Free «Intrusion Detection System» Essay

The world has been rendered flat by the newer medium of interconnectedness across the globe, which is subtly defined as the internet. The internet has made our works and our lives so much easier and faster. What took us days, months or even years to do can be accomplished in a miniscule time in comparison. We can communicate with our friends, families, and colleagues over the internet.

Mails and social networking sites have given us a new platform for the social interaction. Besides the communication and the entertainment, there are many other files and software’s that can be downloaded for our perusal. There are chunks of information available over the internet. There are websites for reading newspapers, magazines, and a simple search engine might lead us into a whole new world of knowledge.

There is retailing that now takes place over the internet. You just have to browse through the websites, make your comparisons, then, order, and pay at your convenience. The internet is a new world order. So much is the aura of the internet that it has even started to find its place in telecommunication devices that are like our breaths to us. In simple words, it is a new and glittering dimension of the world.

It is a world of information sharing. People use the internet with a view to enrich their lives by this new standard of living. However, behind the glittering covers, there is a world of complex networks and interconnectedness that is always churning huge chunks of data to and fro. This information that passes through the network is vulnerable to be compromised if there are no means deployed to monitor its safe movement. There is no doubt that there are a lot of people with a malicious intent who might want to obtain information and then use it in ways which might be harmful. There have been incidents of cybercrimes in the past.

In order to ensure that whatever information we share on the internet is not compromised, we need a robust network system which is able to detect any form of an attack which might be malicious in intent. The network should be able to identify the malicious activity targeted at computing and network resources and be able to respond to it as well. Such detection capability of a system is called the intrusion detection, and the networks which deploy it are called the Network Intrusion Detection System (NIDS).

The network information system needs to be protected against an unauthorized access. There are access control systems which prevent unauthorized access. However, there are some users who have a malicious intent and are able to get past this protection mechanism deployed by the control access systems. Therefore, to enhance the protection or security of the network information system, the Network Intrusion Detection System (NIDS) is deployed as a second layer of the protection against an unauthorized access to information systems.

The Intrusion Detection Systems augment the level of the protection that is present in the access control systems to prevent damage by users with a malicious intent. At times, there are users who get past the protection offered by the access control systems. This is where the Intrusion Detection Systems help in detection of the attack and help the network administrators in taking the prevention or if the attack has gone beyond limits then help in the damage control. There are some inbuilt mechanisms within the access control systems that detect attacks against them. Ideally, the Intrusion Detection System must be able to detect those attacks that the access control system can prevent as well as other attacks which are different from those regularly seen by the access control systems. This adds to the protection capability of the networks. In order to be more active than the access control systems, the mechanism employed by the Intrusion Detection Systems must have better algorithms and powerful methods to detect attacks than the simple data base lookups.

The malicious activity can disrupt computer security in three ways: it can impact the confidentiality, the integrity, and the availability. Malicious users impact one of these factors when they attack a system.

We have inferred that the Intrusion Detection System is essential to ensure that our systems are protected. They add robustness to the protectionist mechanism of our access control system alerting the administrators of intruders whenever the access control systems fail to detect an untoward activity in the network. Therefore, it is essential that we delve into the characteristics that make for our robust Network Intrusion Detection System.

Characteristics sought after in the Intrusion Detection System are: timeliness, high probability of detection, low false alarm rate, specificity, scalability, and low priority information.

The Intrusion Detection System must be able to detect and respond within a given time limit before the intruder does a damage, and there is a breach of the security. Timeliness is, therefore,a very important criterion, while selecting the Intrusion Detection System for the network security. If the Intrusion Detection System is not able to detect an intrusion while it is occurring or within a stipulated timeframe, within which the action against the intrusion can be taken, then, the Intrusion Detection System would need to be improved for performance. Nobody would be pleased with the Intrusion Detection System which detects but too late to take action. Essentially, network administrators would want prevention more than the damage control, and if a protection mechanism is unable to do both, then, it would not be worth of deployment. Therefore, timeliness is a very essential feature of the Intrusion Detection System.

