Cyber Intrusion Detection, Prevention, and Future IT Strategy

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056

Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

Cyber Intrusion Detection, Prevention, and Future

IT

Strategy

Abstract: The issue of guarding information and data movement has been there since the start of information exchange. Differentapproacheshavebeenidentifiedtoprotectandmovesuchinformationsafely.Duetothewidespreaduseofmodern technology, such as wireless communication, most organizations have become dependent on information technology. However, critical security and breaches are increasing in the contemporary world, creating the need for secure and safe informationsecuritysystems.Intrusiondetectionandpreventionareamongtheapproachesusedtoimprovethesecurityand safetyofinformationsystems.Themethodologyusedintheresearchis updated research ontheexactconditionofintrusion detection and prevention founded on risk analysis, an explanation of what intrusion detection and prevention are, and their primary functions. The findings are that security cases are rising; hence intrusion detection and prevention are highly required.Thus,furtherresearchshouldbeconductedtoadvancetheeffectivenessandefficiencyofintrusionuncoveringand prevention.

Keywords:Riskmanagement,Intrusion,Prevention,Detection,ITStrategy,KPI,IDSA

Introduction

In this modern era, an IT strategy supports business goals, competitive differentiation, and customer value. In fact, withoutadefinedITstrategy,businessescannotprovidethelevelofservicerequiredbythecompanytoachieveitsgoals. The modern world relies on Information Technology (IT) to perform most of its duties. Technology continues to advance to simplify some tasks and make the world a better place for human beings. According to Bashir and Chachoo (2014), the internet and e-commerce are more dominant than in the past. Individuals depend on information technology to conduct business, access news, and interact with each other. Moreover, vital information such as medical records, credit cards, and additional personal information is stored in computers for safety and easy retrieval. Businesses incorporate modern technology in their daily activities by creating a web page to aid their business performance. Researchers use computers to researchanddisseminatetheirfindings(Sandhuetal.,2011,p.66).Thus,computersplayasignificantroleineveryindividual’s life.However,theintegrityandavailabilityofthesystemsshouldbehighlyprotectedfromnumerousthreatsassociatedwith technological advancement. Amateur hackers,competingorganizations, terrorists,and external authoritieshave thecapacity and motive to conduct sophisticated computer attacks on computer systems. Thus, the information and communication security sector is vital for every individual's safety and economic well-being globally (Wattanapongsakorn et al., 2012). To present privacy breaches, security requires robust intrusion detection and prevention systems. This research paper aims to provethecurrentdetailedconditionofskillofintrusiondetectionanddeterrencesystemsfoundedonriskanalysis.

Background Information

Radoglou-Grammatikis and Sarigiannidis (2014) state that a better understanding of interference detection and preventionschemeswillbepossiblebyestablishingthetypeofeventstheytrytodiscover.Anintrusionisaformofattackon datapossessionswheretheinstigatortriestogetanentryintoasystemorinterferewithordinaryoperations(Karatasetal., 2014).Intrusionscanalsobethestepsthattrytoexceedthesecuritymeasuresofcomputersystems.Thus,intrusionsareany group of engagements that threaten the information and information systems' integrity, privacy, or availability. In this case, integrity refers to the data that has not been interfered with or damaged by unauthorized individuals in an unauthorized manner.Credibilityimpliesthattheinformationisnotaccessibleorexposedtounauthorizedparties,processes,orindividuals. Availabilitymeansthatasystemwiththeneededdataisaccessibleandcanbeusedwhenrequiredbyauthorizedentities. In most cases, an intrusion results from an assailant retrieving the design from the internet or network or running an infected scheme or machine (see Fig 1) Moreover, intrusion also occurs when an attacker destroys third-party applications that controltheinformationsystem(Pateletal.,2014).Attacksfromexternalsourcesarecalledoutsideattacks.Attacksoccurring

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056

Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

from within are called insider attacks, and they happen when unauthorized internal parties try to get access to specific informationormisusenon-authorizedaccessprivileges.

Fig 1 ConceptualApproachofSignature-basedintrusiondetectionsystems

According to Mudzingwa and Agrawal (2012), intrusion detection protects networks or computers from unauthorized access, action, or file alteration. Thus, an intrusion system can be a hardware or software device which systematizes the intrusion recognition procedure. An intrusion-finding organization can react to doubtful occurrences in one of the identified methods. First is by showing an alert to inform the security management, logging the situation, or calling an overseer (Mukhopadhyay et al., 2011, p.28). Intrusion prevention is interrupting the identified system attacks in actual time by ensuring they do not proceed to their aimed destinations. Intrusion prevention is vital against rejecting services, floods, and instinctualforceattacks.Kuznetsovetal.(2012)defineanintrusionpreventionsystemasahardwareorsoftwaredevicewith the abilities of an intrusion detection system that can try to prevent a likely attack from occurring. An intrusion prevention system can react to an identified threat by reconfiguring other security regulators in systems such as routers or firewalls to prevent future episodes (Ansari et al., 2022). The prevention can also occur when the system eliminates the questionable content of an attack in network circulation to sieve the intimidating packets. Finally, prevention can arise when the system reconfiguresothersecurityandconfidentialityregulationsinbrowsersettingstoevadefutureattacks.

