Statistic Approached Dynamically Detecting Security Threats and Updating a Signature-Based Intrusion Detection System’s Database in NGN

Abstract

Cyber-attacks threatening the network and information security have increased, especially during the current rapid IT revolution. Therefore, a monitoring and protection system should be used to secure the computer networks. An intrusion detection system is very crucial on the market since it helps to control the network traffic and alerts the users during illegal access to the network. IDS is divided into three types: signature-based IDS, anomaly-based IDS, and both. Automatically updating the attack list to overcome new attack types is one of the main challenges of signature-based IDS. Most IDS or websites use recently detected attack signatures to update their databases manually or remotely. This article proposes a new AI model that uses a filter engine that functions as a second IDS engine to automatically update the attack list by AI. The results show that using the proposed model can improve the overall accuracy of IDS. The proposed model uses an IP-Factor (IPF) and Non-IP-Factor (NIPF) blacklist that can automatically detect the threats and update the IDS database with new attack features without manual intervention, as well as define new attack features based on similarity.