دانلود مقاله ترجمه شده انواع متد در سیستم تشخیص و پیشگیری از نفوذ IDPS – مجله IEEE

 

 

دانلود رایگان مقاله انگلیسی + خرید ترجمه فارسی
عنوان فارسی مقاله: انواع متد در سیستم تشخیص و پیشگیری از نفوذ IDPS
عنوان انگلیسی مقاله: A study of Methodologies used in Intrusion Detection and Prevention Systems(IDPS)
دانلود مقاله انگلیسی: برای دانلود رایگان مقاله انگلیسی با فرمت pdf اینجا کلیک نمائید

 

مشخصات مقاله انگلیسی (PDF)
سال انتشار  2012
تعداد صفحات مقاله انگلیسی 9 صفحه با فرمت pdf
رشته های مرتبط مهندسی ICT، مهندسی کامپیوتر و IT، معماری سیستمهای کامپیوتری، رایانش ابری، امنیت اطلاعات، رایانش امن، دیتا (دیتا و امنیت شبکه)، مهندسی نرم افزار و شبکه های کامپیوتری
مجله  Southeastcon
دانشگاه  کارولینای شمالی
کلمات کلیدی سیستم های تشخیص و پیشگیری از نفوذ(IDPS)، تشخیص ناهنجاری، تشخیص امضا محور، آنالیز پروتکل چند تراکنشی، تشخیص هیبرید محور
شناسه شاپا یا ISSN ISSN 978-1-4673
لینک مقاله در سایت مرجع لینک این مقاله در سایت IEEE
نشریه آی تریپل ای IEEE

 

 

مشخصات و وضعیت ترجمه مقاله (Word)
تعداد صفحات ترجمه مقاله  20 صفحه با فرمت ورد، به صورت تایپ شده و با فونت 14 – B Nazanin
ترجمه تصاویر ترجمه توضیحات زیر تصاویر انجام شده و اشکال و نمودارها به صورت عکس در فایل ترجمه درج شده است. عبارات روی تصاویر ترجمه نشده است.

 

 

 


 

فهرست مطالب:

 

چکیده
۱ مقدمه
۲ بررسی منابع
۳ روش های IDPS
الف روش مبتنی بر ناهنجاری
ب روش مبتنی بر امضا
ج روش مبتنی بر تجزیه تحلیل پروتوکل چند تراکنشی
د روش مبتنی بر هیبرید
۴ ارزیابی روش ها
الف مقاومت در برابر تهاجم
ب صحت بالا
ج سهم بازاری
د توسعه و مقیاس پذیری
د مقاومت به تهاجم
ح صحت و دقت بالا
خ سهام بازاری
ز توسعه پذیری
ص سطح بلوغ
ی خطای موجود در سیستم پایش شده
ق نگهداری
س عملکرد
گ سهولت ترکیب
ی سهولت استفاده
ا مقاومت در برابرتهاجمات جدید
پ مثبت های کاذب
ض منفی های کاذب
۵ نتیجه گیری

 


بخشی از ترجمه:

 

سیستم های تشخیص و پیشگیری از نفوذ(IDPS) سیستم های امنیتی ای هستند که برای شناسایی و پیشگیری از تهدیدات امنیتی برای شبکه های کامپیوتری و سیستم های رایانه ای مورد استفاده قرار می گیرند. این سیستم ها به منظور شناسایی و پاسخ خود کار به تهدیدات امنیتی با کاهش خطر در شبکه ها و کامپیوتر های مورد پایش سازمان دهی و طراحی می شوند. سیستم های تشخیص و پیشگیری از نفوذ(IDPS) از روش ها و اسلوب های متعددی نظیر آنالیز های پروتوکل چند تراکنشی امضا محور و یک سیستم هیبرید بهره می برند که برخی یا همه اجزای سیستم های دیگر را برای شناسایی و پاسخ به تهدیدات امنیتی با هم تلفیق می کنند. رشد سیستم هایی که از ترکیبی از روش ها ایجاد می کنند با انتخاب روش و یا استفاده از سیستم با ابهام و سر در گمی مواجه می شود. هدف این مقاله ارایه یک توجیه کامل از هر روش و سپس معرفی شیوه ای برای مقایسه این روش های نوین است.

۱ مقدمه

سیستم های تشخیص و پیشگیری از نفوذ(IDPS)، تبدیل به یک ابزار ارزشمند در حفظ و ایمن سازی سیستم های اطلاعاتی شده اند. سیستم های تشخیص و پیشگیری از نفوذ(IDPS)، ابزارهای امنیتی هستند که برای پایش ، تجزیه تحلیل و پاسخ به تناقضات و مشکلات امنیتی در برابر سیستم های شبکه و کامپیوتر مورد استفاده قرار می گیرند. این تجاوزات می توانند ناشی از شکست و نفوذ در تلاش های نفوذی های خارجی غیر مجازی باشند که تلاش می کنند تا سیستم را با مشکل مواجه سازند و یا از کاربران مجاز داخلی و هویت آن ها سو استفاده کنند. هم چنان که تشخیص نفوذی مهاجم و زمینه های پیشگیری تکامل حاصل کرده و تولید سیستم های جدید می کند، روش های مهم و سودمند به طور هم زمان و سرعت مشابه ایجاد نشده و کم تر نیز با روش های دیگر ترکیب و تلفیق می شوند. این خود در صورت تلاش برای درک روش های تشخیصی که توسط سیستم های جدید مورد استفاده قرار می گیرند می تواند ابهام انگیز باشد. مطالعات و کار های فعلی و گذشته در این زمینه عمدتا تاکید بر توجیه و بهبود یک یا دو روش دارند. برخی مطالعات به ارزیابی روش ها در برابر روش های جدیدا پیشنهاد شده می پردازند.

 


بخشی از مقاله انگلیسی:

 

