Characterizing Network Intrusion Prevention System

International Journal of Computer Applications
© 2011 by IJCA Journal
Number 1 - Article 2
Year of Publication: 2011
Deris Stiawan
Abdul Hanan Abdullah
Mohd. Yazid Idris

Deris Stiawan, Abdul Hanan Abdullah and Mohd. Yazid Idris. Article: Characterizing Network Intrusion Prevention System. International Journal of Computer Applications 14(1):11–18, January 2011. Full text available. BibTeX

	author = {Deris Stiawan and Abdul Hanan Abdullah and Mohd. Yazid Idris},
	title = {Article: Characterizing Network Intrusion Prevention System},
	journal = {International Journal of Computer Applications},
	year = {2011},
	volume = {14},
	number = {1},
	pages = {11--18},
	month = {January},
	note = {Full text available}


In the last few years, the Internet has experienced explosive growth. Along with the widespread evolution of new emerging services, the quantity and impact of attacks have been continuously increases, attackers continuously find vulnerabilities at various levels, from the network it self to operating system and applications, exploit the to crack system and services. Defense system and network monitoring has becomes essential component of computer security to predict and prevent attacks. Unlike traditional Intrusion Detection System (IDS), Intrusion Prevention System (IPS) has additional features to secure computer network system. In this paper, we present mapping problem and challenges of IPS. When this study was started in late 2000, there are some models and theories have been developed. Unfortunately, only a few works have done mapping the problem in IPS area, especially in hybrid mechanism. Throughout this paper, we summarize the main current methods and the promising and interesting future directions and challenges research field in IPS.


