P Information Technology / Security & Auditing The State of the Art a t h a The State of the Art in Intrusion Prevention and Detection analyzes the latest n in Intrusion Prevention trends and issues surrounding intrusion detection systems in computer networks, especially in communications networks. Its broad scope of coverage includes wired, wireless, and mobile networks; next-generation converged networks; and and Detection intrusion in social networks. T h Presenting cutting-edge research, the book presents novel schemes for intrusion e detection and prevention. It discusses tracing back mobile attackers, secure routing P with intrusion prevention, anomaly detection, and AI–based techniques. It also S includes information on physical intrusion in wired and wireless networks and r agent-based intrusion surveillance, detection, and prevention. The book contains et a 19 chapters written by experts from 12 different countries that provide a truly v t global perspective. e e n The text begins by examining traffic analysis and management for intrusion to i detection systems. It explores honeypots, honeynets, network traffic analysis, and of the basics of outlier detection. It talks about different kinds of IDSs for different nt infrastructures and considers new and emerging technologies such as smart grids, h cyber physical systems, cloud computing, and hardware techniques for high a e performance intrusion detection. n A d The book covers artificial intelligence–related intrusion detection techniques r and explores intrusion tackling mechanisms for various wireless systems and D t networks, including wireless sensor networks, WiFi, and wireless automation e i systems. Containing some chapters written in a tutorial style, this book is an ideal n t reference for graduate students, professionals, and researchers working in the field e of computer and network security. I c n t it or u n s i Edited by o n K21319 Al-Sakib Khan Pathan 6000 Broken Sound Parkway, NW Suite 300, Boca Raton, FL 33487 ISBN: 978-1-4822-0351-6 711 Third Avenue 90000 New York, NY 10017 an informa business 2 Park Square, Milton Park www.crcpress.com Abingdon, Oxon OX14 4RN, UK 9 781482 203516 www.auerbach-publications.com K21319 mech-rev.indd 1 12/5/13 10:16 AM The State of the Art in Intrusion Prevention and Detection OTHER INFORMATION SECURITY BOOKS FROM AUERBACH Asset Protection through Security Awareness Guide to the De-Identification of Personal Tyler Justin Speed Health Information ISBN 978-1-4398-0982-2 Khaled El Emam ISBN 978-1-4665-7906-4 Automatic Defense Against Zero-day Polymorphic Worms in Communication Information Security Governance Simplified: Networks From the Boardroom to the Keyboard Mohssen Mohammed and Al-Sakib Khan Pathan Todd Fitzgerald ISBN 978-1-4665-5727-7 ISBN 978-1-4398-1163-4 The Complete Book of Data Anonymization: Information Security Policy Development for From Planning to Implementation Compliance: ISO/IEC 27001, NIST SP 800-53, Balaji Raghunathan HIPAA Standard, PCI DSS V2.0, and AUP V5.0 ISBN 978-1-4398-7730-2 Barry L. Williams ISBN 978-1-4665-8058-9 The Complete Guide to Physical Security Paul R. Baker and Daniel J. Benny Information Technology Control and Audit, ISBN 978-1-4200-9963-8 Fourth Edition Sandra Senft, Frederick Gallegos, and Aleksandra Davis Conflict and Cooperation in Cyberspace: ISBN 978-1-4398-9320-3 The Challenge to National Security Panayotis A. Yannakogeorgos and Iris Biometric Model for Secured Network Access Adam B. Lowther (Editors) Franjieh El Khoury ISBN 978-1-4665-9201-8 ISBN 978-1-4665-0213-0 Cybersecurity: Public Sector Threats Managing the Insider Threat: No Dark Corners and Responses Nick Catrantzos Kim J. Andreasson ISBN 978-1-4398-7292-5 ISBN 978-1-4398-4663-6 Network Attacks and Defenses: A Hands-on The Definitive Guide to Complying with the Approach HIPAA/HITECH Privacy and Security Rules Zouheir Trabelsi, Kadhim Hayawi, Arwa Al Braiki, John J. Trinckes, Jr. and Sujith Samuel Mathew ISBN 978-1-4665-0767-8 ISBN 978-1-4665-1794-3 Digital Forensics Explained Noiseless Steganography: The Key to Covert Greg Gogolin Communications ISBN 978-1-4398-7495-0 Abdelrahman Desoky ISBN 978-1-4398-4621-6 Digital Forensics for Handheld Devices Eamon P. Doherty PRAGMATIC Security Metrics: Applying ISBN 978-1-4398-9877-2 Metametrics to Information Security W. Krag Brotby