Abstract:
An Intrusion Detection System (IDS) is a software application that mon-
itor a corporate network or a computer system and
ag activities which it
construes to be malicious operations. The rapid and expansive growth of In-
ternet has heightened concerns on how to protect both stored and transmitted
digital information in an e ective manner.
The reactive IDS will primarily detect intrusions and send out alerts. De-
fending the system is a secondary task, and its success depends on how early
detection can occur when an intrusion is ongoing so that warnings can be
sent in time. IPS, which is mainly proactive, will primarily detect vulnerabil-
ities and take preventive measures in addition to providing the second stage
functionality for an IDS but with limited knowledge and countermeasure ca-
pabilities.
As a solution to this problem, research has been conducted on an area
called Automated Defense. The design of Automated Defense systems needs
to be radically di erent from the IDS/IPS schemes as properties such as on-
line real-time availability of all participants, use of threat intelligence schemes,
availability of high computation power, etc have to be considered. Taking into
consideration the context in which Threat Intelligence Architecture operates,
where transaction value is very low, IDS/IPS systems need to be designed with
a careful trade-o between reliability and cost of implementation.
The research presented in this thesis aims to develop a solution to the
problem of providing the functionality of an IDS with an IPS capability that
is highly responsive, adaptive and able to leverage the most up-to-date knowl-
edge on dealing with threats. The main objective of the research is to combine
an IDS with Threat Intelligence in a manner that can detect le creations and
copying anomalies and provide the mechanisms to alert and initiate actions to
take defensive measures to decrease the potential for damage from attackers.
The main objective of the research is to combine with Threat Intelligence
to provide a mechanism to alert and initiate actions to take defensive measures
to decrease the potential for damage.
