الفهرس 
Chapter 1: IntroductionOnly 14 pages are availabe for public view
 |  | from | 156 |  |  |
| | | from | 156 | | |
Abstract
With rapid development of computer systems and networks, there are many attacks in the cyberspace that caused a lot of damage to organizations, governments, and individuals around the world. While computer security is constantly evolving, attacks continue to cause damage as they are developed and evolved by hackers.
Security has become one of the big challenges in the modern life. Security is a major issue for all computer systems and networks in today’s enterprise environment. Many techniques for securing computer systems and networks, such as the use of firewalls, encryption and virtual personal networks have been developed. These traditional methods insufficient to provide effective protection. So, the Intrusion Detection System (IDS) is necessarily used to guard computer systems and networks security.
Intrusion detection systems are relatively new expansion to such strategies. Intrusion detection systems have been introduced in recent years. The IDS is a hardware or software application that allows computer systems and networks to detect, recognize and avoid the harmful activities, which attempt to compromise the integrity, privacy or accessibility of them.
The IDS classified based on the system to be protected and the data used to discover the malicious activities into Host-based IDS (HIDS) and Network-based IDS (NIDS).
Two detection techniques are used by the IDSs, namely, the signature-based and anomaly-based. Signature-based intrusion detection depends on detecting the signature of the known attacks. On the other hand, the anomaly-based intrusion detection depends on detecting the anomalies behaviors in the computer systems and networks.
Due to the rapid development in the field of Information Technology (IT), which made the world as a small village, that is through the expansion of the use of computer networks. Likewise, the trend towards technologies that allow taking advantage of the capabilities of computer networks, such as cloud computing. Therefore, interest in the security of these networks has become an important element in such development, and therefore, research based on interest in computer network security and detection of security breaches in such networks has become the basis for information security in general.
Snort is the most widely-used open source signature-based NIDS that can be used effectively to detect and prevent the known network attacks. It uses a set of predefined signatures (rules) to trigger an alert if any of the network packets matches one of its rules. Snort fails to detect new attacks that do not have signatures in its predefined rules. So, Snort needs to constantly update its rules to detect new attacks.
Despite the increase in human knowledge and the progress of scientific research, Mankind progressively realizes that there is still a great distance between biological intelligence and mechanical intelligence. This is why computer systems are usually very passive when the new attacks are being carried out. Therefore, scientific research trying to learn artificial intelligence from the biological system remains important.
With regard to the natural immune system (NIS), an individual depends mainly on the immune system to protect his body from harmful external intrusions. An individual cannot live without this system, even just several days. Based on this consideration, NIS offer an inspiration for mathematical modeling and computer simulation, which leads to the creation of a new research field of computer science called Artificial Immune Systems (AIS). The AISs are a collection of algorithms inspired by the natural immune system that has been applied in many different areas including intrusion detection.
Machine Learning (ML) is a form of Artificial Intelligence. Artificial intelligence (AI) is wide-ranging branch of computer science concerned with building smart machines capable of performing tasks that imitate the human intelligence. ML that provides systems with the ability to automatically learn and improve from data without being explicitly programmed. ML techniques can automatically build the model for intrusion detection based on the training data set, which contains data instances that can be represented using a set of features and corresponding labels.
Cloud Computing is rapidly growing computational model. Cloud Computing is the solution of many IT industry problems such as computing overloads and potentially expensive investments in hardware for data processing and backups. It can revolutionarily transform the IT industry, making both software and infrastructure even more effective, by reshaping the designing and purchasing way of the hardware. Cloud computing introduces a framework that allows end users to easily get benefits from the powerful services and applications through Internet. It provides suitable and available network access to a shared aggregation of configurable computing resources (e.g. networks, servers, storage, applications, etc.); as a service on the Internet for achieving computing requests of the end users.
Previously, most institutions set their strategy to deploy their NIDS on dedicated hardware in order to protect computing infrastructures which contains important component from cyber-attacks. However, as a result of the high cost of the security issue and according to the financial cost saving of the Cloud computing such strategy is no longer effective nowadays for small and medium institutions which are conveniently turn into the Cloud computing which provides them the infrastructure, platform and software as services on a pay-per-use basis. The NIDS is introduced as a Service (NIDSaaS) model. The cost of setting up a server, hiring and training system administrators, and installing all the needed applications is mostly eliminated. For NIDS which used rules set for detecting the attacks e.g. Snort, rule revision is another advantage of NIDSaaS. The Cloud provider revise the rule set by creating rules for new attacks and eliminating deserted rules without adding any additional burden on the consumer.
In this thesis, the different techniques used in intrusion detection systems are introduced. The core objective of this thesis is to introduce the signature-based NIDS Snort and improve its performance to discover the new unknown attacks by applying some of the anomaly-based techniques such as the artificial immune system principles and the machine learning technique. Also, Snort as a Software as a Service (NIDSaaS) in the cloud computing is suggested.