and Gary Hinson Effective Surveillance for Homeland Security: ISBN 978-1-4398-8152-1 Balancing Technology and Social Issues Francesco Flammini, Roberto Setola, Securing Cloud and Mobility: A Practitioner’s Guide and Giorgio Franceschetti (Editors) Ian Lim, E. Coleen Coolidge, and Paul Hourani ISBN 978-1-4398-8324-2 ISBN 978-1-4398-5055-8 Electronically Stored Information: Security and Privacy in Smart Grids The Complete Guide to Management, Yang Xiao (Editor) Understanding, Acquisition, Storage, ISBN 978-1-4398-7783-8 Search, and Retrieval Security for Wireless Sensor Networks using David R. Matthews Identity-Based Cryptography ISBN 978-1-4398-7726-5 Harsh Kupwade Patil and Stephen A. Szygenda Enterprise Architecture and Information ISBN 978-1-4398-6901-7 Assurance: Developing a Secure Foundation The 7 Qualities of Highly Secure Software James A. Scholz Mano Paul ISBN 978-1-4398-4159-4 ISBN 978-1-4398-1446-8 AUERBACH PUBLICATIONS www.auerbach-publications.com • To Order Call: 1-800-272-7737 • E-mail: [email protected] The State of the Art in Intrusion Prevention and Detection Edited by Al-Sakib Khan Pathan MATLAB® and Simulink® are trademarks of The MathWorks, Inc. and are used with permission. The MathWorks does not warrant the accuracy of the text or exercises in this book. This book’s use or discussion of MATLAB® and Simulink® software or related products does not constitute endorsement or sponsorship by The MathWorks of a particular peda- gogical approach or particular use of the MATLAB® and Simulink® software. CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2014 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20131114 International Standard Book Number-13: 978-1-4822-0352-3 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the valid- ity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or uti- lized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopy- ing, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http:// www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Dedicated to “All the seekers of knowledge and the truth” Al-Sakib Khan Pathan Contents Preface...............................................................................................................................................ix Acknowledgments .............................................................................................................................xi Editor .............................................................................................................................................xiii Contributors .....................................................................................................................................xv Section i network traffic Analysis and Management for iDS Chapter 1 Outlier Detection ..........................................................................................................3 Mohiuddin Ahmed, Abdun Naser Mahmood, and Jiankun Hu Chapter 2 Network Traffic Monitoring and Analysis .................................................................23 Jeferson Wilian de Godoy Stênico and Lee Luan Ling Chapter 3 Using Routers and Honeypots in Combination for Collecting Internet Worm Attacks ........................................................................................................................47 Mohssen Mohammed and Al-Sakib Khan Pathan Chapter 4 Attack Severity–Based Honeynet Management Framework......................................85 Asit More and Shashikala Tapaswi Section ii iDS issues for Different infrastructures Chapter 5 Intrusion Detection Systems for Critical Infrastructure ..........................................115 Bernardi Pranggono, Kieran McLaughlin, Yi Yang, and Sakir Sezer Chapter 6 Cyber Security of Smart Grid Infrastructure ...........................................................139 Adnan Anwar and Abdun Naser Mahmood Chapter 7 Intrusion Detection and Prevention in Cyber Physical Systems ..............................155 Mohamed Azab and Mohamed Eltoweissy Chapter 8 Encrypted Ranked Proximity and Phrase Searching in the Cloud ..........................187 Steven Zittrower and Cliff C. Zou vii viii Contents Chapter 9 Intrusion Detection for SCADA Systems .................................................................211 Alaa Atassi, Imad H. Elhajj, Ali Chehab, and Ayman