Already et al. (2016) state that disabled prevention characteristics in the intrusion prevention items can work as intrusion detection systems. The prevention systems are viewed as an extension of the intrusion detection systems (Rajagopalan et al., 2017, p.2509). Although both systems assess network traffic looking for attacks, there are substantial differences. Intrusion detection and prevention systems identify malicious and unwanted traffic entirely and accurately, although they vary in how they reply to each other (Cheng et al., 2011, p.1011). The central role of intrusion detection is to warn of suspicious activity In contrast, the prevention system's prominent role is active guarding to improve intrusion detectionandotheroldsecurityremedies,withthepossibilityofreactinginrealtimetoevadeorpreventmaliciousactivities from occurring. Baykara and Das (2018) identify risk management as a vital aspect of a fruitful information technology security system and organizational KPI management. Thus, companies should employ risk management techniques to determine the security controls needed to mitigate risks satisfactorily (Patel 2017, p.92). To develop an effective intrusion detectionandpreventionsystem,appropriaterequirementsapprehensionbasedonriskmanagementiscrucial.

Importance of risk management

Technology has been gradually changing through networking, bringing people together no matter the continent. Therefore,communicationsystemsandallcomputersareexpectedtobeprotected;intrusiondetectionsystemsarecreatedto monitoranynetworkactivitiesinthemachineandthosethatareoutgoing(Chakiretal.,2017).Theintrusiondetectionsystem can identify any signs of threat or suspicious activities that might compromise the system and raise the alarm to the responsible team. The system is being protected from various attacks, such as digital forensic and fault tolerance functions, accidents,andabuseofsecuritybreaches(Aljanabi,2017;Dash&Sharma,2022).Systemvitalinformationisprotectedsothat

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056

Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

i0t can be reliable, available, and trusted by many. The computer and system information are expected to be safe and identifiable. Risk is the calculation of all adverse impacts that might happen to computer information systems and the probabilitythattheinformationinthesystemisvulnerabletocybercrime(Dash&Ansari,2022).

Asstatedby (Patel et al.,2017,p.92), risk management, throughitssignificantroles ofidentifying,assessing risk,and takingittoanotherstage,canreducethoserisksandvulnerabilitiestoaminimumlevelthatcanbecomfortabletoeverybody else in the company, risk management is run by the information technology managers trying to balance operational and economic costs by monitoring and evaluating some of the threats and setting traps to intruders to cut short their plans by introducing some antivirus software. Information technology managers can detect attacks from various sources, such as distributiondenial and port scanningattackswhich enableintrusion and detection toproducea shieldagainst unauthorized individuals getting into the system of any company (Al 2017, p.51). Risk management can provide the users with a time or mechanism to block the intruders for time t, enabling them to buy time as they are preparing to sell those gaps and provide specificinformationtothevariousdepartmentsthatarelikelytobeattacked(Khraisat&Alazab,2021)indication.Italsoacts as a security barrier that can detect and disallow the attacks before they think to penetrate the inner circle (see Fig 2). Risk management introduces the idea of security layers that become more difficult for attackers to access critical information targetedbyintruders.

Fig 2.ClassificationofIntrusionDetectionSystemArchitecture(IDSA)

Risk management plays a vital roleina successful informationtechnologyprogram. Itallowstheorganizationtoset realistic goals at the right time without obstacles. When the information and documents of the company are stored in a safe andprotectedsystem,theconfidentialityandtrustoftheclient’si9sareboostedtoahigherlevel,enablingtheorganizationto proliferate(Zarpelaoetal.,2017,p.25).Theindividualmandatedtooperateandmanagetheinformationtechnologysystemin anorganizationshouldnottaketherisk managementprocesslightlytechnical functionbutasa vitalcritical backboneofthe organization. The risk management process has its components, such as the risk-based strategies that allow for identifying, mitigating,andunderstandingthethreatsassociatedwiththesystemand theuseofinformation.Fortheorganizationtofeel moresecure,itmustborrowtheidealofrisk-basedstrategies.Thisenablestheorganizationtobeprotectedfromsevereand sophisticatedriskstoinformationsystems.Anorganizationmustprovidethefacilitiesto ensurethatdataissafeandtrusted. Riskmanagementensuresthatinformationisavailableandconfidential(Liu &Zang2016;Ansarietal.,2022a)beconstantly updated. Risk management allows information technology experts to compare all activities against a pool of collected attack signatures

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056

Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

Intrusion Detection and Prevention Systems

Liao et al. (2013) define intrusion detection as observing the occurrences happening in a computer structure or a systemandexaminingthemforemblemsofprobableaffairs.Thediscussedeventsareusuallydefilementsorfuturethreatsof destruction of computer safety guidelines, acceptable strategies, or standard security practices (Modi et al., 2013, p.42). An intrusion detection service is a software request or a device that controls information systems or networks from dangerous activities or policy defilements and replies to the malicious activity by cautioning the system overseer by either creating an alert,loggingtheaction,orcontactingthemanager(Sharafaldinetal.,2018;Ansari,2022)

