Analysis of intrusion detection systems

  • NAZYM KENZHEGALIYEVNA ZHUMANGALIYEVA K.I. Satpayev Kazakh National Research Technical University
  • Anna Alexandrovna Korchenko National Aviation University, Kyiv, Ukraine
  • Aliya Amantayevna Doszhanova Almaty University of Power Engineering and Telecommunications
  • Zhadyra Sovetkhanovna Avkurova L.N. Gumilyov Eurasian National University

Abstract

With the development of information technologies, the amount of vulnerabilities and threats to various data processing systems is increasing, therefore specialized means of security are required to ensure their normal operation and to prevent intrusions, and a promising area that is actively developing in the field of information security is the detection of cyber attacks and the prevention of intrusions in information systems from the unauthorized side. In order to detect network intrusions there are used modern methods, models, tools and complex technical solutions for intrusion detection and prevention systems, which can remain effective when new or modified types of cyber threats appear. Therefore, there was conducted a generalized analysis of the intrusion detection systems software based on a certain basic set of characteristics («Cyber Attack Class», «Adaptability», «Detection Methods»,  «System Control», «Scalability», «Observation Level», «Reaction to Cyber Attack», «Security» and «Operating System Support»). It will give certain opportunities for choosing such tools and for developing the most effective security mechanisms during cyber attacks.

