In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
South African Information Security Multi-Conference (SAISMC 2010)
Title: Autonomic Agent-Based Self-Managed Intrusion
Detection and Prevention System
Author(s): Ahmed Patel, Qais Qassim, Zarina Shukor, Jose Nogueira, Joaquim Júnior, Christopher Wills
Keywords: Information Security, Intrusion detection, Intrusion Prevention, Anomaly Detection,
Misuse Detection, Autonomic Computing, Self-Management
Abstract: Over the last fifteen years the world has experienced a wide variety of computer threats and
general computer security problems. As communication advances and information
management systems become more and more powerful and distributed, organizations are
becoming increasingly vulnerable to potential security threats such as intrusions at all levels of
Information Communication Technology (ICT). There is an urgency to provide secure and
safe information security system through the use of firewalls, Intrusion Detection Systems
(IDSs), Intrusion Prevention Systems (IPSs), encryption, authentication, and other hardware
and software solutions. Many intrusion detection and prevention systems have been designed,
but still there are significant drawbacks. Some of these drawbacks are low detection
efficiency, inaccurate prevention schemes and high false alarm rates. Since IDSs and IPSs
have become necessary security tools for detecting and preventing attacks on ICT resources, it
is essential to upgrade the previous designs, techniques and methods to overcome flaws.
Anomaly detection is an essential component of the detection mechanism against unknown
attacks but this requires advanced techniques to be better and more effective. In this paper we
put forward a new agent-based self-managed approach of anomaly intrusion prevention system
based on risk assessment and managed by the principles of the Autonomic Computing (AC)
concept, which has all the flavors of self-management. Applying AC will open up new
frontiers, and enhance and improve the intrusion detection mechanism by not only protecting
the system’s information and assets but also to stop and prevent the breach before it happens.
It can also assist in digital forensics and investigations.
Download count: 2983
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.