Intrusion prevention is when active intrusion detection tries to stop or avert an identified possible threat before bringinganyharmtothesystem.Aninvasionpreventionschemeisasoftwareordevicewithallthefeaturesandabilitiesofan intrusion detection system, but it can prevent a potential threat (Schönefeld & Möller 2012, p.31). The intrusion prevention systems are planned and established for various active protection to make intrusion detection and traditional security remedies better and more effective. Research shows that an intrusion prevention system is the incoming security technologicallevelduetoitsabilitytooffersecurityatdifferentsystemlevelsrangingfromthefunctioningkerneltonetwork data packages (Alves et al., 2018). Prevention systems are designed to guard information systems from illegal access, destruction, or disruption (see Fig 3). In contrast, intrusion detection systems identify a possible attack for the prevention system to stop or avert the attack (Conte et al., 2020, p.1). Another difference between intrusion detection and intrusion prevention system is that intrusion prevention systems can prevent known intrusion sensed signatures, apart from the unrecognizedattackscomingfromthedatabaseattackofgenericconducts.

Fig 3.IntrusionDetectionManagementSystem

Thecurrentinvasiondetectionandpreventionschemesareencompassedtwopredominantlyvaryingapproaches,the network-basedmodelandthehost-basedmodel.Intherecentpast,anewdirection,application-based,wasaddedtointrusion detection, which is an improvement of the host-based approach (Das and Sarkar 2014, p.2266). Thus, the workstations and servers are guarded by the host-based invasion detection and prevention system via a safe and regulated software communication media between the system’s applications and the functioning system kernel. According to Biswas and Roy (2019),thesoftwareis pre-configured to identifythe protection guidelinesfoundedon intrusionandattack autographs. The host-based intrusion detection and prevention system will clasp distrustful events within the system. The predetermined policies will either stop the event from happening or allow the event to proceed. The host-based intrusion detection and prevention systems oversee events such as application or data requirements, network link trials, and read or write tests (Alhello et al., 2017). The main disadvantage of the host-based invasion detection and anticipation systems approach is that withthenecessarilytightintegrationwiththehostfunctioningsystem,futurefunctioningsystemimprovementcouldresultin someissues.

Mazzini et al. (2019) define network-based invasion detection and prevention systems as software or a focused hardware structure that links directly to a network portion and guards every system connected to the same or downstream system portions. Network intrusion devices and prevention systems expedients are used according to the guarded network portion. All the information between the protected and fundamental parts of the system must go through the network intrusiondetectionandpreventionsystemdevice(Yousufietal.,2017).Asthecirculationgoesviathedevice,itisexaminedto

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056

Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

determineifthereisanypossibilityofanattack.Ifthereisanypossibleattack,thenetworkinvasiondetectionandprevention systemisabandonedorpreventstheoffendingdatafromgoingthroughthesystemtothetargetedvictim,avoidingtheattack. Thenetwork-basedintrusiondetectionandpreventionsystemswillinterruptallnetworktrafficandobserveitfordistrustful eventsandactivities,preventingthedemandorpassingit.However,itshouldbeviewedasgenuinetraffic.Themostattractive featureofnetwork-basedinvasiondetectionandpreventionschemesisthatifthesystemrecognizesa felonious information packet, it can rewrite the packet for the attack attempt to be unsuccessful (Nayyar et al., 2020, p.136). In this case, an organizationcanidentifytheeventtocollectevidenceagainsttheattackerwithouttheattacker'sknowledge.Despitewhether theuseroperatesthehost-based,network-based,orapplication-basedlevel,everyinvasiondetectionandpreventionsystem employsoneofthetwodetectionapproaches:anomaly-based.

Ananomalydetectiontechniqueisdevelopedtodisclosethestrangefeaturesthatdivergefromtheidentifiednormal behavior. Happening the other arrow, the invasion discovery and prevention systems form a foundation of regular usage patterns.Anyactivitysignificantlydeviatesfromthesystem becomesflaggedas a potential intrusion(Jafarianetal.,2021,p. 1235).Ananomalyintrusioncanbedifferent,butanindividual shouldrealizethat ifanyevent occurs,moreor lessthanthe twotypicaldeviationsfromthestatisticalbehaviorwouldcreateanalarm(Huetal.,2017,p.10).Forexample,ifauserlogson to a device more than eight times a day as an alternative to the regular one to two times a day, there would be an alarm. Additionally, if an office computer is accessed at 3;00 AM, there would be an alarm because these are not regular business hours.AccordingtoSonmez etal.(2018),anomalydetectioncanexamineuserbehaviorbyanalyzingtheprogramsaccessed daily.Forinstance,ifanomalydetectionfindsthatauserintheinformationtechnologydepartmentabruptlystartsaccessing marketingprograms,thesystemwillraisethealarmorinformthemanagementbecauseitmightbeapossibleintrusion.

