A hybrid NIPS based on pcapsocks sniffer and neural MLP

Abstract

The rapid growth of computer network requires a high monitoring of data and resources to be more secure, but also to obtain a faithful communication between internal network systems. The intrusion detection and prevention systems IDS and IPS are the last tools used to secure data of enterprises and persons [3, 8, 9, 13, 21]. Also, their performances assessment and their efficiencies are very useful [1, 10, 15, 18–20]. A number of researches are down in this domain, they aim conception of a relevant monitoring system. While IDS makes network very sure, the IPS tries to take an adequate decision and reacts in real time. The main goal of this article is to analyze, and then evaluate mush of expanded and more used IPS actually. This assessment aims in one hand to measure satisfaction of security objectives, authenticity, availability, confidentiality and data integrity and in the other hand to test their performances based on some parameters related on computer security such as type of detection, filtering methods, real time reaction, updating, alert, logging… We deduct some limits and vulnerabilities. In addition, a new conception of an IPS is presented and described in details. It is based on multilayer perceptron and PcapSockS Sniffer [14] using cryptographic mechanisms for preparing treated data and thus facilitates intrusions detection by minimizing positive false number and eliminating the false negative generated.