Kayssi Chapter 10 Hardware Techniques for High-Performance Network Intrusion Detection ...........233 Weirong Jiang and Viktor K. Prasanna Section iii Artificial intelligence techniques for iDS Chapter 11 New Unknown Attack Detection with the Neural Network–Based IDS .................259 Przemysław Kukiełka and Zbigniew Kotulski Chapter 12 Artificial Intelligence–Based Intrusion Detection Techniques ................................285 Zahra Jadidi, Vallipuram Muthukkumarasamy, and Elankayer Sithirasenan Chapter 13 Applications of Machine Learning in Intrusion Detection ......................................311 Yuxin Meng, Yang Xiang, and Lam-For Kwok Section iV iDS for Wireless Systems Chapter 14 Introduction to Wireless Intrusion Detection Systems .............................................335 Jonny Milliken Chapter 15 Cross Layer–Based Intrusion Detection Techniques in Wireless Networks: A Survey ...................................................................................................................361 Subir Halder and Amrita Ghosal Chapter 16 Intrusion Detection System Architecture for Wireless Sensor Network..................391 Mohammad Saiful Islam Mamun Chapter 17 Unique Challenges in WiFi Intrusion Detection ......................................................407 Jonny Milliken Chapter 18 Intrusion Detection Systems for (Wireless) Automation Systems ...........................431 Jana Krimmling and Peter Langendörfer Chapter 19 An Innovative Approach of Blending Security Features in Energy-Efficient Routing for a Crowded Network of Wireless Sensors ..............................................449 Al-Sakib Khan Pathan and Tarem Ahmed Preface INTRODUCTION Most of the security threats in various communications networks are posed by the illegitimate entities that enter or intrude within the network perimeter, which could commonly be termed as intruders. Sometimes a legitimate entity in a system could also be compromised in some way so that an attacker-intended task could be performed for breaching the security of the system. To tackle intrusions of various kinds, we commonly hear about intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) or a combination of both called IDPS (intrusion detection and prevention systems). The main task of an IDS is to defend a computer system or computer network by detecting an attack and possibly repelling it. Successful detection of hostile attacks depends on the number and type of appropriate actions. On the other hand, intrusion prevention requires a well- selected combination of baiting and trapping aimed at the investigations of threats. Diverting the intruder’s attention from protected resources is another task. Both the real system and a possible trap system are constantly monitored. Various tasks and functionalities can be thought of under intrusion-related topics in computer, communications, or networking fields: – Regular checking of the data in computers and systems – Monitoring and analyzing network traffic – Analyzing network configuration and vulnerabilities – Assessing network and data integrity – Ability to recognize patterns typical to attacks – Tracking the network policy violations – Analysis of abnormal activities – Outside influence and its impact on a system’s security OBJECTIVE OF THE BOOK This book compiles the latest trends and issues in intrusion tackling in computer networks and systems, especially in communications networks. It is written for graduate students in universities, researchers, academics, and industry practitioners working in the areas of wired or wireless net- working or computer systems, who want to improve their understanding of the interrelated topics. ABOUT TARGET AUDIENCE AND CONTENT The target audience of this book is composed of students, professionals, and researchers working in the field of computer and network security especially. Moreover, the book includes some chapters written in a tutorial style so that general readers can be able to easily grasp some of the ideas in the relevant areas. There are a total of four sections of the book with a total of 19 chapters. These chapters have been contributed by authors from 12 countries. Section i: network traffic analySiS and ManageMent for idS • Chapter 1 - Outlier Detection • Chapter 2 - Network Traffic Monitoring and Analysis ix