Jose et al. (2018), the main advantage of anomaly detection techniques is that they effectively capture formerly unidentifiedthreats.Inmostcases,thesystemmustunderstandnormalbehaviorinthefirststageofusingananomaly-based detection model. If the regulated system performs, it will be assumed normal behavior. There should be no attack in the regulated system in the learning phase to ensure the intrusion detection and prevention system does not study to overlook attacks. The learning phase can be dealt with in numerous ways, such as machine wisdom or creating statistical behavioral outlines. The system encounters attacks in the following implementation stage (Behniafar et al., 2018, p.79). Thus, the intrusion discovery and prevention systems observe the events in the regulated system and relate them to the studied standardbehaviorpatterns.Iftheydonotalign,suspicionisraised,andifthefearexceedsaspecificlevel,thesystemincreases thealarm(Ding etal.,2019,p.106458).Theprimarysignificanceoftheanomaly-baseddetectionmethodisthatitdoesneed pastawarenessofinvasion;henceitcancapturenovelintrusionswithoutexternalinterventions.However,thetechniquehasa drawbackbecauseitmightfailtoexplainanattack,anditcanissueafalsepositiverate.

Unauthorized conduct is usually detected by the system’s abuse and is mainly referred to as signature detection. Nevertheless,thisdetectionmethodemploysidentifiedpatternsofunauthorizedbehaviortoforecastandidentifysucceeding similarefforts.Signaturesaretheexactconfigurations(Azeezetal.,2020,p.685).Threeunsuccessfulloginsareexamplesofa signatureinhost-basedinvasiondetectionandpreventionsystem.Asignatureinintrusiondetectionandpreventionsystems can be easy, like an exact arrangement matching a net package section. For example, package content signatures or caption contentsignaturescansymbolizeillegaloccurrences.Thesignatureactionmightnotrepresentthe absoluteattemptedillegal admission because it can be an unintentional error (Masdari & Khezri 2020). However, it is vital to take every system alert with much seriousness. Specific alarms, replies, or warnings should be directed to the relevant authorities depending on the strengthandseverityofthesignature.

ŁukasiakandRosiński(2017)statethattheideaunderlyingexploitationdetectionsystemsarethattherearemethods to present attacks in pattern or signature form for the differences of comparable attacks to be identified. Therefore, the schemesarelikevirusdetectionstructuresbecausetheycanrecognizenumerousspecifiedattackarrangements.However,the systems cannot be significantly employed in unknown attack models. It is vital to note that the anomaly detection method attemptstoidentifyknownlousyconduct.Theprimarymattersinmisapplicationdetectionsystemsaredesigningasignature thatincludeseverypotentialdifferenceoftherelevantattackandcreatingsignaturesthatalignwithnon-intrusiveevents.The benefit of the misappropriation detection system is that it can efficiently and effectively identify situations of known attacks (Kumari & Sharma 2018, p.38). The primary drawback of the misuse detection scheme is that it cannot identify recently

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056

Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

discoveredattacks. Thus,signaturedatabasesshouldbeupdatedregularly,andintrusiondetectionsystemsshouldrelateand aligntheeventswithmassivecollectionsofattacksignatures.

Why be serious about Intrusion

All organizations areputtingmore effortintosecurity, especiallythoseusinginformationsystems, andare required totake securitymattersseriouslyto boost confidentiality,safety, and trust amongtheusers. Therefore, some companiesare developingnewskillsthatallowthemtocreatenewrulesthatcanprovidesecuritysolutionstothreatsthat mightarisefrom externalorinternalattacks.Inanyorganization,Informationsecurityshouldhandleinformationtechnologyexpertswhocan control and filter any information damage that might arise from internal threats. (Attie et al., 2018). Moreover, the organizationdraftsnetwork security-based,whichprotectstheinformationsystemsbydetectingattacksandprovidingclear guidelinestostrengthendefenseandkeepinformationmoresecure.Somecompanieshavetriedtoadoptvariouswaystokeep informationsystemssafe,suchas thycryptographic(Dahiya &Srivastava 2018,p.253).Cryptographyfacessomechallenges, for instance, the users may forget their passwords or the password might be cracked, or all cryptosystems are lost, and the informationisleftinthehandsofattackersandthiscoalitionbetweeninsidersinthecompanyandtheoutsiders.

Through the advance in technology, for instance, from 2010, users got a short notification via emails from various companieswhenthedatabasewashacked.Therefore,alltheuserscanlogintotheiraccountfromtheircomfortzonetoalter thepasswordimmediatelytoreducemoredamage.Mosthackers'detailstargetcreditcardinformation,passwords,andemail addresses (Yu et al.,2018, p.158). Recent statistical research indicated that with the advancement in technology and communications,theinsecurityofthedatabaseisbecomingmoreexposedtoattackersandbecomingverycomplicatednow. Youmustchangetheroutessothatitdoesnotgetfamiliartotheattackers.Theriseofattackersencouragescompaniestobe more focused, take holistic security measures, and ensure that information security programs are kept healthy (Kumari et al.,2017, p.824). There is a need for the organization to improve the technology because the old methods cannot be used to identify the new intruders that breach and violate the database and prevent interference with the data and maintain the privacy of the organization, and in any case, be able to respond to any threats and provide the solution to the problem immediately(Shreenivas &Voigt2017).Therefore,thesystemneedstobeupdatedtoacquiremoreintelligentprogramming techniques and knowledge-based strategies to withstand all the threats that can harm the information system. The information technology experts need to build formidable efforts systems that ensure no one can access the company’s informationwithouttheirknowledge.

