IDSIC: an intrusion detection system with identification capability

摘要

Security is an important but challenging issue in current network environments. With the growth of Internet, application systems in enterprises may suffer from new security threats caused by external intruders. This situation results in the introduction of security auditors (SAs) who perform some test methods with hacking tools the same as or similar to those used by hackers. However, current intrusion detection systems (IDSs) do not consider the role of security auditors despite its importance. This causes IDSs to generate many annoying alarms. In this paper, we are motivated to extend a current IDS functionality with Identification Capability, called IDSIC, based on the auditing viewpoint to separate auditing traffic from malicious attacks. The IDSIC architecture includes two components: fingerprint adder and fingerprint checker, which can provide a separability of security auditors and hackers. With this architecture, we show that IDSICs can lower the consequential costs in the current IDSs. Therefore, such IDSICs can ensure a more stable system performance during the security examination process.