CHAPTER ONE

INTRODUCTION

1.1 Background Study of the Research

Communication was primarily conducted through linguistics in the early stages of human
history. Language, being a form of technology, enables individuals to grasp the conveyed
information, albeit with limitations regarding longevity (Muwardi et al., 2021). Information
retained by the recipient is susceptible to fading and lacks substantial preservation capabilities.
Moreover, linguistic communication is constrained by its auditory nature. An alternative
technological avenue for information dissemination is the utilization of visual representations
(Muwardi et al., 2021). Images serve as a medium for acquiring comprehensive information that
others can retain, share, and interpret. Certain forms of information possess enduring qualities, as
exemplified by the survival of ancient relics' images to decipher the creator's message. The
advent of the alphabet system has significantly enhanced the efficiency of information
transmission. Through the amalgamation of alphabets or numerical symbols, pictorial depictions
of historical occurrences, like "MCMXLIII" denoting 1943, are rendered feasible. This alphabet-
based technology streamlines the conveyance of information (Muwardi et al., 2021).

Subsequently, the emergence of printing technology revolutionized the speed at which

information could be disseminated. Advancements in electronic platforms such as radio,
television, and computers have further accelerated the spread of information across vast
territories while enhancing storage capacities. The evolution of information technology,
particularly in the realms of networking and computer services, has greatly facilitated routine
professional tasks (Muwardi et al., 2021).

Today, an individual can access and transmit various forms of information, such as videos or
emails, with just a click of a button. However, the security of this transferred information is a
crucial consideration that prompts contemplation (Kalakuntla, Vanamala, & Kolipyaka, 2019).
This concern is addressed through the realm of cybersecurity, which is increasingly vital in a
landscape where over 61% of all industry transactions occur online, necessitating robust security
measures for seamless and secure exchanges (Dervojeda, et al., 2014). Consequently,
cybersecurity has emerged as a contemporary issue that extends beyond safeguarding data solely
within the IT sector to encompass diverse domains, including cyberspace, underscoring the
importance of enhancing cybersecurity protocols to fortify essential data systems essential for
national security and economic well-being.

Enhancing the safety of the Internet and protecting its users has emerged as a fundamental aspect
of developing new governance frameworks and policy agendas (Gross, Canetti & Vashdi, 2017).
The battle against cybercrime necessitates a comprehensive and fortified approach rather than
relying solely on specific measures. Effective law enforcement intervention is crucial to
investigate and prosecute cybercrimes efficiently. In response to the escalating threat landscape,
numerous nations and governing bodies are implementing stringent regulations to fortify cyber
defenses and avert critical data breaches. Individuals must acquaint themselves with
cybersecurity practices to shield against the burgeoning tide of cyber threats.

Cybersecurity encompasses addressing vulnerabilities arising from the evolving digital landscape
and implementing strategies to bolster security measures (Kumar, & Somani, 2018). It
encompasses a wide array of technical and non-technical activities and mechanisms aimed at
safeguarding the digital environment and the sensitive information it harbors against potential
threats. Organizations often fortify their networks using firewalls in tandem with Intrusion
Detection Systems (IDS). Firewalls create a barrier between secure and insecure networks by
enforcing access controls, dictating the flow of traffic entering the network. Meanwhile,
Intrusion Detection Systems serve as a supplementary layer of defense supporting primary
systems like firewalls, encryption, and authentication. This redundancy is crucial in the event of
an oversight in updating the rule sets of primary systems.

Studies demonstrate the efficacy of employing dual-layer security systems across a network of
clients sharing the same server. However, the challenge remains in devising a robust and reliable
method to concurrently monitor the security of disparate networks, highlighting the ongoing
need for innovation in cybersecurity practices.

In today's context, 'cyber-attacks' or 'cyber hazards', also identified as 'cyber crimes', are widely
debated due to their intricate and evolving characteristics within 'cyberspace', invisible to the
naked eye. Cybercrimes involve perpetrators and victims from various global locations, lacking a
specific geographical concentration. This implies that any individual residing in any part of the
world can potentially face a cyber threat or engage in illicit activities within this domain. Given
the digitalized nature of modern society, it is imperative for individuals to have an understanding
of the potential risks associated with utilizing information technology and to adopt measures for
safeguarding against such risks. Cyber security is dedicated to shielding individuals from these
transnational crimes and ensuring their well-being by safeguarding their personal information
while navigating the internet or the World Wide Web.

1.2 Problem Statement

In the rapidly evolving landscape of cyber threats, conventional intrusion detection systems
(IDS) and cyber security monitoring frameworks encounter challenges in effectively detecting
and responding to increasingly sophisticated attacks. These challenges stem from a variety of
factors, some of which are highlighted below:

 The exponential growth in network traffic and data generated by devices, particularly in
IoT environments, overwhelms traditional IDS, posing difficulties in real-time analysis
and detection due to the volume and velocity of data.
 Cyber threats have evolved to be more complex, employing advanced techniques such as
polymorphism, zero-day exploits, and multi-vector attacks, which often elude traditional
signature-based and anomaly-based detection systems, highlighting the complexity of
attacks.
 Current IDS technologies often grapple with high false positive rates, leading to alert
fatigue among security analysts, while also missing subtle and novel threats, resulting in
false negatives.
 Scalability and adaptability are crucial as organizations expand their networks and
incorporate new technologies, necessitating IDS to scale and adapt to diverse
environments without significant performance degradation.

To tackle these challenges, the development of advanced alert systems that harness machine
learning, deep learning, and big data analytics is imperative. These systems aim to bolster
detection accuracy, minimize false alarms, and offer real-time, scalable solutions for cyber
security monitoring and intrusion detection.
1.3 Motivation of the study

Motivation for the Project Research is highlighted below:

 Escalating Cybersecurity Threats: The escalating frequency and complexity of cyber

assaults present notable dangers to individuals, enterprises, and governmental entities.
Prominent breaches and the emergence of advanced persistent threats (APTs) underscore
the insufficiency of conventional security measures, emphasizing the pressing
requirement for more resilient and sophisticated intrusion detection systems.
 Economic Ramifications: Cybercrime inflicts substantial financial burdens on global
organizations. As per a Cybersecurity Ventures report, it is projected that cybercrime will
incur a financial toll of $10.5 trillion annually worldwide by 2025, a significant increase
from $3 trillion in 2015. This economic impact propels the advancement of more efficient
security solutions to mitigate potential financial losses.
 Explosion of Data: The rapid expansion of data, driven by the proliferation of IoT devices
and digital transformation endeavors, poses challenges for conventional IDS in
processing and scrutinizing large data volumes in real-time. Advanced systems
incorporating big data analytics can effectively handle and interpret this data, offering
prompt and precise threat identification.
 Technological Progress: The emergence of machine learning and deep learning presents
novel prospects to enhance IDS capabilities. These technologies can discern patterns and
irregularities that conventional methods may overlook, furnishing a proactive and
comprehensive defense against cyber threats.
 Adherence to Regulations: Rigorous data protection mandates, such as GDPR in Europe
and CCPA in California, mandate organizations to deploy robust security measures for
safeguarding sensitive data. Crafting an advanced intrusion detection and alert system
aids organizations in complying with these regulations and sidestepping substantial
penalties.
 User Fatigue and Resource Constraints: Elevated false positive rates in traditional IDS
contribute to alert fatigue among security analysts, resulting in critical alerts being
disregarded. Advanced systems that diminish false positives can mitigate this challenge,
enhancing the efficiency and effectiveness of security operations.
  Requirements for Scalability: With organizational expansions and the growing
complexity of networks, there arises a necessity for scalable security solutions capable of
adapting to diverse environments and threat landscapes without notable performance
deterioration. The development of such systems guarantees sustained protection as
organizational requisites evolve.
1.4 Research Aim and Objective

This study aims to develop a sophisticated intrusion detection and alert system that utilizes
machine learning and big data analytics to improve detection accuracy, reduce false positives and
negatives, and enable real-time, scalable cyber security monitoring.

The specific objectives of this research are as follows:

 Data Collection and Preprocessing: The objective is to acquire extensive datasets from
various sources (e.g., network traffic, system logs, IoT devices) and preprocess them to
eliminate noise and irrelevant data, ensuring high-quality inputs for analysis.
 Algorithm Development: The goal is to create and implement advanced machine learning
and deep learning algorithms that can accurately identify complex and novel attack
patterns.
 Real-Time Analysis: The aim is to establish a real-time analysis framework that can
process data streams immediately, allowing for prompt detection and response to cyber
threats.
 False Positive Reduction: The objective is to integrate methods such as ensemble learning
and anomaly detection to minimize false positives and enhance the precision of the alert
system.
 Scalability and Adaptability: The goal is to guarantee that the system can expand to
manage large data volumes and adjust to diverse network environments and evolving
threat scenarios without significant performance decline.
 User Interface and Alert Mechanism: The aim is to develop a user-friendly interface that
delivers clear and actionable alerts to security analysts, including detailed threat analysis
and recommended mitigation strategies.
  Performance Evaluation: The objective is to thoroughly assess and evaluate the system's
performance using standardized benchmarks and real-world situations, ensuring its
dependability and efficacy in diverse operational settings.
1.5 Significances of the study

The specific areas of significance of the study are highlighted thus:

 Enhanced Security Posture: Through the development of a sophisticated intrusion

detection and alert system utilizing machine learning and big data analytics, the research
endeavors to enhance the capability to detect and mitigate complex cyber threats, thus
improving the overall security stance of organizations and reducing the vulnerability to
data breaches and cyber assaults.
 Reduction in False Positives and Negatives: Conventional IDS systems often face
challenges with high false positive rates, leading to alert fatigue within the security
community. This study's emphasis on advanced detection algorithms seeks to minimize
the occurrence of false positives and negatives, ensuring prompt identification and
response to genuine threats, thereby enhancing the operational efficiency of security
measures.
 Real-Time Threat Detection: The integration of real-time analysis frameworks will
facilitate instant identification and response to cyber threats, thereby minimizing the
potential impact of attacks. This functionality is essential for safeguarding sensitive
information and upholding business continuity in light of cyber incidents.
 Scalability and Adaptability: The envisioned system will be structured to expand
alongside organizational networks' growth and adjust to diverse environments and
evolving threat landscapes. This guarantees that the system remains potent and
dependable as organizations expand and encounter changing security requirements.
 Cost Efficiency: Enhanced detection capabilities and decreased false positives have the
potential to generate cost savings by reducing the time and resources allocated to
investigating false alarms and averting costly data breaches. Efficient resource
distribution and successful threat mitigation approaches will contribute to an overall cost-
effective approach to cyber security management.
  Innovation in Cyber Security: This study contributes to the cyber security knowledge
domain by investigating and confirming novel techniques and methodologies. It
encourages further exploration and innovation, nurturing progress in the sector that can
be advantageous to both academic and corporate stakeholders.
 Educational Value: The research outcomes can serve as educational material for training
cybersecurity professionals and students. By grasping the latest intrusion detection
techniques and technologies, individuals can enhance their readiness to handle
contemporary cyber threats.
 Industry Standards Development: Insights derived from this study can guide the
establishment of industry standards and optimal practices for intrusion detection and
cyber security monitoring. This will facilitate the formulation of more resilient and
consistent security protocols across various sectors.

1.6 Scope and limitation of the study

The scope of this study is shown below:

 Development of Detection Algorithms: The study is centered on the development and

implementation of advanced machine learning and deep learning algorithms tailored
specifically for intrusion detection. This involves the exploration of various models and
methodologies aimed at identifying and addressing complex cyber threats.
 Real-Time Monitoring: The research endeavor seeks to establish a framework for
instantaneous analysis and detection of threats, ensuring the system's capability to
promptly process and scrutinize data streams for timely alerts and responses.
 Data Collection and Analysis: A comprehensive data collection process will be carried
out from diverse sources such as network traffic, system logs, and IoT devices. The
analysis of this data will involve preprocessing to unveil patterns and anomalies
suggestive of potential security breaches.
 Evaluation and Testing: The assessment of the system's performance will be conducted
rigorously using standard benchmarks and practical scenarios to guarantee its
dependability, precision, and efficacy in the detection and mitigation of threats.
  User Interface Design: The project encompasses the development of a user-friendly
interface that delivers clear and actionable alerts to security analysts. This encompasses
in-depth threat analysis and suggestions for mitigation strategies.
 Scalability and Adaptability: The investigation will focus on addressing the system's
capacity to expand alongside growing data volumes and to adapt to varying network
environments and evolving threat landscapes.