HerearesomeincidentsthathappenedintheUnitedStatesofAmericaduringtheyear.InJanuary,anemployeefrom the human resource department of the library of congress stole information from the library database, which contained informationaboutall theemployeesin the company,andwaschargedwithwirefraud.Theaccessedthenusedtheacquired knowledgetopasstovariouslinks,includinghisrelativespecializedinopeningaccounts.Thefiguresindicatedthattheyget a lotofmoneyfromhackedaccounts(Sinhetal.,2019).Theaccusedindividualsthenpassedtheinformationto thosewhowere traced to be in Ukraine. The breach was estimated to [have affected so many people, with around one hundred and sixty thousandofthebank'susersexposedtotheUkrainianattacksite.

InFebruary,anothersuspectwasarrested,whichprovidedcriticalinformationtothelawenforcementagency,anda computer file with Kaisers' permanent data was seized. Though the individual was not an employee of Kaiser, Kaiser PermanentehadtonotifyallthenorthernCalifornianstaffaboutwhathappenedfortheirpersonalinformationtobereleased. Itconcernedthebreachofthesecuritysysteminthedepartment.Inthesamemonth,thedatabaseoftheUSAKasperskywas compromised by an unidentified hacker who accessed essential information such as the security numbers of the staff of Kaspersky (Rios et al., 2020; Dash, 2021). At the University of Alabama, some computers were stolen, containing personal informationsuchaslabresults,names,andaddressesofthosewhohadtoundergolabtests.

Someofthecustomer'screditnumberswerestoleninMarch2009fromSymantecCompany.Andthecompanyhadto send frequent letters to notify its customers about the security breach of some of its members in the United Kingdom and Canada. In the month of April, one of the former employees in the New York state tax department stole many identities belonging to taxpayers and used them to create more accounts which were used for fraudulent activities by contacting individualpersonaldataasby(Kasongo&Sunetal.,2020,p.98).Andoneoftheformerinformationtechnologyexpertsinthe

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056

Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

bank was arrested. His documents were social security numbers, names of various employees and customers, and driving license, which was fake. In August, several hackers invaded the University of Massachusetts server and managed to access a computerserver,hijackallgraduates'information,anddefraudthem(Bhavanietal.,2020,p.637).In September,itwasablow to the Keystroke logging, the hackers stole the critical components used by the for-banking purpose, and they further transferred a tremendous amount of money into the company account Research indicates that hackers access bank details throughwomen’sdatainUNC-ChapelHill.Theywereabouttwohundredandthirty-sixthousand,andsomeotherinformation thatwasinterferedwithincludedthemammographyRegistry.

InthemonthofOctober2009,thehackerswereabletoaccessUnitedStatesArmyspecialforces.They gotawaywith necessarycredentials,includingnames,homeaddresses,andcellphonenumbers.Inthesamemonth,acomputertechnicianin Melloncorpscompanywasarrestedandchargedbecausehehadstolenmanyidentitiesfromvariousbanksandusedthemto defraud charitable groups .and. In November, multiple customers raised suspicious alarms to the bank of Hancock bank customerinCaliforniaabouttheirATMwithdrawals(Dominique &ma,2018).InDecember,computerswerebreached Many documentswerestolenintheLincolncampusoftheDepartmentofEducationandhumansciences,includingothergraduation lists. When the investigation was done, experts indicated that computers were not properly secured, which allowed more accessstovariousindividualsfromexternaloutsiders.Duringthesameperiod,Pennsylvania StateUniversity acknowledged thebreachofsecurityonthecampusandtheletterssenttomultiplestudentsresponsibleforfraudulentactivitiesoncampus. The college had to set records straight for those students to those involved in malicious intrusions. Therefore, any strange behaviorsmustbedetected,andthealarmmustberaisedtopreventsignificantdamagefromoccurring.

Conclusion and Recommendation

Themoderninterrelatedcomputerconnectionisahazardousrealitybecauseithasnumerousindividualswith much timetospendagainstthemostsolidsecuritymeasures.Suchindividualscanbedefeatedbyidentifyingwhentheyarelikely to attacktopreventtheirattempts.Developingappropriatestrategiesisthekeyandchoosingtheproperintrusiondetectionand prevention system is vital to ensure that an organization's network and systems are safe and secure. While security cases continue to increase, intrusion detection and prevention systems and enabling tools are crucial to improving security. The intelligentintrusiondetectionandpreventionsystemandtheinstrumentsshouldintegrateseveralphilosophicalapproaches from the topics of autonomic computing, machine learning, data mining, and artificial intelligence to aid them in identifying what approves an intrusion against a regular activity. This will be enabled by developing a knowledge foundation that improves when novel ideas or knowledge are discovered. Intrusion detection and prevention systems are an inexperienced researcharea.Nevertheless,thefieldisgainingsubstantialimportanceinthemoderncomputingenvironment.Theintegration offactssuchastheemotionalinternetdevelopment,theenormousfinancialpotentialsinelectronictrade,andthe absenceof securesystemsmakeitavitalresearchandimprovementarea.

Future research and development patterns appear to be meeting towards an approach founded on multi-agent invasion detection and prevention systems based on and controlled by autonomic computing artificial intelligence and data mining to support anomaly intrusion detection. The autonomic computing features such as self-configuration, self-healing, self-preservation, and self-optimization should be improved to comprise self-prevention and self-detection. The outcomes of the techniques will help research to differentiate malicious activities from regular non-attack events. Thus, the intrusion detectionandpreventionsystemswillbeaninnovative andchallengingsectionofthesecurityadministrationschemewitha richbutshortenedalarmsupervisionanddemonstrationofsecuritydefilementactivitiesforeasyhumanconsumption.

References

AlQuhtani,M.,2017.DataMiningUsageinCorporateInformationSecurity:IntrusionDetectionApplications. Business Systems Research: International journal of the Society for Advancing Innovation and Research in Economy, 8(1),pp.51-59

Alhello, Z.A., Abdul, A. and Kaur, H., 2017. On Applicability of Neural Network in Intrusion Detection and Prevention International Journal of Advanced Research in Computer Science, 8(7).

Al-Janabi,S.,2017,November.Pragmaticminertoriskanalysisforintrusiondetection(PMRA-ID).In International conference on soft computing in data science (pp.263-277).Springer,Singapore.

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056 Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

Alneyadi, S., Sithirasenan, E. and Muthukkumarasamy, V., 2016. A survey on data leakage prevention systems. Journal of Network and Computer Applications, 62,pp.137-152.

Alves, T., Das, R. and Morris, T., 2018. Embedding encryption and machine learning intrusion prevention systems on programmablelogiccontrollers. IEEE Embedded Systems Letters, 10(3),pp.99-102.

Ansari,M.,Dash,B.,Sharma,P.,&Yathiraju,N.,2022a.TheImpactandLimitationsofArtificialIntelligenceinCybersecurity:A LiteratureReview.International Journal ofAdvancedResearchinComputerandCommunicationEngineering,11(9), 81–90.https://doi.org/10.17148/IJARCCE.2022.11912

Ansari, M.F., 2022. A Quantitative Study of Risk Scores and the Effectiveness of AI-Based Cybersecurity Awareness Training Programs.InternationalJournalofSmartSensorandAdhocNetwork,3(3).

Ansari, M.F., Sharma, P.K. and Dash, B., 2022. Prevention of Phishing Attacks Using AI-Based Cybersecurity Awareness Training.Prevention.https://doi.org/10.47893/ijssan.2022.1221

Attia, M., Senouci, S.M., Sedjelmaci, H., Aglzim, E.H. and Chrenko, D., 2018. An efficient intrusion detection system against cyber-physicalattacksinthesmartgrid. Computers & Electrical Engineering, 68,pp.499-512.

Azeez, N.A., Bada, T.M., Misra, S., Adewumi, A., Van der Vyver, C. and Ahuja, R., 2020. Intrusion detection and prevention systems:anupdatedreview. Data management, analytics and innovation,pp.685-696.

Bashir, U. and Chachoo, M., 2014, March. Intrusion detection and prevention system: Challenges & opportunities. In 2014 International Conference on Computing for Sustainable Global Development (INDIACom) (pp.806-809).IEEE.

Baykara, M. and Das, R., 2018. A novel honeypot based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications, 41,pp.103-116.

Behniafar,M.,Nowroozi,A.R.andShahriari,H.R.,2018.Asurveyofanomalydetectionapproachesintheinternetofthings. The ISC International Journal of Information Security, 10(2),pp.79-92.

Bhavani, T.T., Rao, M.K. and Reddy, A.M., 2020. Network intrusion detection system using random forest and decision tree machine learning techniques. In First international conference on sustainable technologies for computational intelligence (pp.637-643).Springer,Singapore.

Biswas,S.andRoy,A.,2019,June.Anintrusiondetectionsystem-basedsecuredelectronicservicedeliverymodel.In 2019 3rd International Conference on Electronics, Communication and Aerospace Technology (ICECA) (pp.1316-1321).IEEE.

Chakir, E.M., Moughit, M. and Khamlichi, Y.I., 2017, May. A real-time risk assessment model for intrusion detection systems. In 2017 International Symposium on Networks, Computers and Communications (ISNCC) (pp.1-6).IEEE.

Cheng, T.H., Lin, Y.D., Lai,Y.C.andLin, P.C., 2011.Evasiontechniques: Sneaking throughyour intrusiondetection/prevention systems. IEEE Communications Surveys & Tutorials, 14(4),pp.1011-1020.

Conte,K.P.,Ryder,T.J.,Hopkins,L.,Gomez,M.andRiley,T.,2020.Committed,ambivalent,concealed,ordistanced:community organisations’perceptionsoftheirroleinlocalpreventionsystems. Critical Public Health,pp.1-11.

Dahiya, P. and Srivastava, D.K., 2018. Network intrusion detection in big dataset using spark. Procedia computer science, 132, pp.253-262.

Das,N.andSarkar,T.,2014.Surveyonhostandnetwork-basedintrusiondetectionsystem. International Journal of Advanced Networking and Applications, 6(2),p.2266.

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056

Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

Dash, B., & Ansari, M. F., 2022. An Effective Cybersecurity Awareness Training Model: First Defense of an Organizational SecurityStrategy.

Dash, B., & Sharma, P., 2022. Role of Artificial Intelligence in Smart Cities for Information Gathering and Dissemination (A Review).AcademicJournalofResearchandScientificPublishing|Vol,4(39).

Dash,B.,2021.Ahybridsolutionforextractinginformationfromunstructureddatausingopticalcharacterrecognition(OCR) withnaturallanguageprocessing(NLP).

Ding,N.,Ma,H.,Gao,H.,Ma,Y.andTan,G.,2019.Real-timeanomalydetectionbasedonlongshort-termmemoryandGaussian MixtureModel. Computers & Electrical Engineering, 79,p.106458.

Dominique, N. and Ma, Z., 2018, December. Enhancing network intrusion detection system method (nids) using mutual information(rf-cife).In International Conference on Security with Intelligent Computing and Big-data Services (pp.329342).Springer,Cham.

Hu, Z., Gnatyuk, S., Koval, O., Gnatyuk, V. and Bondarovets, S., 2017. Anomaly detection system in secure cloud computing environment. International Journal of Computer Network and Information Security, 9(4),p.10.

Jafarian, T., Masdari, M., Ghaffari, A. and Majidzadeh, K., 2021. A survey and classification of the security anomaly detection mechanismsinsoftwaredefinednetworks. Cluster Computing, 24(2),pp.1235-1253.

Jose, S., Malathi, D., Reddy, B. and Jayaseeli, D., 2018, April. A survey on anomaly based host intrusion detection system. In Journal of Physics: Conference Series (Vol.1000,No.1,p.012049).IOPPublishing.

Karatas,G.,Demir,O.andSahingoz,O.K.,2018,December.Deeplearninginintrusiondetectionsystems.In 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT) (pp.113-116).IEEE.

Kasongo,S.M.andSun,Y.,2020.Adeeplongshort-termmemorybasedclassifierforwirelessintrusiondetectionsystem. ICT Express, 6(2),pp.98-103.

Khraisat, A., & Alazab, A., 2021. A critical review of intrusion detection systems in the internet of things: techniques, deploymentstrategy,validationstrategy,attacks,publicdatasetsandchallenges.Cybersecurity,4(1),1-27.

Kumari,R.andSharma,K.,2018.Cross-layerbasedintrusiondetectionandpreventionfornetwork.In Handbook of Research on Network Forensics and Analysis Techniques (pp.38-56).IGIGlobal.

Kumari, U. and Soni, U., 2017, October. A review of intrusion detection using anomaly based detection. In 2017 2nd International Conference on Communication and Electronics Systems (ICCES) (pp.824-826).IEEE.

Kuznetsov, A.A., Smirnov, A.A., Danilenko, D.A. and Berezovsky, A., 2015. The statistical analysis of a network traffic for the intrusiondetectionandpreventionsystems. Telecommunications and Radio Engineering, 74(1).

Liao, H.J., Lin, C.H.R., Lin, Y.C. and Tung, K.Y., 2013. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1),pp.16-24.

Liu,Y.andZhang,X.,2016,August.IntrusiondetectionbasedonIDBM.In 2016 IEEE 14th Intl Conf on Dependable, Autonomic and Secure Computing, 14th Intl Conf on Pervasive Intelligence and Computing, 2nd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech) (pp. 173-177). IEEE.

Łukasiak, J. and Rosiński, A., 2017. Analysis of exploitation process in the aspect of readiness of electronic protection systems. Diagnostyka, 18

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056 Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

Masdari,M.andKhezri,H.,2020.Asurveyandtaxonomyofthefuzzysignature-basedintrusiondetectionsystems. Applied Soft Computing, 92,p.106301.

Mazini, M., Shirazi, B. and Mahdavi, I., 2019. Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. Journal of King Saud University-Computer and Information Sciences, 31(4),pp.541-553.

Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A. and Rajarajan, M., 2013. A survey of intrusion detection techniques in cloud. Journal of network and computer applications, 36(1),pp.42-57.

Mudzingwa, D. and Agrawal, R., 2012, March. A study of methodologies used in intrusion detection and prevention systems (IDPs).In 2012 Proceedings of IEEE Southeastcon (pp.1-6).IEEE.

Mukhopadhyay, I., Chakraborty, M. and Chakrabarti, S., 2011. A comparative study of related technologies of intrusion detection&preventionsystems. Journal of Information Security, 2(01),p.28.

Nayyar, S., Arora, S. and Singh, M., 2020, July. Recurrent Neural Network-Based Intrusion Detection System. In 2020 International Conference on Communication and Signal Processing (ICCSP) (pp.0136-0140).IEEE.

Patel,A.,Alhussian,H.,Pedersen,J.M.,Bounabat,B.,Júnior,J.C.andKatsikas,S.,2017.Aniftycollaborativeintrusion detection andpreventionarchitectureforsmartgridecosystems. Computers & Security, 64,pp.92-109.

Patel,A.,Alhussian,H.,Pedersen,J.M.,Bounabat,B.,Júnior,J.C.andKatsikas,S.,2017.Aniftycollaborativeintrusion detection andpreventionarchitectureforsmartgridecosystems. Computers & Security, 64,pp.92-109.

Patel, A., Qassim, Q., Shukor, Z., Nogueira, J., Júnior, J., Wills, C. and Federal, P., 2011. Autonomic agent-based self-managed intrusion detection and prevention system. In Proceedings of the South African Information Security Multi-Conference (SAISMC 2010) (pp.223-234).

Radoglou-Grammatikis,P.,Sarigiannidis,P.,Efstathopoulos,G.,Karypidis,P.A.andSarigiannidis,A.,2020,August.Diderot:an intrusion detection and prevention system for dnp3-based SCADA systems. In Proceedings of the 15th International Conference on Availability, Reliability and Security (pp.1-8).

Rajagopalan, R., Litvan, I. and Jung, T.P., 2017. Fall prediction and prevention systems: recent trends, challenges, and future researchdirections. Sensors, 17(11),p.2509.

Rios,A.L.G.,Li,Z.,Bekshentayeva,K.andTrajković,L.,2020,October.Detectionofdenialofserviceattacksincommunication networks.In 2020 IEEE International Symposium on Circuits and Systems (ISCAS) (pp.1-5).IEEE.

Sandhu, U.A., Haider, S., Naseer, S. and Ateeb, O.U., 2011. A survey of intrusion detection & prevention techniques. In 2011 International Conference on Information Communication and Management, IPCSIT (Vol.16,pp.66-71).

Schönefeld, J. and Möller, D.P.F., 2012. Runway incursion prevention systems: A review of runway incursion avoidance and alertingsystemapproaches. Progress in Aerospace Sciences, 51,pp.31-49.

Sharafaldin, I., Lashkari, A.H. and Ghorbani, A.A., 2018. Toward generating a new intrusion detection dataset and intrusion trafficcharacterization. ICISSp, 1,pp.108-116.

Sharma,P.,Dash,B.,&Ansari,M.F.,2022.Anti-phishingTechniques–AReviewofCyberDefenseMechanisms.IJARCCE,11(7). https://doi.org/10.17148/ijarcce.2022.11728

Shreenivas,D.,Raza,S.andVoigt,T.,2017,April.IntrusiondetectionintheRPL-connected6LoWPANnetworks.In Proceedings of the 3rd ACM international workshop on IoT privacy, trust, and security (pp.31-38).

International Research Journal of Engineering and Technology (IRJET) e-ISSN:2395-0056 Volume: 09 Issue: 11 | Nov 2022 www.irjet.net p-ISSN:2395-0072

Singh Panwar, S., Raiwani, Y.P. and Panwar, L.S., 2019, March. Evaluation of network intrusion detection with features selection and machine learning algorithms on CICIDS-2017 dataset. In International Conference on Advances in Engineering Science Management & Technology (ICAESMT)-2019, Uttaranchal University, Dehradun, India.

Sönmez,F.,Zontul,M.,Kaynar,O.andTutar,H.,2018.Anomalydetectionusingdata miningmethodsinitsystems:adecision supportapplication. Sakarya Üniversitesi Fen Bilimleri Enstitüsü Dergisi, 22(4),pp.1109-1123.

Wattanapongsakorn, N., Srakaew, S., Wonghirunsombat, E., Sribavonmongkol, C., Junhom, T., Jongsubsook, P. and Charnsripinyo,C.,2012,June.Apracticalnetwork-basedintrusiondetectionandpreventionsystem.In 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (pp.209-214).IEEE.

Yousufi, R.M., Lalwani, P. and Potdar, M.B., 2017, March. A network-based intrusion detection and prevention system with multi-mode counteractions. In 2017 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS) (pp.1-6).IEEE.

Yu,J.,Hao,R.,Xia,H.,Zhang,H.,Cheng,X.andKong,F.,2018.Intrusion-resilientidentity-basedsignatures:Concreteschemein thestandardmodelandgenericconstruction. Information Sciences, 442,pp.158-172.

Zarpelão, B.B., Miani, R.S., Kawakani, C.T. and de Alvarenga, S.C., 2017. A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84,pp.25-37

Author Biography

Smrutirekha Panda isafinalyearElectricalengineeringstudentatGovernmentEngineeringCollege,Keonjar,Odisha,India. HerresearchinterestsareArtificialIntelligence,CloudComputing,InformationSystems,BigData,andtheInternetofThings.