Abstract. With the rapid growth of the Internet and the ever-increasing security problems associated with its popularity, the need for protection against unwanted intruders has become imperative. Antivirus software, intrusion detection systems, spyware detectors, and mal-ware detectors are some of the protection mechanisms available to users today. The diversity of these manifold systems suggests the need for a unifying managerial system, such as APHIDS (A Programmable Hybrid Intrusion Detection System), which can correlate and coalesce preexisting security components. In this paper we provide a description of improvements made to the initial APHIDS design, comprising the introduction of agent caching, the addition of an optional intelligent agent, and an XML implementation of our Distributed Correlation Script (DCS). 1

ABSTRACT: An intrusion detection system plays a major role in network security. We propose a model “DB-OLS: An Approach for IDS ” which is a Deviation Based-Outlier approach for Intrusion detection using Self Organizing Maps. In this model “Self Organizing Map ” approach is to be used for behavior learning and “Outlier mining” approach, for detecting an intruder by calculating deviation from known user profile. This model aims to improve the capability of detecting intruders.

Abstract—Internet services and applications have become an inextricable part of daily life, enabling communication and the management of personal information from anywhere. To accommodate this increase in application and data complexity, web services have moved to a multi-tiered design wherein the web server runs the application front-end logic and data is outsourced to a database or file server. In this paper, we present DoubleGuard, an IDS system that models the network behavior of user sessions across both the front-end web server and the back-end database. By monitoring both web and subsequent database requests, we are able to ferret out attacks that an independent IDS would not be able to identify. Furthermore, we quantify the limitations of any multitier IDS in terms of training sessions and functionality coverage. We implemented DoubleGuard using an Apache web server with MySQL and lightweight virtualization. We then collected and processed real-world traffic over a 15-day period of system deployment in both dynamic and static web applications. Finally, using DoubleGuard, we were able to expose a wide range of attacks with 100 % accuracy while maintaining 0 % false positives for static web services and 0.6 % false positives for dynamic web services. I.

In this study a preliminary investigative data warehouse is developed to integrate and store very detailed audit data from multiple data sources to support a comprehensive view of database usage and potential security breaches. The data warehouse was populated with real usage data collected from over a year of database use by students in a variety of classes. This data was extracted and seeded with some unusual usage patterns that represent potential intrusions into database systems or misuse by insiders. A pivot table interface is shown as an example of a human-in-the-loop navigation tool for investigating unusual activity at a very detailed level. Market basket analysis is explored as a potential data mining technique for uncovering rare usage patterns. The resulting rules identified most of the seeded patterns demonstrating the potential of such automated techniques in detecting malicious or unauthorized activities.

Abstract—In this paper we survey the state of the art in direct and indirect human computer interaction based biometrics. Direct HCI biometrics are based on abilities, style, preference, knowledge, or strategy used by people while working with a computer. The indirect HCI-based biometrics are events that can be obtained by monitoring users ’ HCI behavior indirectly via observable low-level actions of computer software. We examine current research and analyze the types of features used to describe HCI behavior. After comparing accuracy rates for verification of users using different HCI-based biometric approaches we address privacy issues which arise with the use of HCI dependant biometrics. Finally, we present results of our experiments with direct and indirect HCI-based behavioral biometrics employed as a part of an intrusion detection system. Index Terms—behavioral biometrics, human computer interaction, intrusion detection.