Abstract— Intrusion detection and prevention systems (IDPS) are security systems that are used to detect and prevent security threats to computer systems and computer networks. These systems are configured to detect and respond to security threats automatically there by reducing the risk to monitored computers and networks. Intrusion detection and prevention systems use different methodologies such as signature based, anomaly based, stateful protocol analysis, and a hybrid system that combines some or all of the other systems to detect and respond to security threats. The growth of systems that use a combination of methods creates some confusion when trying to choose a methodology and system to deploy. This paper seeks to offer a clear explanation of each methodology and then offer a way to compare these methodologies. Keywords— Intrusion Detection and Prevention Systems (IDPS), Anomaly Based Detection, Signature Based Detection, Stateful Protocol Analysis Based Detection, Hybrid Based Detection. I. INTRODUCTION Intrusion detection and prevention systems (IDPS) have become a valuable tool in keeping information systems secure. IDPS are security tools that are used to monitor, analyse, and respond to possible security violations against computer and network systems. These violations can be a result of break in attempts by unauthorized external intruders trying to compromise the system or internal privileged users miss-using their authority. As the intrusion detection and prevention field continue to evolve and produce new systems, the underlying methodologies are not evolving at the same pace and are slowly being merged together. This creates confusion when trying to understand the detection methodologies that are utilized by newer systems. Past and current work in this area mainly focuses on explaining or improving one or two methodologies. Some works offer an evaluation of one methodology against a proposed a new methodology. This paper bridges this gap by offering an explanation of the four major underlying IDPS detection methodologies and a way to compare them. The four main detection methodologies used by IDPS are signature based, anomaly based, stateful protocol analysis based, and hybrid based. The remaining part of this paper is organized as follows: Section ll gives an overview of related works. Section lll offers a detailed description of the four main methodologies, while Section lV offers a detailed way to compare and evaluate IDPS methodologies. Section V concludes the paper and suggests future work. II. RELATED WORK Intrusion detection and prevention systems are a combination of intrusion detection systems and intrusion prevention systems. Intrusion prevention came out of research on the short comings of intrusion detection. Intrusion detection evolved out of a report that proposed a threat model [1]. This report laid down the foundation for intrusion detection systems by presenting a model for identifying abnormal behaviour in computer systems. This model broke down threats into three groups, external penetrations, internal penetrations, and misfeasance. The report used these three groups of threats to develop an anomaly based user behaviour monitoring system. In 1987 “a model for a real-time intrusion-detection expert system that aims to detect a wide range of security violations ranging from attempted break-ins by outsiders to system penetrations and abuses by insiders” was produced [2]. This model was based on the idea that security breaches to any systems can be identified and monitored by analyzing the system’s audit logs. The model was comprised of profiles, metrics, statistical models, and rules for analyzing the logs. This model provide the “a framework for a general-purpose intrusion-detection system expert system” that is still in use today [3]. The two main methodologies used in intrusion detection and prevention systems are combined to form a collaborative intelligent intrusion detection system (CIIDS)[4]. This work looked and addressed current challenges to collaborative intrusion detection systems and the algorithms they employ for alert correlation. It also suggested ways to reduce false positives while improving the detection accuracy. In [5] a structured approach to intrusion detection systems by defining and classifying the components of an IDS system is offered. This classification offered a clear understanding of all the parts that make up intrusion detection systems and the challenges the systems faces. James and Jay offered survey of where the current research is on the techniques and methodologies used in intrusion detection [6]. Their focus was to summarize the research done in intrusion detection to this point and in so doing offer a starting point for future research to start from. A technical overview of intrusion detection systems starting with 978-1-4673-1375-9/12/$31.00 ©2012 IEEE the fundamentals of how these systems are structured to the techniques they use to detect and identify potential security threats [7]. The paper also explains how an intrusion detection system responds to violations of the security policies they are monitoring. Intrusion detection and prevention systems suffer from scalable and efficiency problems, these two problems are addressed by high performance deep packet pre-filtering and memory efficient technique [8]. This technique allows the Intrusion detection and prevention systems to have high accuracy rates and high performance numbers by utilizing a deep packet pre-filter and changing how it handles and processes memory and captured data. Anomaly detection methodologies are plagued with high rates of false positives and a new detection system for anomaly based methodology that strikes a balance between generalizations is proposed [9]. The proposed system balances the generalizations in anomaly detection methodologies and in doing so it achieves both a high accuracy rate and a low false positive rate. Combining the two most used methodologies in intrusion detection and prevention systems into a system that uses both anomaly and signature based detection methodologies produces a better detection system [10]. This combination of methodologies produces a better system by pre-processing the data with the anomaly detection engine and then passing the results to the signature based engine. This results in a very high accuracy rate and very low false positives. In a proposal for a new signature based intrusion detection and prevention system [11], the authors started by presenting the basic organization and implementations of intrusion detection and prevention systems. III. IDPS METHODOLOGIES There are many different methodologies used by IDPS to detect changes on the systems they monitor. These changes can be external attacks or misuse by internal personnel. Among the many methodologies, four stand out and are widely used. These are the signature based, anomaly based, Stateful protocol analysis based, and hybrid based. Most current IDPS systems use the hybrid methodology which the combination of other methodologies to offer better detection and prevention capabilities. All the methodologies use the same general model and the differences among them is mainly on how they process information they gather from the monitored environment to determine if a violation of the set policy has occurred. Fig. 1 shows a broad architecture of which these systems are based on. This architecture was developed by the Intrusion Detection Working Group and has four functional blocks, the Event blocks which are the event boxes that gathers events to from the monitored system and will be analyzed by other blocks, then the Database blocks which are the database boxes which stores the events from the Event blocks, then the Analysis blocks that processes the events and sends an alert, and final the Response blocks whose purpose is to respond to an intrusion and stop it [12]. Fig. 1 General architecture for IDPS systems. A. Anomaly Based Methodology Anomaly based methodology works by comparing observed activity against a baseline profile. The baseline profile is the learned normal behaviour of the monitored system and is developed during the learning period were the IDPS learns the environment and develops a normal profile of the monitored system. This environment can be networks, users, systems and so on. The profile can be fixed or dynamic. A fixed profile does not change once established while a dynamic profile changes as the systems been monitored evolves [13]. A dynamic profile adds extra over head to the system as the IDPS continues to update the profile which also opens it to evasion. An attacker can evade the IDPS that uses a dynamic profile by spreading the attack over a long time period. In doing so, her attack becomes part of the profile as the IDPS incorporates her changes into the profile as normal system changes. Using a predefined threshold any deviations that fall outside the threshold are reported as violations. A fixed profile is very effective at detecting new attacks since any change from normal behaviour is classified as an anomaly. Anomaly based methodologies can detect zero-day attacks to environment without any updates to the system. Anomaly intrusion detection methodology uses three general techniques for detecting anomalies and these are the statistical anomaly detection, Knowledge/data-mining, and machine learning based [13]. The statistical anomaly techniques are used to build the two required profiles, one during the learning phase which is then used as the baseline profile and the current profile which is compared to the baseline profile and any differences that found a marked as anomalies depending on the threshold settings of the monitored environment [14]. The threshold must be tuned according to the requirements and behaviour of the environment being monitored for the systems to be effective. The knowledge/data-mining technique is used to automate the way the technique monitor searches for anomalies and this process places a very high overheard on the system. The technique produces the most false positives and false negatives due to the high overhead that result from the complicated task of identifying and correctly categorizing observed events on the system [15]. The machine learning technique works by analyzing the system calls and it is the widely used technique [16]. The general architecture of an anomaly based IDPS system is shown in figure 2. The monitored environment is monitored by the detector that examines the observed events against the baseline profile. If the observed events match the baseline, no action is taken, but if it does not match the baseline profile and it is within the acceptable threshold range then the profile is updated. If the observed events do not match the baseline profile and falls outside the threshold range they are marked as an anomaly and alert is issued.

 


 

دانلود رایگان مقاله انگلیسی + خرید ترجمه فارسی
عنوان فارسی مقاله: انواع متد در سیستم تشخیص و پیشگیری از نفوذ IDPS
عنوان انگلیسی مقاله: A study of Methodologies used in Intrusion Detection and Prevention Systems(IDPS)

 

دانلود رایگان مقاله انگلیسی

 

خرید ترجمه فارسی مقاله با فرمت ورد

 

خرید نسخه پاورپوینت این مقاله جهت ارائه

 

 

 

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

دکمه بازگشت به بالا