  • E. Guillen, D. Padilla, and Y. Colorado, “based Intrusion Detection and Prevention Systems,” Latin-American Conference Communications, 2009, pp. 0-4.
  • B. Cao, Z. Zhihong, L. Tie, Y. Zhongde, and L. Jiren, “A Study on Performance Improvement of Gateway Anti-Virus System Based on File Scanning,” Control and Decision Conference 09, 2009, pp. 2293-2295.
  • T. Ghorbani, A.A., Lu, W., Network Intrusion Detection and Prevention : Concepts and Technique, Springer, 2009.
  • A. Fuchsberger, “Intrusion Detection Systems and Intrusion Prevention Systems,” Information Security Technical Report, vol. 10, 2005, pp. 134-139.
  • G. Ollmann, “Intrusion Prevention Systems ( IPS ) destined to replace legacy routers,” Network Security, vol. 11, 2003, pp. 18-19.
  • T. Dutkevych, A. Piskozub, and N. Tymoshyk, “Real-Time Intrusion Prevention and Anomaly Analyze System for Corporate Networks,” IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems Technology and Application, 2007, pp. 599-602.
  • E.E. Schultz and E. Ray, “Future of Intrusion Prevention,” Computer Fraud & Security, 2007, pp. 11-13.
  • H.S. Rhee, C. Kim, and Y.U. Ryu, “Self-efficacy in information security: Its influence on end users’ information security practice behavior,” Journal Computer & Security, vol. 28, 2009, pp. 816-826.
  • V. Frias-martinez, J. Sherrick, S.J. Stolfo, and A.D. Keromytis, “A Network Access Control Mechanism Based on Behavior Profiles,” Annual Computer Security Applications Conference, 2009, pp. 3-12.
  • W. Kim, O.K. Jeong, and S.W. Lee, “On social Web sites,” Journal of Information Systems, vol. 35, 2010, pp. 215-236.
  • C.Y. Wang, S.-cho T. Chou, and H.-ching Chang, “Emotion and Motivation : Understanding User Behavior of Web 2 . 0 Application,” IEEE Computer Society Seventh Annual Commnucation Networks and Services Research Conference, 2009, pp. 1341-1346.
  • S.H. Oh and W.K. Lee, “An anomaly intrusion detection method by clustering normal user behavior,” Computers & Security, vol. 22, 2003, pp. 596-612.
  • D. Stiawan, A.H. Abdullah, and M.Y. Idris, “Classification of Habitual Activities in Behavior-based Network Detection,” Journal of Computing, vol. 2, 2010, pp. 1-7.
  • J.M. Estevez-Tapiador, P. Garcia-Teodoro, and J.E. Diaz-verdejo, “Anomaly detection methods in wired networks : a survey and taxonomy,” Computer Communications, vol. 27, 2004, pp. 1569-1584.
  • F.G. Marmol and G.M. Perez, “Security threats scenarios in trust and reputation models for distributed systems,” Computers & Security, vol. 28, 2009, pp. 545-556.
  • M. Maybury, P. Chase, B. Cheikes, D. Brackney, F.G.G. Meade, T. Hetherington, C. Sibley, J. Marin, T. Longstaff, J. Haile, J. Copeland, and S. Lewandowski, “Analysis and Detection of Malicious Insiders Sara Matzner,” International Conference on Intelligence Analysis, 2005.
  • D. Stiawan, A.H. Abdullah, and M.Y. Idris, “The Trends of Intrusion Prevention System Network,” IEEE, ICETC 2010, vol. 4, 2010, pp. 217-221.
  • D. Stiawan, A.H. Abdullah, and M.Y. Idris, “The Prevention Threat of Behavior-based Signature using Pitcher Flow Architecture,” International Journal of Computer Science & Network Security, vol. 10, 2010, pp. 289-294.
  • E.E. Schultz, “A framework for understanding and predicting insider attacks,” Computer & Security, 2002, pp. 526-531.
  • T. Walker, “Practical management of malicious insider threat – An enterprise CSIRT perspective,” Information Security Technical Report, vol. 13, 2008, pp. 225-234.
  • T. Abbes, A. Bouhoula, M. Rusinowitch, and L. Inria-lorraine, “A Traffic Classification Algorithm for Intrusion Detection,” IEEE 21st International Conference on Advanced Information Networking and Application Workshops (AINAW’07), 2007, pp. 0-5.
  • S.X. Wu and W. Banzhaf, “The use of computational intelligence in intrusion detection systems : A review,” Applied Soft Computing, vol. 10, 2010, pp. 1-35.
  • A.D. Todd, R.A. Raines, R.O. Baldwin, B.E. Mullins, and S.K. Rogers, “Alert Verification Evasion Through Server Response Forging,” Alert Verification Evaluation Through Server Response Forging, LNCS, vol. 4637/2007, 2007, pp. 256-275.
  • R. Perdisci, G. Giacinto, and F. Roli, “Alarm clustering for intrusion detection systems in computer networks,” Engineering Application of Arificial Inteligence, vol. 19, 2006, pp. 429-438.
  • A. Singhal, Data Warehousing and Data Mining Techiques for Cyber Security, Advance in Information Security Springer, 2007.
  • W. Junqi and H. Zhengbing, “Study of Intrusion Detection Systems ( IDSs ) in Network Security,” IEEE. Wireless Communications, Networking and Mobile Computing. WICOM 08, 2008, pp. 1-4.
  • M. Sourour, B. Adel, and A. Tarek, “Collaboration between Security Devices toward improving Network Defense,” Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008), May. 2008, pp. 13-18.