Limitations of the Study

 Data Availability: The efficacy of the created algorithms and systems heavily relies on the
quality and diversity of the datasets utilized. Restricted access to comprehensive and
representative datasets could impact the accuracy and applicability of the results.
 Computational Resources: Advanced machine learning and deep learning algorithms
necessitate substantial computational resources for training and real-time analysis.
Constraints in resources may confine the range of experiments and the complexity of
models that can be formulated and assessed.
 Real-Time Constraints: Implementation of real-time threat detection poses notable
challenges in ensuring minimal latency and maximum throughput. Addressing these
requirements while upholding detection accuracy may pose technical constraints.
 False Positives and Negatives: Despite efforts to minimize false positives and negatives,
completely eradicating them proves to be arduous. A certain level of misclassification is
inevitable, potentially affecting the overall efficacy of the system and the workload of
security analysts.
 Scalability Challenges: Ensuring the system's sustained effectiveness and efficiency as
data volume and network intricacy escalate presents a substantial challenge. Scalability
assessments may encounter limitations due to available infrastructure and resources.
 Generalizability of Results: While the developed system and algorithms may function
effectively in controlled or specific environments, challenges may arise when deployed in
diverse real-world settings with unpredictable threat landscapes.
 Evolving Threats: The realm of cyber threats is in a constant state of evolution, with new
attack vectors emerging that the existing system may not be equipped to detect.
 Continuous updates and adaptations of the system are imperative to uphold its relevance
and efficacy.
1.7 Research Methodology

The methods employed during this research include:

 Conducting a systematic literature review to Identify existing alert systems and evaluate
current intrusion detection techniques.
 Designing and implementing a prototype system based on best practices identified from
the literature review and Integration of innovative detection algorithms and technologies.
 carrying out empirical research to verify the suggested system's efficacy and evaluate
how well it can identify and mitigate cyber threats.
 Testing and simulating the system in real life to assess its performance in a range of
cyberattack scenarios; refining and improving the system in light of test findings and user
input.
1.8 Definitions of terms used in research

Intrusion Detection System (IDS):

An Intrusion Detection System (IDS) is a software application or hardware device designed to

detect unauthorized access, misuse, or anomalies within a computer network. IDS monitors
network traffic and system activities for suspicious behavior, alerting administrators to potential
security breaches.

Machine Learning:

Machine learning is a subset of artificial intelligence that involves the development of algorithms
and statistical models that enable computers to perform specific tasks without explicit
instructions. Instead, systems learn from data patterns and improve their performance over time.

Big Data Analytics:

Big data analytics refers to the process of examining large and varied data sets to uncover hidden
patterns, correlations, and other insights. This involves using advanced analytic techniques and
tools to handle data that is too complex for traditional data-processing applications.

False Positive:
A false positive in cyber security is an incorrect identification where a benign activity is wrongly
flagged as malicious by an intrusion detection system or other security mechanisms. This can
lead to unnecessary investigations and resource expenditure.

False Negative:

A false negative occurs when a security system fails to detect a malicious activity or breach,
mistakenly identifying it as legitimate. This oversight can result in unaddressed security
vulnerabilities and potential damage.

Real-Time Analysis:

Real-time analysis refers to the immediate processing and examination of data as it is collected,
allowing for instant insights and prompt responses to events. This is crucial in cyber security for
timely detection and mitigation of threats.

Scalability:

Scalability is the capability of a system, network, or process to handle an increasing amount of

work or its potential to accommodate growth. In cyber security, this means the system can
efficiently manage larger volumes of data and users without performance degradation.

Anomaly Detection:

Anomaly detection is a technique used in various fields, including cyber security, to identify
unusual patterns in data that do not conform to expected behavior. This helps in identifying
potential security breaches or system faults.

IoT (Internet of Things):

The Internet of Things (IoT) refers to the interconnected network of physical devices, vehicles,
buildings, and other objects embedded with sensors, software, and network connectivity,
allowing them to collect and exchange data.

Cyber Threat:

A cyber threat is any malicious act that seeks to damage data, steal data, or disrupt digital life in
general. This can include malware, phishing, ransomware, and other cyber-attacks aimed at
exploiting vulnerabilities in digital systems.
1.9 Expected contribution to knowledge

By improving cyber security through real-time monitoring and intrusion detection, this study
area advances our knowledge and capacities for securing digital systems and networks.
 CHAPTER TWO

LITERATURE REVIEW

Today, individuals can transmit and receive various types of data, such as emails, audio,
or videos, with a simple click of a button. However, the security of this transmitted data is often
overlooked. The concept of ensuring secure data transmission lies within the realm of cyber
security (Reddy & Reddy, 2013). In the modern world, the Internet has become an essential and
rapidly expanding infrastructure. The continuous advancement of technology is reshaping human
society, yet it has also led to challenges in safeguarding private information effectively, resulting
in a rise in cybercrimes (Reddy & Reddy, 2013). With over 60 percent of commercial
transactions now taking place online, the need for stringent security measures to facilitate
transparent and secure transactions is evident. Consequently, cyber security has emerged as a
pressing concern, extending beyond the IT industry to encompass various other sectors,
including cyberspace (Reddy & Reddy, 2013).

2.1 Cyber Security Monitoring and Intrusion Detection

2.1.1 Cyber Crime

The emergence of cybercrime refers to any illicit activity that leverages a computer as its
primary tool for perpetration and theft. According to the U.S. Department of Justice, cybercrime
encompasses illegal activities that involve the use of a computer for storing evidence. The
landscape of cybercrimes is continuously evolving, encompassing offenses facilitated by
computers, such as network intrusions and the proliferation of computer viruses, along with
computer-based iterations of traditional crimes like identity theft, cyberbullying, and terrorism.
These crimes have posed significant challenges to individuals and nations alike. In layman's
terms, cybercrime can be described as criminal activities carried out using computers and the
internet to steal identities, sell illegal goods, stalk victims, or disrupt operations through
malicious software (Reddy & Reddy, 2013).

The ability to combat cyber terrorism hinges on ensuring a secure cyberspace. Cybersecurity
shares a striking resemblance to terrorism, as they both exhibit an inherent imbalance.
Safeguarding information, data, and communication is notably more challenging than breaching
a system, granting an advantage to attackers in both conventional terrorism and cyber-attacks
(Reddy & Reddy, 2013). State-sponsored attacks present even greater challenges, emphasizing
the need for robust regulations to address cybercrimes effectively. It is imperative for
governments worldwide to ensure that their legal frameworks are equipped to combat cyber
threats and that they are diligently enforced. Countries must take proactive measures to adapt
their punitive and technical laws to effectively tackle the complexities posed by cybercrimes.

