A Multi-Layered Approach to the Design of Intelligent Intrusion Detection and Prevention System (IIDPS)

摘要

Ignoring security threats can have serious consequences; therefore host machines in network must continually be monitored for intrusions since they are the final endpoint of any network.rnAs a result, this paper presents an Intelligent Intrusion Detection and Prevention System (IIDPS), which monitors a single host system from three different layers; files analyzer, system resource and connection layers. The approach introduced, a multi - layered approach, in which each layer harnesses both aspects of existing approach, signature and anomaly approaches, to achieve a better detection and prevention capabilities. The design of IIDPS consist of three basic components; the iExecutive which is an agent that runs in the background, iBaseline which is a database that stores the signatures of intrusions and the iManager which is a user Interface that serves as an intermediary between the IIDPS and the user.rnThis work serves as a foundation upon which interested researchers can further build on to achieve better detection and prevention capabilities.