A security policy and Network Cartography based Intrusion Detection and Prevention Systems

During this time when Internet provides essential communication between an infinite numbers of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are now considered a mainstream security technology. IDS and IPS are designed to identify security breaches. However, one of the most problems with current IDS and IPS is the lack of the "environmental awareness" (i.e. security policy, network topology and software). This ignorance triggers many false positives and false negatives. a false negative is corresponding to a non-detected attack and it occurs because an attacker is misclassified as a normal user. A false positive is corresponding to a false alert and it occurs because the IDS/IPS misinterprets normal packets or activities as attacks. In this paper, we propose a novel intrusion detection and prevention architecture where we integrate the characteristics and the properties of the protected system in the traffic analysis process. Our solution has been verified in IDS and IPS system and achieved a significant reduction in the number of false positives and false negatives.