  • W.Z. Xinyou Zhang, Chengzhong Li, “Intrusion Prevention System Design,” Computer and Information Technology, 2004. CIT ’04, 2004, pp. 386-390.
  • A. Le, E. Al-shaer, and R. Boutaba, “On Optimizing Load Balancing of Intrusion Detection and Prevention Systems,” IEEE, INFOCOM Workshops, 2008.
  • J. Carter, E., Hogue, Intrusion Prevention Fundamentals : an introduction to network attack mitigation with Intrusion Prevention System, Cisco press, 2006.
  • C.M. Akujuobi, N.K. Ampah, and M.N.O. Sadiku, “Application of Wavelets and Self-similarity to Enterprise Network Intrusion Detection and Prevention Systems.,” IEEE International Symposium on Digital Consumer Electronics, 2007, pp. 1-6.
  • Y. Weinsberg, S. Tzur-David, D. Dolev, and T. Anker, “High Performance String Matching Algorithm for a Network Intrusion Prevention System ( NIPS ),” High Performance Switching and Routing, 2006, pp. 147-153.
  • Y. Jiang, Y. Gan, J. Zhou, and Z. Cai, “A Model of Intrusion Prevention Base on Immune,” 2009 Fifth International Conference on Information Assurance and Security, 2009.
  • H.O. Myint and P. Meesad, “Incremental Learning Algorithm based on Support Vector Machine with Mahalanobis distance ( ISVMM ) for Intrusion Prevention,” Second International Conference on Intelligent Computation Technology and Automation, 2009, pp. 25-28.
  • H.S. Venter and J.H.P. Eloff, “A taxonomy for information security technologies,” Information Security, 2003, pp. 299-307.
  • S. Zhang, J. Li, X. Chen, and L. Fan, “Building network attack graph for alert causal correlation,” Computers & Security, vol. 27, 2008, pp. 188-196.
  • M. Shouman, A. Salah, and H.M. Faheem, “Surviving cyber warfare with a hybrid multiagent-based intrusion prevention system,” IEEE Potentials, 2010, pp. 32-40.
  • P. Garcıa-Teodoro, J. Dian-Verdejo, G. Macia-Fernandez, and E. Vazquez, “Anomaly-based network intrusion detection : Techniques , systems and challenges,” Computer & Security, vol. 28, 2009, pp. 18-28.
  • M.A. Aydın, A.H. Zaim, and K.G. Ceylan, “A hybrid intrusion detection system design for computer network security,” Computers and Electrical Engineering, vol. 35, 2009, pp. 517-526.
  • A. Seleznyov and S. Puuronen, “HIDSUR: A Hybrid Intrusion Detection System Based on Real-time User Recognition,” IEEE Proceeding, 11th International Worskhop Database and Expert Systems Applications, 2000, pp. 41-45.
  • X. Yu, “A New Model of Intelligent Hybrid Network Intrusion Detection System,” IEEE Proceeding International Conference Bioinformatics and Biomedical Technology (ICBBT), 2010, pp. 386-389.
  • Y. Ding, L.E.I. Li, and H.-qi Luo, “A novel signature searching for intrusion detection system using data mining,” Proceedings of the Eighth International Conference on Machine Learning and Cybernetics, 2009, pp. 12-15.
  • K. Hwang, M. Cai, Y. Chen, S. Member, and M. Qin, “Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes,” IEEE Transactions on Dependable and Secure Computing, vol. 4, 2007, pp. 41-55.
  • T.S. Chou and T.N. Chou, “Hybrid Classifier Systems for Intrusion Detection,” IEEE Computer Society Seventh Annual Commnucation Networks and Services Research Conference, 2009, pp. 286-291.
  • Y. Qing, W. Xiaoping, and H. Geofeng, “A Hybrid Model of RST and DST with Its Application in Intrusion Detection,” IEEE Computer Society, International Symposium on Inteligent Information Technology and Security Informatics, 2010, pp. 202-205.
  • A. Foroughifar, M.S. Abadeh, A. Momenzaideh, and M.B. Pouyyan, “Misuse Detection via a Novel Hybrid System,” 2009 Third UKSim European Symposium on Computer Modeling and Simulation, 2009, pp. 11-16.
  • Q. Zhang, H. Yang, K. Li, and Q. Zhang, “Research on the Intrusion Detection Technology with Hybrid Model,” 2nd Conference on Environmental Science and Information Application Technology, 2010, pp. 646-649.
  • J. Zhang, M. Zulkernine, and A. Haque, “Random-Forests-Based Network Intrusion,” MAN and Cybernetics, vol. 38, 2008, pp. 649-659.
  • Y.X. Ding, M.I.N. Xiao, and A.-wu Liu, “Research and Implementation on SNORT-based Hybrid Intrusion Detection System,” IEEE Proceeding of the Eighth International Conference on Machine Learning and Cybernetics, 2009, pp. 12-15.
  • J. Marin, D. Ragsdale, and J. Surdu, “Hybrid Approach to the Profile Creation and Intrusion Detection,” IEEE Proceeding, Information Survivability Conference & Exposition II, DISCEX ’01, 2001, pp. 69-76.
  • O. Depren, M. Topallar, E. Anarim, and M.K. Ciliz, “An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Systems with,” Expert System with Application, vol. 29, 2005, pp. 713-722.
  • W. Lin, L. Xiang, D. Pao, and B. Liu, “Collaborative Distributed Intrusion Detection System,” Higher Education, 2008.