2.1.2 Cyber Security

The two most important security precautions that each firm takes are data security and privacy.
Nowadays, every piece of information is kept in a digital or cyber format in our environment.
Users of social networking sites may engage with friends and family in a secure environment.
Cybercriminals would still target social networking sites in the case of home users to obtain
personal information (Reddy & Reddy, 2013). In addition to social networking, one must take all
necessary security precautions while transacting with banks.

Silicon Valley Bank conducted a national study of technology and healthcare leaders in the
United States, and the results showed that businesses consider cyber-attacks to be a major risk to
their data and business continuity (Reddy & Reddy, 2013). The majority of businesses are
preparing for when, not if, cyber-attacks occur. Only one-third of businesses are confident in the
security of their information and even less confident about the security measures of their
business partners. 98% of businesses are maintaining or increasing their cyber security resources,
and of those, half are increasing resources devoted to online attacks this year (Reddy & Reddy,
2013).

Cyber security is the discipline of defending networks, systems, and data from online threats,
illegal access, harm, and data leaks. It includes a variety of tools, procedures, and methods
intended to protect data and uphold its availability, integrity, and confidentiality (Singer &
Friedman, 2014).

Cyber security involves the practice of preventing the exposure of computers, programs, etc.
from attacks, unauthorized usage, modifications, destructions, etc. It’s a common practice to find
every cyber security system to have a firewall, antivirus techniques, and Intrusion Detection
System (IDS). IDS are a crucial component as they help in spotting any undesirable and
unwanted changes in the system
2.1.2.1 Trends Impacting Cyber Security

Outlined below are several trends that are significantly influencing cyber security (Reddy &
Reddy, 2013).

 Web servers: The persistence of threats targeting web applications to either extract data or
disseminate malicious code is a continuous concern. Malicious actors often distribute
their harmful code through compromised legitimate web servers. Data breaches, which
often garner media attention, also pose a significant threat.
 Cloud computing and its services: Currently, organizations of all sizes are progressively
embracing cloud services. This emerging trend poses a substantial challenge for cyber
security, as traffic can bypass traditional inspection points. Moreover, with the increasing
number of cloud-based applications, there is a need for policy controls to evolve to
safeguard valuable information. Despite the development of security models by cloud
services, concerns about their security persist.
 APTs and targeted attacks: Advanced Persistent Threats (APTs) represent an elevated
form of cybercrime. For a long time, network security tools like web filtering and
Intrusion Prevention Systems (IPS) have been instrumental in detecting such targeted
attacks, often post-compromise. As attackers adopt more sophisticated techniques,
network security must collaborate with other security services to identify these attacks
effectively.
 Mobile Networks: In the present era of global connectivity, security concerns loom large
over mobile networks. Firewalls and other security measures are becoming less effective
as individuals use various devices like tablets, smartphones, and PCs, each requiring
additional security measures beyond application-level security. The security implications
of mobile networks must be consistently addressed.
 IPv6: IPv6, the latest Internet protocol replacing IPv4, which has long been the backbone
of networks and the Internet. Securing IPv6 involves more than just transferring IPv4
capabilities, as significant protocol changes need to be considered in security strategies.
Transitioning to IPv6 promptly is advisable to mitigate cybercrime risks associated with
these changes.
  Encryption of the code: Encryption is the method of encoding messages in a manner that
prevents eavesdroppers or hackers from deciphering them. Through an encryption
algorithm, messages are transformed into unreadable cipher text. The encryption key
plays a crucial role in specifying the encoding process. While encryption at its core
safeguards data privacy and integrity, increased encryption poses challenges in cyber
security.

2.1.2.2 Role of Machine learning and Data mining in Cyber Security

In the contemporary landscape, cyber security has become a critical concern due to the massive
influx of online users and the storage of data on cloud-based platforms. Various countries face
relentless cyber-attacks from adversarial nations targeting their computer infrastructure,
potentially escalating into a global conflict. Presently, human intervention is essential for
identifying and combating cyber threats, necessitating a substantial workforce with specialized
skills. However, the future holds promise for leveraging machine learning and artificial
intelligence for intrusion detection and vulnerability assessment. This shift towards automation
not only enhances efficiency but also mitigates security risks associated with personal data
exposure, cyber vulnerabilities, and physical space attacks. Recent incidents have underscored
the severity of cyber assaults on critical infrastructure, including nuclear facilities (Tyagi, 2019;
Tyagi, 2016; Reddy, Shamila, & Tyagi, 2019; Nair, Tyagi, & Goyal, 2019). Artificial Intelligence
stands to revolutionize the field by reducing manpower requirements, expediting threat detection,
and contributing to advancements that improve quality of life.

2.1.2.3 Cyber Security Techniques

 Access control and password security

 Authentication of Data
 Malware Scanners
 Anti-virus software
 Firewalls
2.1.2.4 Cyber Security Ethics

Cyber ethics represents the ethical code of conduct within the realm of the internet. Adhering to
these cyber ethics significantly enhances the likelihood of utilizing the internet properly and
securely (Reddy & Reddy, 2013). The subsequent points embody some of these principles:

 Utilize the Internet for communication and interaction with individuals. Email and instant
messaging platforms facilitate staying connected with friends, relatives, and colleagues,
enabling the exchange of ideas and information globally.
 Refrain from engaging in cyberbullying activities. Avoid resorting to name-calling,
spreading falsehoods, sharing embarrassing content, or any other malicious behavior that
aims to harm others.
 The internet serves as a vast repository of knowledge spanning diverse topics and
subjects. It is imperative to utilize this information in a lawful and accurate manner.
 Avoid accessing others' accounts using their passwords.
 Exercise caution against disseminating malware that may compromise the integrity of
others' systems.
 Safeguarding personal information from unauthorized individuals to prevent potential
misuse and ensuing repercussions.
 Maintain authenticity while interacting online and refrain from creating counterfeit
accounts, as such actions can lead to legal consequences for both parties involved.
 Always respect copyright laws and ensure that downloads of games or videos are
permissible.

