A Multi-Layered Approach to the Design of Intelligent Intrusion Detection and Prevention System (IIDPS)

Abstract

Ignoring security threats can have serious consequences; therefore host machines in network must continually be monitored for intrusions since they are the final endpoint of any network. As a result, this paper presents an Intelligent Intrusion Detection and Prevention System (IIDPS), which monitors a single host system from three different layers; files analyzer, system resource and connection layers. The approach introduced, a multi - layered approach, in which each layer harnesses both aspects of existing approach, signature and anomaly approaches, to achieve a better detection and prevention capabilities. The design of IIDPS consist of three basic components; the Executive which is an agent that runs in the background, iBaseline which is a database that stores the signatures of intrusions and the iManager which is a user Interface that serves as an intermediary between the IIDPS and the user. This work serves as a foundation upon which interested researchers can further build on to achieve better detection and prevention capabilities.