The Intrusion Detection System must be able to predict an intrusion with great accuracy and detect almost all kinds of intrusions, ideally. The Intrusion Detection System should have a high probability of detection. Another feature that would make for a worthy Intrusion Detection System would be a low false alarm rate. There are times when the attacks are really a different task needed to be done by a user, which is being considered as an attack. The Intrusion Detection System must have a very low false alarm rate. This again emphasizes the fact that the accuracy of the Intrusion Detection System must be very high. Consider the Intrusion Detection System on your network which was unable to detect an intrusion and lots of your data was compromised. At other times, it raised false alarms for the activity which, according to the IDS, was an intrusion whereas it was nothing close to it. This kind of a system will irritate the administrators highly.

Another feature that one looks for in the Intrusion Detection System is specificity. In identifying attacks, the Intrusion Detection System should give sufficient characterization data to support an effective response. In addition to specificity, the Intrusion Detection System must need a low priority information. It should require minimum prior information before detecting an intrusion. In other words, it should be high on artificial intelligence.

The above-mentioned featuresare some of the features which are looked for in the choice of the Intrusion Detection System. Yes, ideally, all of the above is what the Intrusion Detection System is expected to do. However, these  Systems fall short, and there are some compromises made on one quality over the other.

There are some quantitative metrics that are used, while making the selection of the Intrusion Detection System. As all the characteristics, that one looks for in the Intrusion Detection System might not be available, one has to select the Intrusion Detection System which delivers most optimally in a given kind of a network. The quantitative measures, that help in deciding the best possible Intrusion Detection System for a given network, are divided along three dimensions. These dimensions are based on the quality, the quantity, and the time.

Quality Metrics for IDS selection

It is important for the Intrusion Detection System to be accurate. The measures for accuracy are based on the rate of false alarms generated by the Intrusion Detection System. The lower the rate of false alarms is, the better the Intrusion Detection System is. At the same time, the Intrusion Detection System must have a high probability of the intrusion detection. The system must be able to detect the intrusion with as much precision as possible. Another quality measure for estimating the worthiness of the Intrusion Detection System is how low its rate of letting attacks goes undetected. 

Quantity Metrics for IDS selection

If the Intrusion Detection System is good on quality but is not able to detect an intrusion on a large number of nodes and network interfaces, then, the scope of the Intrusion Detection System is low. It would be good for protecting smaller networks or even individual computers, but when it would come to detect intrusion over bulky networks, then, such systems would not be a good choice. Therefore, based on the quality metrics, the choice of the Intrusion Detection System can be made.

Time Based Metrics for IDS selection

The response time to detect an intrusion is a very important parameter, while making a choice of the Intrusion Detection System. The metrics that are assessed while making a choice of the Intrusion Detection System for one’s network are based on the mean time that the IDS takes to detect an intrusion. Also, the mean time to sound an alarm and alert the administrator to take appropriate actions against the intrusion also determines the soundness of the Intrusion Detection System. The data currency is also a time based metric to check the appropriateness of the Intrusion Detection System.

There are two broad categories under which Intrusion Detection Systems can be classified: anomaly detection and signature based detections. A network employ intrusion detection in its system can be made more robust by including both these features of detection.

The anomaly Intrusion Detection Systems are based on the assumption that there is a set of activities, for instance, browsing the internet or downloading files over the internet, that would generally occur in the computer system.. The anomaly based systems create a profile that includes a general list of activities that usually occur on the network. Then, it consistently monitors the activity on the network to detect anything that occurs outside the general list of activities that define the profile of the network. The anomaly based Intrusion Detection Systems are like CCTV cameras that monitor all activities going on in the place where they are set up and help in identifying anything that seems out of the obvious and suspicious. Thus, the anomaly based Intrusion Detection Systems raise an alarm whenever there is any deviation from the profile established on the network. Data mining is a means of implementing the anomaly based Intrusion Detection Systems. The data mining helps in compiling of all sorts of attacks or suspicious activities that may lead to an attack. Machine learning is another method by which the anomaly based systems can detect an intrusion. The machine learning is a subset of artificial intelligence. The immunity based detection can also help in implementing the anomaly based Intrusion Detection Systems. A combination of all the three can be used to make the anomaly based Intrusion Detection Systems more accurate.