2.2 Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) plays a fundamental role in the network security
framework as it is specifically crafted to identify unauthorized access or deviations from
established activity patterns within a network (Resmi & Chezian, 2017). Its primary function
involves scrutinizing network traffic to pinpoint any dubious activities, subsequently notifying
the system or network administrator upon detecting anomalies. The primary objective of IDS is
to recognize potential security breaches, encompassing both external intrusions and internal
misuse incidents (Resmi & Chezian, 2017).
 Fig. 1: Process of Intrusion Detection System (IDS)

2.2.1 Classification of Intrusion Detection System (IDS)

1. Host-Based Intrusion Detection System

Host-based intrusion detection systems are specifically designed to oversee, detect, and respond
to user activities and attacks targeting a designated host. Certain sophisticated tools offer
centralized management of audit policies, furnish data forensics, statistical analysis, and
evidentiary backing, while also implementing a level of access control (Sandip, 2011). Host-
based intrusion detection proves most effective in combatting internal threats and unusual
behaviors within local networks, owing to its capability to monitor and address specific user
actions and file interactions on the host (Resmi & Chezian, 2017). The majority of computer
threats emerge internally. Host-based IDS depends on a single system, with audit log specifics
being retained on each individual machine.

2. Network Intrusion Detection

The realm of network intrusion detection is concerned with monitoring data flow between hosts
via communication channels, commonly known as "packet sniffers." Network IDS appliances
intercept packets traversing various communication mediums and protocols, predominantly
utilizing the TCP/IP protocol. Subsequently, these packets are captured and subjected to diverse
analytical methods. Numerous Network based Intrusion Detection mechanisms primarily cross-
reference the packet with a signature database to ascertain the presence of any known attacks or
malicious content (Vigna & Kemmerer, 1999). Additionally, they scrutinize the packet and its
behavior to identify potentially malicious activities within specific transactions. Regardless, NID
should be primarily viewed as a boundary defense mechanism. Traditionally, NID has
encountered limitations in the following environments: Switched Networks, Encrypted
Networks, and High-Speed Networks (Exceeding 100 Mbps) (Resmi & Chezian, 2017).

3. Hybrid Intrusion Detection System

Hybrid intrusion detection systems enable the administration and alerting of both network and
host-based intrusion detection devices. These hybrid solutions serve as a logical complement to
NID and HID, offering centralized intrusion detection management. A recent development is the
release by Cisco of a module for their Catalyst 6000 switch, which integrates network intrusion
detection directly into the switch, addressing one of the system's initial shortcomings (Ali, Zaim,
& Ceylan, 2009). Furthermore, ISS (Internet Security System) Network has revealed their
capability to perform "packet-sniffing" at gigabit speeds.

4. Network-Node Intrusion Detection (NNID)

Network-node intrusion detection (NNID) emerged as a solution to inherent flaws in traditional

Network IDs. NNID relocates packet interception technology from the wire to the host. Through
NNID, the "packet-sniffer" is strategically positioned to capture packets after they have reached
their final target or destination system. Subsequently, the received packet at the destination
undergoes analysis as if it had traversed the network using a conventional "packet-sniffer". This
approach is rooted in a HID-centric assumption that critical hosts already leverage host-based
technology (Resmi & Chezian, 2017). In this context, a network-node (NN) acts as an additional
component that can interface with the HID agent. A key limitation is the evaluation of packets
solely addressed to the host it is protecting, unlike traditional network intrusion detection
systems that monitor packets across the entire subnet. As a result, "Packet-sniffers" may be
unable to capture a complete subnet in scenarios involving high-speed communications,
switches, or encryption. Nevertheless, NNID offers the advantage of safeguarding specific hosts
against packet-related security threats within complex environments (Resmi & Chezian, 2017).

5. Anomaly based IDS

Anomaly-based detection systems monitor deviations from established normal usage profiles to
identify potential intrusions. For instance, a user's normal profile may encompass the average
frequencies of specific system commands utilized in their login sessions (Garcia-Teodoro, 2009).
An alert is triggered when deviations in frequencies are detected, necessitating continuous
monitoring. A notable advantage of anomaly detection is its independence from prior intrusion
data, enabling the detection of novel intrusions (Garcia-Teodoro, 2009).

6. Misuse Detection Systems

Misuse detection systems identify intrusions by recognizing patterns of known attacks or

vulnerabilities. By matching and identifying known intrusions using predefined patterns, these
systems can detect activities such as repeated failed login attempts within a specified timeframe,
classifying them as password guessing attacks (Depren, 2005). Detection is achieved through the
application of pre-defined signatures. However, a major drawback is the system's inability to
detect unknown attacks. Misuse detection systems operate on the premise that attacks can be
represented as patterns or signatures, allowing for the detection of variations of known attacks
(Resmi & Chezian, 2017). This characteristic aligns them with virus detection systems, capable
of identifying numerous or all known attack patterns but limited in addressing novel threats.

