

    Google Scholar 

  5. Zois, C., Bos, H.: Intrusion Prevention System, Vrije Universities (2006)

    Google Scholar 

  6. Sequeira, D.: Intrusion Prevention Systems- Security-Silver Bullet?, GSEC Version 1.4B,OPTION 1, SANS Institute, Reading Room site (2002)

    Google Scholar 

  7. Andres, S.K., Andrés, B.: Security Sage’s Guide to Hardening the Network Infrastructure, Understanding Intrusion Detection and Prevention Basics. Syngress Publishing, Rockland (2004)

    Google Scholar 

  8. How Data Mining is Used for Intrusion Detection, spam laws (2010), accessed from: http://www.spamlaws.com/how-data-mining-helps-intrusion-detection.html (last accessed: April 1, 2010)

  9. Siraj Ambareen, B., Rayford, V., Bridges, S.M.: Intrusion Sensor Data Fusion in an Intelligent Intrusion Detection System Architecture (2004)

    Google Scholar 

  10. Bringas, P.G., Penya, Y.K.: Next-Generation Misuse and Anomaly Prevention System. In: Filipe, J., Cordeiro, J. (eds.) Enterprise Information Systems. LNBIP, vol. 19, pp. 117–129. Springer, Heidelberg (2009)

    Google Scholar 

  11. WinPcap, accessed from: http://www.winpcap.org/ (last accessed May 3, 2011)

  12. Gaur, N.: Snort: Planning IDS for your enterprise. Linux Journal (July 11, 2011), accessed from: http://www.linuxjournal.com/article/4668?page=0,0 (last accessed May 3, 2011)

Download references

Author information

Authors and Affiliations

  1. College of Computer Sciences and Informatics, Computer Science Dep., Amman Arab University, Amman, Jordan

    Alaa H. Al-Hamami

  2. Administrative Sciences College Management Information Systems Dep., Applied Science University, Manama, Bahrain

    Ghossoon M. Waleed Al-Saadoon

Authors
  1. Alaa H. Al-Hamami
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ghossoon M. Waleed Al-Saadoon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alaa H. Al-Hamami .

Editor information

Editors and Affiliations

  1. School of Computer Science and Informatics, De Montfort University, The Gateway, Leicester, LE1 9BH, United Kingdom

    Liming Chen

  2. The Science and Information Organization, New York, USA

    Supriya Kapoor

  3. The Science and Information Organization, New York, USA

    Rahul Bhatia

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Al-Hamami, A.H., Al-Saadoon, G.M.W. (2014). Data Mining Approach in Host and Network-Based Intrusion Prevention System. In: Chen, L., Kapoor, S., Bhatia, R. (eds) Intelligent Systems for Science and Information. Studies in Computational Intelligence, vol 542. Springer, Cham. https://doi.org/10.1007/978-3-319-04702-7_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-04702-7_13

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-04701-0

  • Online ISBN: 978-3-319-04702-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation