Rodriguez Research Proposal FInal

docx

School

American Military University *

*We aren’t endorsed by this school

Course

300

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

9

Uploaded by arodriguezjr84

Report
Intrusion Detection System: Permanently Preventing Zero-day Attacks 1 Intrusion Detection System: Permanently preventing Zero-day attacks Angel Luis Rodriguez Jr American Public University System 2023
Intrusion Detection System: Permanently Preventing Zero-day Attacks 2 Abstract Systems are monitored constantly not to be broken into or compromised with the data. Different types of methods would prevent this from happening. The methods are only sometimes a hundred percent accurate. Based on the documents I reviewed from other scholars, the different methods used for the system would work but will have flaws. Signature-based intrusion detection would work to detect zero-day attacks but would only do it if the program recognizes it. Anomaly-based intrusion detection would detect the attack but has a high rate of false positive alarms. Further research is needed to develop a method that can be used to see zero-day attacks but without flaws. The evidence that has been presented shows that the only way to prevent a zero- day attack is for the system to have been attacked before for it to be recognized. The result of the research would be to have the method work on a system without being attacked for it to learn. The other is keeping the process that can detect zero-day attacks but comes with the flaws of the high rate of false alarms. The point is to permanently develop a method to eliminate zero-day attacks without flaws.
Intrusion Detection System: Permanently Preventing Zero-day Attacks 3 Introduction Organizations and companies have been careful to protect their customers' or clients' information for years. Every day, dedicated teams are constantly alert and watching out for breaches. We must always be careful. We can only prepare with the tools provided and hope it will be enough. Technology and methods will constantly evolve, just like our enemies will keep figuring out new ways to attack the system differently without us noticing. Zero-day attacks have been around ever since with technology. Today, companies and organizations spend a lot of money to keep their systems updated so that their systems compromise. The attackers will consistently exploit newly discovered system vulnerabilities and utilize increasingly advanced cyber-attacks, zero-day attacks, and intrusion detection systems. For now, those systems work depending on which one is being used. We have methods and techniques we utilize daily, but like with any other system, some things could be improved. Some systems put into place would be great in detecting zero-day attacks but will have a high rate of false alarms. The other cannot protect against the zero-day attack, but once the system has been hit, it will learn and adapt and will not become compromised if attacked again with the same signature. Apart from traditional system-based protection and machine learning, a type of artificial intelligence, it has also been developed to combat cyber-attacks. Depending on which method is used with machine learning, one would have great results identifying zero-day attacks and a high level of false alarms. The next one will only be good for well-known high levels and a low false alarm rate. The last one would be to give the time to learn if we can fend off cyber threats. The
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Intrusion Detection System: Permanently Preventing Zero-day Attacks 4 goal is to eliminate surprise attacks and stay ready for anything without needing to remember and constantly prepare for the next time. This proposal aims to use the documents reviewed to devise a flawless method for detecting zero-day attacks without relying on being attacked to learn about them. Problem Statement Many organizations face different challenges daily regarding the protection of their systems. Attackers will always find a way to get into the system. Currently, intrusion systems are always too late to stop them or cannot identify the intrusion because it is not recognized. New methods for detecting and responding to zero-day attacks are urgently needed to keep up with the evolving threat landscape. Purpose Statement The purpose of this research proposal is to demonstrate that the right approach can overcome the obstacles to predicting and preventing zero-day attacks, which are often exploited through new vulnerabilities and advanced cyber-attacks. Though some systems may only be effective for some organizations and systems, developing a permanent solution to eliminate zero- day attacks can be done with the right approach.
Intrusion Detection System: Permanently Preventing Zero-day Attacks 5 Literature Review Ali, Rehman, Imran, Adeem, Iqbal, & Ki-Il (2022) discuss a comparative analysis of the techniques to prevent zero-day attacks. As the number of mechanisms and internet usage increases, the associated security risks also rise. The attackers view the internet as a platform to expose a network's vulnerabilities and security loopholes. In addition, network penetration testing has become more critical to identify and address these issues effectively. Attackers will benefit from zero-day attacks, which are unknown and previously undisclosed. These attacks are often used with other complex attacks to avoid detection by intrusion detection techniques, making it increasingly difficult to defend against such attacks (Ali, Rehman, Imran, Adeem, Iqbal, & Ki-Il, 2022). Despite enormous advancements in developing detection tools to identify known attacks, challenges remain to be addressed. These include detecting zero-day attacks, updating the detection models, and managing the high rate of false positives ( Pinto, Herrera, Donoso, & Gutierrez, 2023). Many methods and techniques have been used to prevent a zero-day attack, but there are no ways to stop them from happening again permanently. Security companies are concerned about detecting zero-day attacks and the readiness of high-tech resources to implement proposed solutions in the real world. Zero-day attacks are classified as anomaly-based, graph-based, and AI-based attacks, and IDSs have integrated machine-learning techniques to address a more extensive range of threats ( Pinto, Herrera, Donoso, & Gutierrez, 2023). Anomaly-Based and Signature-Based Intrusion Detection System (AIDS) (SIDS)
Intrusion Detection System: Permanently Preventing Zero-day Attacks 6 In accordance with Ansam, Iqbal, Vamplew, & Joarder's (2019) research, SIDS is only capable of identifying well-known intrusions, while AIDS can detect zero-day attacks. Signature- based intrusion detection systems (SIDS) can struggle to detect zero-day attacks since they don't have a matching signature in their database until a signature for the new attack is extracted and stored. On the other hand, anomaly-based intrusion detection systems (AIDS) can produce a high false positive rate as some anomalies may be new normal activities instead of genuine intrusions. The main advantage of AIDS is its ability to identify zero-day attacks. Unlike SIDS, AIDS does not rely on a signature database to detect new attacks. Instead, it recognizes irregular user activity that may indicate an intrusion. This makes it more effective in detecting attacks that have not been seen before and that do not have a matching signature in the database (Ansam, Iqbal, Vamplew, & Joarder, 2019, cited Alazab et al., 2012). Graph-Based Ali, Rehman, Imran, Adeem, Iqbal, & Ki-Il (2022) discuss the detection of the attack through graphical models. They referenced authors who presented a proposal for an anomaly detector that utilizes the probability of network attack occurrences. Their method involves a directed graph that visualizes the communication between nodes in the network. To start with, they introduced a behavioral model for the attacker. Then, the detector was utilized to compare the network probability of the hacker’s behavior when affecting a mass in normal conditions versus when the host is compromised. The plan for zero-day attack detection involves an attack graph-based layered design comprising a risk analyzer, physical, and path generator layers. Once again, development tools can only prevent zero-day attacks but not permanently stop them from happening. The only way to protect yourself is to allow an attack to occur so that
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Intrusion Detection System: Permanently Preventing Zero-day Attacks 7 it will not happen again. In all these methods, the graph is used for removal by applying specific conditions for detecting zero-day attacks (Ali, Rehman, Imran, Adeem, Iqbal, & Ki-Il, 2022). Machine Learning (ML) Pinto, Herrera, Donoso, & Gutierrez (2023) discuss the different machine learning methods to protect the system or asset. Machine learning has been used to improve intrusion detection systems (IDSs). There are three types of machine learning: supervised, unsupervised, and reinforcement learning. Supervised learning is good at finding known attacks without too many false alarms. But, it has only been tested on old data, so it might not work as well in the real world. The system needs more help to detect new attacks. Unsupervised learning is good at finding further attacks but has more false alarms. Reinforcement learning is a new technique that can help with complicated cybersecurity issues, but learning takes time. Despite progress, challenges persist in detecting attacks like zero-day attacks, updating models, and lowering false positives. Research Methods The research aims to develop a way to prevent a permanent system from being attacked by a zero-day vulnerability. The problem is that many methods have been developed to help prevent zero-day attacks, but they still need to be eliminated. Most of the methods work only because the system needs a zero-day attack to recognize the signature and register it to prevent future attacks. The research aims to gather all information on methods recently developed at least 5 to 10 years ago. Out of all the ways, we home in on the ones working on identifying zero-day
Intrusion Detection System: Permanently Preventing Zero-day Attacks 8 attacks. The methods chosen would include all documentation reviews from other scholars and utilize what they have found and used to develop the technique to eliminate zero-attack for good. Of course, those methods would have some flaws, such as the methods would give false positives to trigger alarms and they don’t recognize signatures. Collecting all the data on those specific methods will help us understand the flaws and give us numerous options when developing a strategy to eliminate zero-day attacks permanently. Once the data is gathered, we would start looking at the formulas used (if any) or the source code for methods to help us understand the functionality of how it works. Once we know the functionalities of the procedure, then the development will start to take place. Part of the development would be to eliminate the flaws, whether it is the inconsistency of not being up to date, the process of the method working to a point where zero-day attacks occur because the signature was not recognized, or false alarms being triggered. The resulting method would be that sole method utilizing the knowledge provided by all the others and making one with no flaws as with the flaw of learning after the fact.
Intrusion Detection System: Permanently Preventing Zero-day Attacks 9 References Ali, S., Rehman, S. U., Imran, A., Adeem, G., Iqbal, Z., & Ki-Il, K. (2022). Comparative Evaluation of AI-Based Techniques for Zero-Day Attacks Detection. Electronics, 11 (23), 3934. https://doi.org/10.3390/electronics11233934 Ansam, K., Iqbal, G., Vamplew, P., & Joarder, K. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2 (1) https://doi.org/10.1186/s42400- 019-0038-7 Lozano Mario Aragonés, Israel Pérez Llopis, & Manuel, E. D. (2023). Threat Hunting Architecture Using a Machine Learning Approach for Critical Infrastructures Protection. Big Data and Cognitive Computing, 7 (2), 65. https://doi.org/10.3390/bdcc7020065 Pinto, A., Luis-Carlos Herrera, Donoso, Y., & Gutierrez, J. A. (2023). Survey on Intrusion Detection Systems Based on Machine Learning Techniques for the Protection of Critical Infrastructure. Sensors, 23 (5), 2415. https://doi.org/10.3390/s23052415 Sarhan, M., Layeghy, S., Gallagher, M., & Portmann, M. (2023). From zero-shot machine learning to zero-day attack detection. International Journal of Information Security , 22 (4), 947–959. https://doi.org/10.1007/s10207-023-00676-0
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CYB 230 Module Four Lab Worksheet Joshua Crowley (1).docx
IT 200 Project One Technology Hardware and Software.docx
IT 200 Network Configuration Model.docx
Project 7 GIS.docx
CJUS 430 UNIT 3 IP 1.docx
Module 5 Assignment.docx
WK8 Q&A.docx
WK5 Q&A.docx
IRIS Assessment Questions.dotx
Assignment 3.pdf
Baker_lab2.docx
Baker Nicholas Assignment 4 Part 3 Spring 2022.docx