References

[1] Kornienko A.A., Slyusarenko I.M., "Sistemyi i metodyi obnaruzheniya vtorzheniy: sovremennoe sostoyanie i napravleniya sovershenstvovaniya [Systems and methods of intrusion detection: current state and areas of improvement]", Moskva, CIT forum (2009): 7-10.
[2] Mustafaev A.G., "Neyrosetevaya sistema obnaruzheniya kompyuternyih atak na osnove analiza setevogo trafika. Elektronnyiy resurs [Neural network system for detecting computer attacks based on network traffic analysis]", Kaliningrad: ID «Yantarnyiy terem», Voprosyi bezopasnosti No 2 (2016): 1-7.
[3] Branitskiy A.A., Kotenko A.V., "Analiz i klassifikatsiya metodov obnaruzheniya setevyih atak [Analysis and classification of network attack detection methods]" , Tr. SPIIRAN No 2 (45) (2016): 207-244.
[4] Patel R., Thakkar A., Ganatra A., "A Survey and Comparative Analysis of Data Mining Techniques for Network Intrusion Detection Systems , India : International Journal of Soft Computing and Engineering (IJSCE) Vol. 2. Issue 1 (2012): 265-260.
[5] Al-Sakib Khan Pathan, "The State of the Art in Intrusion Prevention and Detection" , New York : Auerbach Publications (2014): 516.
[6] Los A.B., Danielyan Yu.Yu., "Sravnitelnyiy analiz sistem obnaruzheniya vtorzheniy, predstavlennyih na otechestvennom ryinke [Comparative analysis of intrusion detection systems presented in the domestic market]" , Vestnik Moskovskogo finasovo-yuridicheskogo universisteta No 3 (2012): 181-187.
[7] Akhemtov B., Korchenko A., Akhmetova S., Zhumangalieva N., "Improved method for the formation of linguistic standards for ofintrusion detection systems" , Journal of The oreticaland Applied Information Technology Vol. 87, No. 2 (2016): 221-232.
[8] Belova A.L., Borodavkin D.A., "Sravnitelnyiy analiz sistem obnaruzheniya vtorzheniy [Comparative analysis of the detection systems]" , Sibir : SFU. Aktualnyie problemyi aviatsii i kosmonavtiki Vol. 1, No 12 (2016): 742-744.
[9] Mohammad Sazzadul Hoque, Md. Abdul Mukit, Md. Abu Naser Bikas, "An implementation of intrusion detection system using genetic algorithm" , International Journal of Network Security & Its Applications (IJNSA). Sylhet Vol. 4, No. 2 (2012): 109-120.
[10] Lawal O.B. et al., "Analysis and Evaluation of Network-Based Intrusion Detectionand Prevention System in an Enterprise Network Using Snort Freeware" , African Journal of Computing & ICT. Ibadan Vol. 6, No. 2 (2013): 169-184.
[11] Gamayunov D.Yu., Smelyanskiy R.L., "Sovremennyie nekommercheskie sredstva obnaruzheniya atak [Modern noncommercial attack detection tools]" , M.: F-t VMiK MGU. Programmnyie sistemyi i instrumentyi. Tematicheskiy sbornik (2002): 20.
[12] Kuznetsov A.A. et al., "The statistical analysis of a network traffic for the intrusion detection and prevention systems" , Telecommunications and Radio Engineering. Kharkiv Vol. 74, No. 1 (2015).
[13] Baboshin V.A., Vasilev V.A., "Obzor zarubezhnyih i otechestvennyih sistem obnaruzheniya kompyuternyih atak [Review of foreign and domestic computer attack detection systems]" , SPb : Sankt-Peterburgskaya nauchno-tehnicheskaya obschestvennaya organizatsiya «Institut telekommunikatsiy». Informatsiya i kosmos Vol. 2 (2015): 36-41.
[14] Marjan Kuchaki Rafsanjani, Zahra Asghari Varzaneh "Intrusion Detection By Data Mining Algorithms" , Journal of New Results in Science. Tokat : Gaziosmanpasa University No. 2 (2013): 76-91.
[15] Korchenko A.A., Ahmetova B.S., "Klassifikatsiya sistem obnaruzheniya vtorzheniy [Classification of intrusion detection systems]" , K.: NAU, InformatsIyna bezpeka No 1 (13); No 2 (14) (2014): 168-175.
[16] Korchenko A.G. Postroenie sistem zaschityi informatsii na nechetkih mnozhestvah [The construction of security systems on the fuzzy sets] (K.: MK-Press, Teoriya i prakticheskie resheniya, 2006): 320.
[17] Cheswick B., "An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied" , NY : Management Analytics and Others (1997): 147.
[18] Andriy Dugin, "Cisco IDS/IPS. Bezopasnaya nastroyka [Cisco IDS/IPS. Secure configuration]" , M. : OOO Izdatelskiy dom «Polozhevets i partneryi». Sistemnyiy administrator No. 8 (81). (2009).
[19] "Arbor Networks Spectrum [Electronic resourse]" , Tehnicheskie dannyie sistemyi Arbor. Burlignton : Arbor Networks Inc. (2016): 4.
[20] "InfoWatch automation system advanced protector [Electronic resourse]" , Zaschita ot atak na informatsionnuyu infrastrukturu ASU TP. Moskva : GK InfoWatch, 2018.
[21] "IPS Software Blade contracts" , SecureKnowledge Details : [website]. San Carlos : Check Point Software Technologies Ltd. 2015.
[22] Northcutt Stephen, "Intrusion Detection: Shadow Style-Step by Step Guide" , Dahlgren: SANS Institute (1998).
[23] Mark Alexander Bain, "Build an IDS with Snort, Shadow, and ACID [Electronic resourse]" , Security. San Francisco : The Linux Foundation 2005. URL: https://www.linux.com/news/build-ids-snort-shadow-and-acid
[24] "Kaspersky Anti Targeted Attack (KATA) Platform" , Kaspersky Lab : [website]. M.: AO Laboratoriya Kasperskogo (2017). "Peredovaya platforma dlya zaschityi ot tselevyih atak i slozhnyih ugroz" , Kaspersky Anti Targeted Attack Platform : [website]. Minsk : Gazeta Pravda (2017).
[25] Kuznetsov A.A., "The statistical analysis of a network traffic for the intrusion detection and prevention systems" , Telecommunications and Radio Engineering. Kharkiv Vol. 74, No. 1 (2015).
[26] "HP TippingPoint Next Generation Intrusion Prevention System [Electronic resourse]" , Geert Busse. Vilvoorde : Westcon-Comstor, 2018. URL: http://be.westcon.com/content/vendors/hp-enterprise-security-solutions/hp-tippingpoint-ngips
[27] "SANS – Intrusion Prevention with TippingPoint [Electronic resourse]" , Dave Shackleford. SANS Analyst Program. Swansea : SANS Institute by Trend Micro, 2015. URL: https://www.trendmicro.com/content/dam/trendmicro/global/en/business/products/network/integratedatp/ SANS_TrendMicroTippingPoint2600NX.pdf
[28] "Kratkiy analiz resheniy v sfere SOV i razrabotka neyrosetevogo detektora anomaliy v setyah peredachi dannyih [Electronic resourse]" , Habr : [website] 2018. URL: https://habr.com/post/358200/
[29] Chi-Ho Tsang, Sam Kwong, Hanli Wang, "Genetic-Fuzzy Rule Mining Approach and Evaluation of Feature Selection Techniques for Anomaly Intrusion Detection" , Pattern Recognition Vol. 40, No 9. (2007): 2373-2391.
[30] Zadeh L.A., "Outline of a New Approach to the Analysis of Complex Systems and Decision Processes" , IEEE Transactions on Systems, Man, and Cybernetics Vol. SMC-3, No 1. (1973): 28-44.
Published
2019-10-28
How to Cite
ZHUMANGALIYEVA, NAZYM KENZHEGALIYEVNA et al. Analysis of intrusion detection systems. Journal of Mathematics, Mechanics and Computer Science, [S.l.], v. 103, n. 3, p. 55-74, oct. 2019. ISSN 2617-4871. Available at: <https://bm.kaznu.kz/index.php/kaznu/article/view/649>. Date accessed: 22 oct. 2020. doi: https://doi.org/10.26577/JMMCS-2019-3-26.
Keywords шабуылдар, кибершабуылдар, ауытқулар, ақпараттық жүйелерде ауытқуды анықтау