Fig. 2: Classification of IDS

2.2.3 Some Popular IDS Tools

 Snort
Snort is an open-source network intrusion detection system that analyzes traffic in real-
time and logs packets. Snort employs a mix of signature- and anomaly-based detection
techniques (Roesch, 1999). It is extremely flexible, has a wide variety of detecting
capabilities, and is simple to implement (Fu, 2012).
 Suricata
Suricata is a high-performance NIDS with multi-threading capabilities that outperforms
Snort on contemporary hardware. Suricata also supports a variety of detecting methods. It
can handle high-speed networks, supports comprehensive rules and scripting, and has
strong detecting capabilities (Day and Burns, 2011).
 Bro (Zeek)
Bro (Zeek) IDS is a script-driven, highly customizable anomaly-based intrusion detection
system. Bro (Zeek) works particularly well for network traffic analysis and forensics. It is
highly adaptable and can identify complicated network activities and dangers (Mehra,
2012).
 Open WIPS-ng
Open WIPS-ng is a modular Wireless IPS (Intrusion Prevention System) that operates as
an open source framework. It is proficient in capturing wireless traffic and adept at
detecting both standard and concealed networks in order to identify potential intrusions.
Recent research has also focused on the development of pattern-based IDS that
specifically aim at configuring an IDS solution capable of detecting intrusions based on
critical network components, such as safeguarding specific protocols (Open WIPS-ng,
2015). The system comprises three main components: Sensors, which act as passive
devices capturing wireless data for subsequent analysis; Servers, responsible for
consolidating data from all sensors, performing analysis, and responding to security
breaches with appropriate logging and alerting mechanisms; and Interfaces, which
provide a graphical user interface for managing the server and presenting information
regarding security threats within wireless networks. This intrusion detection system relies
on signature-based techniques to conduct scanning, detection, and intrusion prevention
measures (Resmi and Chezian, 2017).
 OSSEC
OSSEC, on the other hand, is categorized as Host-based IDS that offers scalability and
versatility as an open source Host-based Intrusion Detection System (HIDS). Noteworthy
features of OSSEC include selective storage of alerts instead of every individual log
entry, thereby reducing storage overhead. Its robust correlation and analysis engine
integrates functionalities such as log analysis, file integrity checking, Windows registry
monitoring, centralized policy enforcement, root-kit detection, real-time alerting, and
active response capabilities. OSSEC is particularly effective in identifying Denial of
Service (DOS) attacks. The system is highly praised for its ease of installation and
customization, as well as its support for multiple platforms. Notably, OSSEC excels in
performing File Integrity checks across UNIX and Windows operating systems (OSSEC,
2013; Resmi and Chezian, 2017).
 Fragroute
Fragroute is a tool within the network intrusion detection (NIDS) evasion toolkit that
specializes in executing various attack strategies outlined in Secure Networks, including
Insertion, Evasion, and Denial of Service (DOS) tactics. By evading Network Intrusion,
Fragroute demonstrates a proficiency in exploiting TCP/IP protocols to manipulate
network traffic. Acting as a one-way fragmenting router, Fragroute intercepts IP packets
from an attacker and transforms them into segmented data streams before dispatching
them to the intended victim (Holestein, 2002). This tool enables attackers to launch IP-
based attacks while circumventing detection mechanisms by utilizing a rule-set language
to manipulate outbound packets destined for specific systems. Fragroute facilitates
actions such as delaying, replicating, dropping, breaking, overlapping, printing,
reordering, segmenting, or source routing packets with minimal support for randomized
or probabilistic behaviors (Resmi and Chezian, 2017).
 Security Onion
Security Onion, an Ubuntu-based Linux distribution, is dedicated to IDS and network
security monitoring (NSM) and integrates various open source technologies to enhance
security measures (Burks, 2012). The platform combines the capabilities of Snort,
Suricata, Bro, and other tools like Sguil, Squert, Snorby, ELSA, and Xplico to provide
comprehensive intrusion detection, network security monitoring, and log management
 functionalities (Bejtlich, 2013). Security Onion is recommended for users seeking a
consolidated package incorporating the best features of the aforementioned tools. Its core
functionalities include full packet capturing, network-based (NIDS) and host-based
intrusion detection systems (HIDS), as well as robust analysis tools that generate log and
alert data for detected events and activities. With multiple IDS options available, Security
Onion stands out as a versatile and reliable solution for enhancing network security
(Resmi and Chezian, 2017).

2.3 Previous Related Research Works

Teodor et al. (2022) conducted a study on Variables influencing the effectiveness of

signature-based network intrusion, examining the detection probability within a trial involving
Snort for 1143 exploitation attempts and 12 Snort rule-sets developed by the Emerging Threats
Labs and the Source fire Vulnerability Research Team. They noted that modern enterprises
commonly utilize signature-based network intrusion detection systems to enhance the protection
of their computing infrastructures. The efficacy of such a system is primarily contingent upon the
caliber of the rules utilized to link system events to documented malicious activities.
Nevertheless, the factors influencing the quality of rule-sets remain somewhat obscure. The
default rule-sets from Emerging Threats triggered priority-1-alerts for 39% of the exploit
attempts, in comparison to 31% for rule-sets from the Vulnerability Research Team. Various
characteristics such as whether the exploit is publicly recognized, if the rule-set mentions the
exploited vulnerability, the payload, the targeted software type, and the operating system of the
targeted software are indicative of detection probability. The significance of these factors varies
based on the ruleset employed and the utilization of default rules. A logistic regression model
incorporating these variables correctly categorizes 69-92% of instances across different rulesets.

Muwardi et al. (2021) attempt to conduct analysis and testing on the Network Security
Monitoring System Via Notification Alert to create a system capable of identifying intruders in a
mobile network while also allowing managers to access data from any location and at any time
using any device. Information technology is evolving at a rapid pace, making network security
increasingly vital. A rapidly expanding number of linked computers creates numerous holes in a
network. This issue can be resolved by implementing an intrusion detection system (IDS). IDS
will be connected to Mail Gateway so that the administrator may get warnings, such as alerts,
during a network intrusion at any time and from any location.

Gillala et al. (2020) examined and discussed the issue of Intrusion Detection in the
domain of Cyber Security, with a specific focus on the crucial role played by Machine Learning
and Data Mining. They articulated that the domain of cyber security has garnered significant
attention in recent times across various research communities, particularly concerning the
efficacy of Intrusion Detection Systems (IDS). The field of cyber security is experiencing rapid
growth and necessitates substantial scrutiny owing to notable advancements in diverse
technological domains such as social networks, cloud computing, web technologies, online
banking, mobile environments, and smart grids. An Intrusion Detection System (IDS) functions
as a software tool designed to oversee either a single computer or a network of computers,
safeguarding against malicious activities or cyber-attacks. The identification and prevention of
intrusions, spurred by the escalating usage of internet services, have emerged as pressing
concerns. While numerous methodologies have been proposed in the past to address or identify
network intrusions, the majority of current techniques utilized for IDS detection are insufficient
in efficiently mitigating this challenge. The research examines the potential applications of
machine learning and data mining in enhancing IDS detection capabilities moving forward. It is
asserted that Machine Learning (ML) employs effective approaches such as classification,
regression, among others, yielding favorable outcomes characterized by heightened detection
rates, diminished false alarm occurrences, and reduced communication overheads. Furthermore,
the study presents a comprehensive analysis, including a comparative assessment with
performance metrics delineated in a tabular format within the research work, encompassing
algorithms, datasets, and utilized metrics.

