Combining Host-based and network-based intrusion detection system: A cost effective tool for managing intrusion detection
Intrusion detection has emerged as an important approach to data security. Current researches in areas of intrusion detection have tended towards network-based systems and how to improve on their intrusion detection. Only a little attention is given to host-based systems. For a thorough check on intrusion, both host-based and network-based systems should be involved to effectively detect attacks from insider as well as outsider sources. Installing separate systems, however, could be expensive. Some Intrusion detection System (IDS) vendors prefer to market them separately for some commercial gains. This study aims to integrate the advantages of both types of IDSs in a simple design that is cost effective. The proposed system uses its knowledge-based approach in the security log of the event log file in the Windows operating system to detect failed logins and unauthorized logins for the host-based IDS module while the network-based IDS module uses a hybrid approach to detect attacks like land attack, syn flood, smurf, ping of death, and dictionary attacks. These attacks were simulated using hping. The proposed system is implemented in Java. The results show that the proposed system is able to detect attacks both from within (host-based) and outside sources (network-based).
Key Words: Intrusion Detection System (IDS), Host-based, Network-based, Signature, Security log.