Introduction
The advent of computer technology has helped in creating an efficient way of handling information through the internet. Institutions, businesses and individuals now utilize network availability to store data and connect with other partners across the world. However, technology has also provided a chance for people whose intention is to steal or corrupt organizational or individual networks for personal gain through intrusion. A network intrusion is defined as attacks or scans which leads to unsanctioned activities on digital networks. Network intrusion in most instances, includes unauthorized access to network data or corrupting security networks in place. This has continuously placed multiple organization's data at risk of being stolen by intruders whose intention may be to steal resources or destroy an organizational reputation.
Due to massive losses that have been incurred by organizations and individuals through network intrusion, it is essential to evaluate different ways in which this unauthorized activity is carried out. Besides, organizations must apply network intrusion detection and prevention techniques to prevent the effects of intrusion.
Ways of Network Intrusion
After significant researches on unauthorized access and manipulation of the digital network, some methods have pinpointed as prevalent in network intrusions. The perpetrators of these actions use undetectable strategies to penetrate through a company's network. Some ways are meant to remain in the victims' network servers to detect and monitor an organization or individual activities. Also, some perpetration methods are intended to steal essential data from organizations and offices (Fleming & Wilander, 2018). The methods used for network intrusion include worms, traffic flooding, buffer overflow attacks, buffer overflow, common gateway interface and Trojans.
One of the most prevalent techniques employed by network perpetrators in the 21st century is the use of worms or computer viruses. Worms are referred to as computer codes with the ability to replicate themselves without interfering with the authorized computer programs. If they are undetected, worms spread through essential features such as email attachments and the Internet Relay Chat (IRC) protocol (Deogirikar & Vidhate, 2017). Consequently, they invade multiple network resources while squeezing out the authorized programs. As a result, they are able to access files containing essential information such as financial records which they, in turn, relay the information to perpetrators (Wang et al., 2017). Besides, worms may work to delete computer files and replace them with malicious software without user detection.
Traffic flooding methods is also a re-known method utilized by perpetrators in hacking organizations' networks. This method is used to load web pages or send content over the internet. The hackers often create heavy traffic loads that the target systems are unable to screen adequately. As a result, the target system is corrupted by the congested network environment giving a chance for perpetrators to perform an undetected attack (Jing, Yan, Jiang & Pedrycz, 2019). The attack frequently deactivates the system's opening capability rendering it to a "fail-open" condition.
Moreover, buffer overflow attacks penetrate a computer system by attempting to overwrite particular parts of the computer memory in a network. The method then replaces the overwritten memory with sets of commands which perpetrators utilize while executing attacks on a network. Often, this approach initiates denial of service (DoS) condition or establishes particular channels within a system that hackers use to gain remote access into the network (Nashimoto et al., 2017). However, this approach seems challenging to execute hacking, especially when buffer sizes are relatively small or in case a boundary checking logic that detects lengthy URL strings is installed.
Furthermore, the Common Gateway Interface (CGI) provides a convenient opening for attackers to access secure network files. CGI is customarily used to support server-client interactions on a network. However, these interactions leave opportunities such as backtracking which perpetrators manipulate to access the data (Wibowo, 2017). Besides, Trojans are other frequent attack methods on the network. They are programs which unlike worms and viruses, Trojans neither reproduce nor replicate to delete files on a system. They instead initiate DoS attacks or create channels that allow penetration of outside attackers on a system (McGuire, Ogras & Ozev, 2019). Trojans often originate from peer-to-peer file exchange and have the ability to penetrate a network from unpredicted online archives and file storage.
Network Intrusion Detection
To establish suspicious activities on the network, an intrusion detection system (IDS) is used to monitor a network for unauthorized activities or policy violations. The system detects typically any unrecognized intrusion and report the action to the network administrator or centrally collect the information using a piece of security information and event management (SIEM) (Shone, Ngoc, Phai & Shi, 2018). SIEM collects outputs from various sources and initiates alarm filtering to select the malevolent activity. To successfully detect all unauthorized actions on a network, the latest development in technology has seen the establishment of specific methods used to help IDS perform effectively (Bijone, 2016). These methods include anomaly-based intrusion techniques and signature-based intrusion techniques.