The problems in the anomaly based Intrusion Detection Systems, however, is with regards to the quality of the intrusion detection. There is a higher false alarm rate in the anomaly based Intrusion Detection Systems. This is because there are some activities that may not be in the general profile established for a network, yet they are not an act of intrusion. They are merely unique of doing something on the internet that, due to not being part of the generality of the network, seem to the IDS as being suspicious which then raises an alarm that eventually turns out to be a false one. Such incidents are high in the anomaly based Intrusion Detection Systems. Another drawback of the anomaly based Intrusion Detection Systems is in the complexity and sheer size of the data that needs to be stored and computed to detect an intrusion.

The signature based Intrusion Detection Systems try and gain knowledge about: ’What exactly would malicious behavior be like? How is it generated to harm? What possible harms does it seek to confer?’ It is more like a behavioral analysis. Any kind of malicious intent, that is met, is dealt with and is stored for the future reference. It is like cases in the court. Whenever a unique case is resolved, it is recorded for future references. This is done by comparison of the bits of data that cross the network. All bit information is compared with bits that were recorded as liable to produce malicious attacks. Whenever there is a match or a proximity to it, then, an alarm is raised. This, however, requires a large database which contains information on all the possible attacks in order to make a comparison. This database has to be regularly fed with the latest information on the intrusions; otherwise, a newer form of attack might go undetected and cause damages.

The Scope of Intrusion Detection Systems

The Intrusion Detection Systems can be extended various types of systems. The robustness of the Intrusion Detection System is also determined by the number of systems it can service. There are a myriad range of threats over the internet, and there are a large number of attackers of various natures that are present over the internet. The scope of the Intrusion Detection System lies in the kinds of threats that the IDS can stand guard and the number of attackers it can understand and take action against.

The systems that the Intrusion Detection System serves may be a single computer or a network of computers. At times, a single computer is important enough due to the sensitivity of data that it holds. It is due to this degree of importance of the single computer system that Intrusion Detection Systems are able to cater to a single system only but with greater diligence that is deployed for protection against an intrusion. However, there are times when a whole network needs to be protected against attacks. The Intrusion Detection Systems that are able to cater to a host of computers in a network are then deployed. They require greater coordination as the intrusion detection mechanism is distributed across the network, but they do it with much more aplomb than the Intrusion Detection System which is more capable of taking care of single or lesser number of computers than those present in a given network.

There are various kinds of attackers who have varying levels of intelligence and purposes. There may be amateur hackers who do not intend to do much damage, or there might be sponsored attackers whose purpose is to bring down a network which might be of a great commercial value. The objectives of the intruders might be to compromise on the confidentiality, authentication, integrity, or the availability of services. There are times when some intruders are state sponsored to bring down a network of a great importance to a country. For example, the networks run by the railways of a country or the network which holds the stock markets of a country. In these cases, the perceived threat becomes manifold and requires the Intrusion Detection Systems of the best detection techniques for the prevention and possible actions in case of successful intrusions.

Need for Enhancing Intrusion Detection System

The immense complexity of networks over which information is shared is rising. There are many new types of attacks that are being faced each day. In the face of such threats to data and network security, the Intrusion Detection Systems, too, have to be updated in order to counter the grave dangers faced due to the prevalence of intrusions over the internet.

We have seen how important it has become to secure our networks in order to protect information which might be sensitive. Unless we protect our systems with robust mechanisms, our information might always be under a threat from people who would want to misuse it. Who would, for instance, want to delete all personal information, including bank account numbers and pin numbers due to some elements in the society who would want to live on someone else’s hard earned income. Considering this fact, it has become important to make our Intrusion Detection Systems the best in the business. Providing them with the best mechanisms to detect the most fearsome of intrusions and to take action becomes pertinent. The Digital Signal Processing can be used to make our Intrusion Detection Systems more capable of detecting intrusions. Let us, therefore, understand what digital signal processing is all about.