A hybrid approach to intrusion detection and prevention for business intelligence applications
In this paper, an application-based intrusion detection and prevention (ID/IP) system coupled with data mining and mobile agent technologies is introduced. Under this approach, the ID/IP system consists of a core engine with data sensor, detector, configuration device and alert and response device a...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Published: |
2006
|
| Subjects: | |
| Online Access: | http://shdl.mmu.edu.my/2150/ |
| _version_ | 1848789976996642816 |
|---|---|
| author | Yee, , Chan Gaik Rao, , G. S. V. Radha Krishna |
| author_facet | Yee, , Chan Gaik Rao, , G. S. V. Radha Krishna |
| author_sort | Yee, , Chan Gaik |
| building | MMU Institutional Repository |
| collection | Online Access |
| description | In this paper, an application-based intrusion detection and prevention (ID/IP) system coupled with data mining and mobile agent technologies is introduced. Under this approach, the ID/IP system consists of a core engine with data sensor, detector, configuration device and alert and response device as its main components. The data sensors posting as designated agents are to gather information from their respective sources in real time. The information gathered by the respective agent is fed into the detector where correlation methods and data mining techniques are employed to analyze and identify any intrusive activity or event. Since information is gathered from various sources by the respective agent, different type of profiles representing normal behavior such as network traffic, users, systems, applications, transactions, alarms and alerts can be built, and deviation from these profiles are considered to be intrusion. A rating model is then used to evaluate the intrusive activities. When an intrusion or attack is detected by the detector and evaluated to have a rating below the threshold value, the configuration device changes the status of the ID/IP system to alert mode and signal the alert and response device to take the necessary actions. Subsequently, mobile response agents are used to carry out response mechanisms at the target and the source. |
| first_indexed | 2025-11-14T18:05:17Z |
| format | Article |
| id | mmu-2150 |
| institution | Multimedia University |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:05:17Z |
| publishDate | 2006 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | mmu-21502011-09-21T07:58:11Z http://shdl.mmu.edu.my/2150/ A hybrid approach to intrusion detection and prevention for business intelligence applications Yee, , Chan Gaik Rao, , G. S. V. Radha Krishna TK5101-6720 Telecommunication. Including telegraphy, telephone, radio, radar, television In this paper, an application-based intrusion detection and prevention (ID/IP) system coupled with data mining and mobile agent technologies is introduced. Under this approach, the ID/IP system consists of a core engine with data sensor, detector, configuration device and alert and response device as its main components. The data sensors posting as designated agents are to gather information from their respective sources in real time. The information gathered by the respective agent is fed into the detector where correlation methods and data mining techniques are employed to analyze and identify any intrusive activity or event. Since information is gathered from various sources by the respective agent, different type of profiles representing normal behavior such as network traffic, users, systems, applications, transactions, alarms and alerts can be built, and deviation from these profiles are considered to be intrusion. A rating model is then used to evaluate the intrusive activities. When an intrusion or attack is detected by the detector and evaluated to have a rating below the threshold value, the configuration device changes the status of the ID/IP system to alert mode and signal the alert and response device to take the necessary actions. Subsequently, mobile response agents are used to carry out response mechanisms at the target and the source. 2006 Article NonPeerReviewed Yee, , Chan Gaik and Rao, , G. S. V. Radha Krishna (2006) A hybrid approach to intrusion detection and prevention for business intelligence applications. 2006 International Symposium on Communications and Information Technologies, 1-3. pp. 32-35. |
| spellingShingle | TK5101-6720 Telecommunication. Including telegraphy, telephone, radio, radar, television Yee, , Chan Gaik Rao, , G. S. V. Radha Krishna A hybrid approach to intrusion detection and prevention for business intelligence applications |
| title | A hybrid approach to intrusion detection and prevention for business intelligence applications |
| title_full | A hybrid approach to intrusion detection and prevention for business intelligence applications |
| title_fullStr | A hybrid approach to intrusion detection and prevention for business intelligence applications |
| title_full_unstemmed | A hybrid approach to intrusion detection and prevention for business intelligence applications |
| title_short | A hybrid approach to intrusion detection and prevention for business intelligence applications |
| title_sort | hybrid approach to intrusion detection and prevention for business intelligence applications |
| topic | TK5101-6720 Telecommunication. Including telegraphy, telephone, radio, radar, television |
| url | http://shdl.mmu.edu.my/2150/ |