An Anomaly Detection Scheme for prevention of collaborative attacks Dissertation

An Anomaly Detection Scheme for prevention of collaborative attacks - Dissertation Example These systems can be networks, ISP core or P2P systems. Some of the attackers that can collaborate to paralyze a system include, Denial of Messages attacks in which corrupt nodes interfere with radio signals of the genuine nodes thus preventing them from receiving messages. Secondly, Sybil attacks in which users acquire multiple fake identities, controls various nodes of the system, and eventually controls its decisions. Finally malicious flooding where a malicious node floods the system with messages. These attackers have various characteristics that lead to inefficiency of a system. They can cause disruptions at short intervals making the system very slow to respond to any action or they can concentrate at various nodes to cause confusion to the anomaly detection system that is in place. An anomaly is the unusual or unexpected behaviors in an information system .Anomalies violate the security policies of a system and they need early detection and counteraction else, they translate into real life negative situations. An anomaly detection scheme is a technical mechanism used to protect a computer infrastructure from attacks. Recently, there are several attack detection schemes. In order to benefit fully from, the anomaly detection concept, there should be additional security features like the authentication and access control protocols. An attack Detection System is a very important part of the entire system when developed with security in mind. The Anomaly Detection Schemes is not a new concept but it is in various applications with a promise of viable results. Lazarevic et al. (2003) compared various Anomaly Detection Schemes in a network to perform execution of data that was suspicious. Most of the organizations have adopted a system that suits them in detection and prevention of attacks .An example of such a system is the Intrusion Prevention System, which is very useful in preventing the Distributed Denial of Service attacks. Detection and prevention of th e collaborative attacks depends on several factors. Another such system is the STAND system, which is an improved version of CAD sensors discussed later in the prose. Change in time domain: All detection schemes require enough time for discovery of the attack and reaction to it. The attacks can be automatic, manual or semi-automatic. Automatic attacks leave no communication duration to the machine that is about to take place. The time parameters that determine the effect of an attack are reaction time; detection time and the response time. Many of the attackers make use of slow time dynamics of transmission time out. Here the attacker sends short-term bursts. In order to overcome the attackers in good time, there should be a means for real-time attack classification and a defense mechanism. This means that data mining by the detection system should be real-time, putting into consideration efficiency, accuracy, and usability, (Axelsson, 1999). To ensure high accuracy in a short time, data mining process uses programs that analyze the data and at the same time distinguish between genuine actions and malicious attacks. To ensure high efficiency, the costs of the extracted features are calculated and the cost approach is useful in production of efficient detection model. Usability improvement is by adapting algorithms that that facilitate fast updating of the system to enhance quick attack detection (Barbara et al., 2001; Barbara et al., 2002). Audit data analysis and mining (ADAM) is the system that proposes use of data