Haas and Fischer (2020) elucidate in their research on Security Monitoring and Alert
Correlation for Network Intrusion Detection the mechanisms facilitating a comprehensive
detection and reconstruction of attacks. The innovative contributions aim to enhance the overall
detection accuracy at two distinct phases of the intrusion detection process. Initially, the
enhancement of security monitoring is emphasized to generate high-quality monitoring data and
utilize it for precise alert reporting. Subsequently, the novel alert correlation mechanisms discern
relationships among alerts and encapsulate the reconstructed attacks. The authors assert in their
study that Incidents targeting IT systems can yield network-wide ramifications with significant
outcomes. The conventional approach to attack detection involves deploying an intrusion
detection system (IDS). However, this method results in an excessive number of alerts,
overwhelming the security operations center (SOC), even when assisted by alert correlation.
Consequently, alert fatigue ensues, allowing highly sophisticated attacks such as advanced
persistent threats (APTs) to go undetected, as they trigger only a few subtle alerts. To address the
challenges of alert correlation, organizations employ security tools like security information and
event management (SIEM) systems that correlate alerts and other pertinent security data. Despite
offering extensive data analytics, these systems merely provide an overview of the IT systems'
security status, lacking the capability to effectively prioritize alerts and expose attacks within the
alert data. The limited visibility of commonly used network intrusion detection systems
(NIDSes) further complicates finding a solution, as not all facets of an attack are evident in
network traffic.

In the research work “Big Data in Intrusion Detection and Prevention Systems”, Lidong
(2017) discusses network assaults, intrusion detection systems, intrusion prevention systems, and
intrusion detection approaches such as signature-based detection and anomaly-based detection.
The approaches for detecting and preventing intrusions are contrasted. Some data mining and
machine learning approaches and their applications in intrusion detection are discussed. Big data
in intrusion detection systems and Big Data analytics for large amounts of data, heterogeneous
characteristics, and real-time stream processing are discussed. The problems of intrusion
detection systems are also explored, as are the issues brought by stream processing of massive
data in these systems.

Resmi and Chezian (2017) conducted an extensive investigation into a variety of

intrusion detection system methodologies and resources, with an emphasis on their merits and
limitations. Within their research article, a thorough examination was carried out providing a
comprehensive overview of IDS, its characteristics, methodologies, and tools utilized in the area
of intrusion detection. Ultimately, the survey offers insights into the real-time operational
efficacy of top selected Intrusion Detection and Intrusion Prevention tools. Their scholarly work
proves instrumental in the assessment and critique of diverse IDS tools deployed in high-speed
network environments.
 Sharma and Kunwar (2016) conducted a research project concerning Cyber-attacks on
Intrusion Detection system, highlighting Soft computing as a prominent technique utilized in
Intrusion Detection System to effectively manage network traffic and identify cyber-attacks with
enhanced efficiency and precision. They asserted that Soft Computing methods represent a
rapidly evolving technology employed for addressing problem-solving challenges, emphasizing
the critical importance of Information security in the contemporary computer era. Safeguarding
information, systems, and resources from unauthorized access, replication, alteration,
manipulation, or any form of impairment leading to irreparable damage or loss to legitimate
users constitutes a key aspect of soft computing. Researchers have put forth various strategies to
counter cyber-attacks, with numerous existing techniques within intrusion detection systems
tasked with confronting imminent cyber threats.

2.4 Alert System

An alert system for intrusion detection and cyber security monitoring is made to instantly
identify potentially dangerous activity and security breaches, informing system administrators on
time. These systems often use various methods to identify threats, including machine learning
algorithms, signature-based detection, and anomaly detection. The system produces notifications
when it detects a possible threat, enabling security teams to act swiftly and reduce risks. This
preserves sensitive data and upholds the network's integrity (Muwardi et al., 2021).

An alert is a component or result of the IDS process. When an IDS identifies possible security
risks using approaches such as signature-based or anomaly-based detection, it sends out an alert
to tell administrators about the suspicious behavior. These warnings allow for prompt responses
to prevent potential security breaches (Muwardi et al., 2021).

The functionality of Alert Systems

Alert systems work by continuously monitoring network traffic and user behaviors. System
activities are to identify anomalies and potential cyber threats. The core operations of an alert
system encompass the following aspects:

 Data Collection: The consolidation of data from diverse sources like network logs,
endpoint activities, and application logs (Scarfone & Mell, 2007).
  Threat Detection: The utilization of methodologies such as anomaly detection,
signature-based detection, and heuristic analysis for the identification of suspicious
activities (Tsai et al., 2009).
 Alert Generation: The automatic creation of alerts upon detection of potential threats,
with categorization based on severity and type of threat (Modi et al., 2013).
 Notification: The transmission of notifications to security personnel via various channels
such as emails, SMS, or dedicated security dashboards.
 Response Coordination: The facilitation of swift response measures by furnishing in-
depth information about the threat, aiding security teams in promptly mitigating risks
(Scarfone & Mell, 2007).

Benefits of Alert Systems

 Real-Time Monitoring: It enables continuous surveillance of network activities,

ensuring timely identification and response to threats (Patcha & Park, 2007).
 Enhanced Security Posture: This aids in pinpointing vulnerabilities and preempting
potential breaches before they can inflict substantial harm (Liao et al., 2013).
 Resource Optimization: It streamlines threat detection and alerting processes, enabling
security personnel to concentrate on more intricate tasks.
 Compliance: Compliance helps organizations in adhering to regulatory mandates by
upholding meticulous logs and furnishing evidence of security measures.

Challenges and Limitations of an Alert System

 False Positives: A proliferation of false alerts could overwhelm security teams, resulting
in alert fatigue (Chandola, Banerjee, & Kumar, 2009).
 Scalability Issues: The efficacy of alert systems faces challenges as network size and
complexity expand (Modi et al., 2013).
 Integration: Ensuring harmonization with current IT infrastructure and other security
tools may pose complexities and demand substantial resources (Scarfone & Mell, 2007).
REFERENCE

Ali, A. M., Zaim, A. H., & Ceylan, K. G. (2009). A hybrid intrusion detection system design for
computer network security. Computers & Electrical Engineering, 35(3), 517-526.

Bejtlich, R. (2013). The practice of network security monitoring: understanding incident

detection and response. No Starch Press.

Belapure, S., & Godbole, N. (n.d.). Cyber Security: Understanding Cyber Crimes.

Burks, D. (2012). Security Onion. Available: http://blog.securityonion.net/p/securityonion.html.

Accessed 11 May 2014.

Chandola, V., Banerjee, A., & Kumar, V. (2009). Anomaly detection: A survey. ACM Computing
Surveys (CSUR), 41(3), 1-58.

Corrons, L. (2012). A Look back on Cyber Security 2012. Panda Labs.

Day, D., & Burns, B. (2011). A performance analysis of snort and suricata network intrusion
detection and prevention engines. Fifth International Conference on Digital Society,
Gosier, Guadeloupe.

