Title: Enhancing Intrusion Detection System with proximity information

Authors: Zhenyun Zhuang, Ying Li, Zesheng Chen

Addresses: College of Computing, Georgia Institute of Technology, Atlanta, GA 30332, USA. ' College of Computing, Georgia Institute of Technology, Atlanta, GA 30332, USA. ' Department of Engineering, Indiana University – Purdue University Fort Wayne, Fort Wayne, IN 46805, USA

Abstract: Intrusion Detection Systems (IDSes) proposed to identify or prevent the wide spread of worms can be largely classified as signature-based or anomaly-based. Modern worms are often sufficiently intelligent to hide their activities and evade anomaly detection, rendering existing IDSes (particularly signature-based) less effective. We propose PAIDS, a proximity-assisted IDS approach for identifying the outbreak of unknown worms. Operating on an orthogonal dimension with existing IDSes, PAIDS can work collaboratively with existing IDSes for better performance. Trace-driven evaluation indicates that PAIDS has high detection rates and low false-positive rates. We also build a prototype with Google Maps APIs and libpcap library.

Keywords: IDS; intrusion detection system; network security; self-propagating worms; proximity information; detection rates; false-positives.

DOI: 10.1504/IJSN.2010.037660

International Journal of Security and Networks, 2010 Vol.5 No.4, pp.207 - 219

Received: 05 Oct 2009
Accepted: 20 Jan 2010
Published online: 23 Dec 2010 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article