Visible to the public Host-based IDS 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Host-based IDS


The research presented here on host-based intrusion detection systems addresses semantic approaches, power grid substation protection, an architecture for modular mobile IDS, and a hypervisor-based system. Host-based systems are of relevance to the Science of Security topics of cyber physical systems, privacy, resilience, and human behavior. All works cited were presented in 2015.

Mamalakis, G.; Diou, C.; Symeonidis, A.L., “Analysing Behaviours for Intrusion Detection,” in Communication Workshop (ICCW), 2015 IEEE International Conference on, vol., no., pp. 2645–2651, 8–12 June 2015. doi:10.1109/ICCW.2015.7247578
Abstract: In this work, a Behaviour-based Intrusion Detection Model is suggested. The proposed model can be employed from a single host configuration to a distributed mixture of host-based and network-based Intrusion Detection Systems (IDSs). Unlike most state-of-the-art IDSs that rely on analysing lower-level, raw-data representations, our proposed architecture suggests to use higher-level notions--behaviours--instead; this way, the IDS is able to identify more sophisticated attacks. To assess our premise, a Behaviour-based IDS (BIDS) prototype has been designed and developed that scans file system data to identify attacks. BIDS achieves high detection rates with low corresponding false positive rates, superseding other state-of-the-art file system IDSs.
Keywords: data structures; security of data; BIDS prototype; behaviour-based IDS prototype; detection rates; false positive rates; file system data; host-based IDS; network-based intrusion detection systems; raw-data representations; Clustering algorithms; Computers; Engines; Feature extraction; Generators; Internet of things; Training (ID#: 15-7519)


Rout, Ganesh Prasad; Mohanty, Sachi Nandan, “A Hybrid Approach for Network Intrusion Detection,” in Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, vol., no., pp. 614–617, 4–6 April 2015. doi:10.1109/CSNT.2015.76
Abstract: An Intrusion detection system (IDS) monitors network traffic and system activities and report to administrator. In some cases the intrusion detection may also respond to anomalous or malicious traffic by taking action such as blocking of user or source address from accessing the network. IDS comes in variety of flavor but its goals to detecting suspicious traffic in different ways. There are network based and host based intrusion detection system. The IDS is detecting based looking for specific signature of known threats as it antivirus and firewall. The anomaly detection is used to comparing traffics against the baseline. The detection is described briefly in this paper using fuzzy and genetic algorithm.
Keywords: Biological cells; Computers; Genetic algorithms; Intrusion detection; Sociology; Statistics; Classification rules; Fuzzy logic; Genetic algorithm (ID#: 15-7520)


Vasudeo, S.H.; Patil, P.; Kumar, R.V., “IMMIX-Intrusion Detection and Prevention System,” in Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), 2015 International Conference on, vol., no., pp. 96–101, 6–8 May 2015. doi:10.1109/ICSTM.2015.7225396
Abstract: Computer security has become a major problem in our society. Specifically, computer network security is concerned with preventing the intrusion of an unauthorized person into a network of computers. An intrusion detection system (IDS) is a tool to monitor the network traffic and users activity with the aim of distinguishing between hostile and non-hostile traffic. Most of current networks implement Misuse detection or Anomaly detection techniques for Intrusion detection. By deploying misuse based IDS it cannot detect unknown intrusions and anomaly based IDS have high false positive rate for detection. To overcome this, proposed system uses combination of both network based and host based IDPS as Hybrid Intrusion Detection and Prevention System which will be helpful for detecting maximum attacks on networks.
Keywords: computer network security; telecommunication traffic; IDS; IMMIX-intrusion detection system; IMMIX-intrusion prevention system; anomaly detection; misuse detection; non-hostile traffic; Classification algorithms; Clustering algorithms; Computers; Intrusion detection; Machine learning algorithms; Monitoring; anomaly based; attacks; classification; intrusion detection; intrusion prevention; misuse based (ID#: 15-7521)


Feroz, M.N.; Mengel, S., “Phishing URL Detection Using URL Ranking,” in Big Data (BigData Congress), 2015 IEEE International Congress on, vol., no., pp. 635–638, June 27 2015–July 2 2015. doi:10.1109/BigDataCongress.2015.97
Abstract: The openness of the Web exposes opportunities for criminals to upload malicious content. In fact, despite extensive research, email based spam filtering techniques are unable to protect other web services. Therefore, a counter measure must be taken that generalizes across web services to protect the user from phishing host URLs. This paper describes an approach that classifies URLs automatically based on their lexical and host-based features. Clustering is performed on the entire dataset and a cluster ID (or label) is derived for each URL, which in turn is used as a predictive feature by the classification system. Online URL reputation services are used in order to categorize URLs and the categories returned are used as a supplemental source of information that would enable the system to rank URLs. The classifier achieves 93-98% accuracy by detecting a large number of phishing hosts, while maintaining a modest false positive rate. URL clustering, URL classification, and URL categorization mechanisms work in conjunction to give URLs a rank.
Keywords: Web services; Web sites; computer crime; information filtering; pattern classification; pattern clustering; unsolicited e-mail; URL categorization mechanism; URL classification; URL ranking; cluster ID; clustering; email based spam filtering technique; host-based feature; lexical feature; malicious content; online URL reputation service; phishing URL detection; phishing host URL; predictive feature; Accuracy; Classification algorithms; Clustering algorithms; Feature extraction; Security; Servers; Uniform resource locators; Classification; Clustering; Feature Vector; URL Ranking; Web Categorization (ID#: 15-7522)


Zaidi, K.; Milojevic, M.; Rakocevic, V.; Nallanathan, A.; Rajarajan, M., “Host Based Intrusion Detection for VANETs: A Statistical Approach to Rogue Node Detection,” in Vehicular Technology, IEEE Transactions on, vol. PP, no. 99, pp. 1–1, October 2015. doi:10.1109/TVT.2015.2480244
Abstract: In this work, an Intrusion Detection System (IDS) for vehicular ad hoc networks (VANETs) is proposed and evaluated. The IDS is evaluated by simulation in presence of rogue nodes that can launch different attacks. The proposed IDS is capable of detecting a false information attack using statistical techniques effectively and can also detect other types of attacks. First, the theory and implementation of the VANET model that is used to train the IDS is discussed. Then an extensive simulation and analysis of our model under different traffic conditions is conducted to identify the effects of these parameters in VANETs. In addition, the extensive data gathered in the simulations is presented using graphical and statistical techniques. Moreover, rogue nodes are introduced in the network and an algorithm is presented to detect these rogue nodes. Finally, we evaluate our system and observe that the proposed application layer IDS based on cooperative information exchange mechanism is better for dynamic and fast moving networks such as VANETs as compared to other techniques available.
Keywords: Accidents; Ad hoc networks; Cryptography; Data models; Intrusion detection; Mathematical model; Vehicles; Intrusion Detection; Security; VANETs; cryptography; fault tolerance; rogue nodes; vehicular networks; wireless networks (ID#: 15-7523)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.