Depren, O. (2005). An intelligent intrusion detection system (IDS) for anomaly and misuse
detection in computer networks. Expert Systems with Applications, 29(4), 713-722.

Dervojeda, K., Verzijl, D., Nagtegaal, F., Lengton, M., & Rouwmaat, E. (2014). Innovative
Business Models: Supply chain finance. Netherlands: Business Innovation Observatory;
European Union.

Fu, T. (2012). An analysis of packet fragmentation attacks vs. Snort Intrusion Detection System.
International Journal of Computer Engineering Science (IJCES), May 2012.

Garcia-Teodoro, P. (2009). Anomaly-based network intrusion detection: Techniques, systems and

challenges. Computers & Security, 28(1), 18-28.

Gross, M. L., Canetti, D., & Vashdi, D. R. (2017). Cyberterrorism: its effects on psychological
well-being, public confidence and political attitudes. Journal of Cybersecurity, 3(1), 49–
58. doi:10.1093/cybsec/tyw018.
Haas, S., & Fischer, M. (2020). GAC: graph-based alert correlation for the detection of
distributed multi-step attacks. Proceedings of the 33rd Annual ACM Symposium on
Applied Computing, 979-988.

Holestein, M. (2002). How does fragroute evade nids detection. Intrusion Detection FAQ.
Available at: https://www.monkey.org/~dugsong/fragroute/.

IEEE Computer Society. (2013). Safety Critical Systems – Next Generation. IEEE Security and
Privacy Magazine, July/August 2013.

Kalakuntla, R., Vanamala, A. B., & Kolipyaka, R. R. (2019). Cyber Security. HOLISTICA
Journal of Business and Public Administration, 10(2), 115-128.
https://doi.org/10.2478/hjbpa-2019-0020.

Krause, A. (n.d.). Computer Security Practices in Non Profit Organisations – A NetAction

Report.

Kumar, S., & Somani, V. (2018). Social Media Security Risks, Cyber Threats And Risks
Prevention And Mitigation Techniques. International Journal of Advance Research in
Computer Science and Management, 4(4), 125-129.

Liao, H. J., Lin, C. H. R., Lin, Y. C., & Tung, K. Y. (2013). Intrusion detection system: A
comprehensive review. Journal of Network and Computer Applications, 36(1), 16-24.

Lyne, J. (n.d.). Eight trends changing network security. Sophos.

Mehra, P. (2012). A brief study and comparison of snort and bro open source network intrusion
detection systems. International Journal of Advanced Research in Computer and
Communication Engineering, 1(6), 383-386.

Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A., & Rajarajan, M. (2013). A survey of
intrusion detection techniques in cloud. Journal of Network and Computer Applications,
36(1), 42-57.

Muwardi, R., Gao, H., Ghifarsyam, H. U., Yunita, M., Arrizki, A., & Andika, J. (2021). Network
Security Monitoring System Via Notification Alert. Journal of Integrated and Advanced
Engineering (JIAE), 1(2), 113-122.
Nair, M. M., Tyagi, A. K., & Goyal, R. (2019). Medical Cyber Physical Systems and Its Issues.
Procedia Computer Science, 165, 647-654.

Open WIPS-ng. (2015). Available: http://www.openwips-ng.org/. Last accessed 10th Sep 2015.

OSSEC website. (2013). Available at: http://www.ossec.net/. Accessed 30 Oct 2013.

Patcha, A., & Park, J. M. (2007). An overview of anomaly detection techniques: Existing
solutions and latest technological trends. Computer Networks, 51(12), 3448-3470.

Reddy, G. N., & Reddy, G. J. U. (2013). Study of Cloud Computing in HealthCare Industry.
International Journal of Scientific & Engineering Research, 4(9), 68-71.

Reddy, S., Shamila, M., & Tyagi, A. K. (2019). Cyber Physical Systems: The Role of Machine
Learning and Cyber Security in Present and Future. Computer Reviews Journal, PURKH,
5.

Resmi, A. M., & Chezian, R. M. (2017). Intrusion detection system techniques and tools: A
survey. Scholars Journal of Engineering and Technology (SJET), 5(3), 122-130. DOI:
10.21276/sjet.2017.5.3.8.

Roesch, M. (1999). Snort: Lightweight intrusion detection for networks. LISA, 99(1).

Sandip, K. (2011). Host based intrusion detection system. International Conference on

Mechanical Engineering and Technology (ICMET-London 2011). ASME Press.

Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS).
NIST.

Sharma, P., & Kunwar, R. S. (2016). Cyber attacks on intrusion detection system. International
Journal of Information Sciences and Techniques (IJIST), 6(1/2), 191-196. DOI:
10.5121/ijist.2016.6220.

Singer, P. W., & Friedman, A. (2014). Cybersecurity and Cyberwar: What Everyone Needs to
Know. Oxford University Press.

Sommestad, T., Holm, H., & Steinvall, D. (2022). Variables influencing the effectiveness of
signature-based network intrusion detection systems. Information Security Journal: A
Global Perspective, 31(6), 711-728. DOI: 10.1080/19393555.2021.1975853.
Sravanthi Reddy, M., Shamila, M., & Tyagi, A. K. (2019). Cyber Physical Systems: The Role of
Machine Learning and Cyber Security in Present and Future. Computer Reviews Journal,
PURKH, 5.

Teodor Sommestad, Hannes Holm & Daniel Steinvall (2022) Variables influencing the
effectiveness of signature-based network intrusion detection systems, Information
Security Journal: A Global Perspective, 31:6, 711-728, DOI:
10.1080/19393555.2021.1975853

Tsai, C. F., Hsu, Y. F., Lin, C. Y., & Lin, W. Y. (2009). Intrusion detection by machine learning: A
review. Expert Systems with Applications, 36(10), 11994-12000.

Tyagi, A. K. (2016). Cyber Physical Systems (CPSs) - Opportunities and challenges for
improving cyber security. International Journal of Computer Applications, 137(14).

Tyagi, A. K. (2019). Building a smart and sustainable environment using Internet of Things. In
Proceedings of International Conference on Sustainable Computing in Science,
Technology and Management (SUSCOM), Amity University Rajasthan, Jaipur - India,
February 26-28, 2019. Available at SSRN: http://dx.doi.org/10.2139/ssrn.3356500.

Vigna, G., & Kemmerer, R. A. (1999). NetSTAT: A network-based intrusion detection system.
Journal of Computer Security, 7(1), 37-71.