Anomaly-based (behavior-based) methods track activity within a particular range in search of malicious behavior on a network system. They were basically introduced to detect unknown intrusions due to the rapid advancement of malware attacks (Van & Thinh, 2017). The method utilizes a machine learning approach to create a channel of trustworthy activity, which is then compared with unknown behavior. This approach has a better-generalized property than the conventional signature-based IDS since the model can be configured with specific applications and hardware. However, this method is challenging and has sometimes been reported to detect false positives. A perfect instance involves where outbound URLs of web activity are detected. This results in an automatic block of sites including specific domains or URL contents accessed by human beings with legit access (Vidal, Monge & Monterrubio, 2020). In such a case, the method is not adequately able to differentiate between human actions and malware intrusions. As a result, multiple IDSs have suffered due to time-wasting problems due to the long detection process that tends to lower their performance (Aljawarneh, Aldwairi & Yassein, 2018). Still, a compelling feature selection algorithm has been used to simplify the classification process for detecting authorization more reliable.
The signature-based method involves the detection of threats by establishing specific patterns such as byte sequence in network traffic. The technique detects malware or packets from malware intended to create a security breach in a network system. Signature-based protects network system from known attackers such as emails with attachments infested with a known malware which comes with exciting subjects. Besides, it protects from remote login by users which violates an organization's policy. The signature-based method is typically the most comfortable form of detection since it only compares network traffic with a signature database (Shenfield, Day & Ayesh, 2018). When a match is detected, the system is alerted. Otherwise, traffic flow uninterrupted.
Network Intrusion Prevention
It is of a significant necessity for organizations to invest sufficiently in intrusion prevention methods to prevent inconveniencies caused by a security breach. An intrusion prevention system (IPS) is the most common form of network security utilized to detect and prevent threats from attacking a network system (Alves, Das & Morris, 2018). When a threat is detected, IPS report the activity to the administrator and also initiate preventative action including configuring firewalls and closing possible entry points for future threats. The system can also be utilized to prevent violation of organizational policies by limiting guest and employee access (Eyada, 2018). The IPS works on a real-time packet inspection basis where they critically inspect all packets traveling across a network. If the system detects malicious activity in the network, it automatically initiates a defense mechanism including reprograming the firewalls to prevent similar attacks (Sou & Lin, 2017). Besides, the system may also terminate the proceeding exploited session and block the threatening IP addresses or accounts from accessing any application from the host network. Furthermore, IPS may delete malicious content that may be remaining after an attack (Deng et al., 2019). The system repackages payloads, eliminate infected attachments from files and remove all header information.
Conclusion
In conclusion to this study, multiple organizations across the world have at least one's been compromised through network intrusion. This has been occurring despite the creation of various defense mechanisms in the past. However, with the advent of the latest network intrusion detection and prevention systems such as IDS and IPS, and detection methods such as anomaly-based and signature-based method, there may be an efficient solution. It is, therefore advisable for organizations to install the latest threat defense protocol to avoid the risk associated with network intrusions.
References
Aljawarneh, S., Aldwairi, M., & Yassein, M. B. (2018). Anomaly-based intrusion detection system through feature selection analysis and building efficient hybrid model. Journal of Computational Science, 25, 152-160.
AL-Maksousy, H. H. L., & Weigle, M. C. (2018, September). Hybrid intrusion detection system for worm attacks based on their network behavior. In International Conference on Digital Forensics and Cyber Crime (pp. 225-234). Springer, Cham.
Alves, T., Das, R., & Morris, T. (2018). Embedding encryption and machine learning intrusion prevention systems on programmable logic controllers. IEEE Embedded Systems Letters, 10(3), 99-102.
Bhardwaj, M., & Bawa, S. (2019). Fuzz Testing in Stack-Based Buffer Overflow. In Advances in Computer Communication and Computational Sciences (pp. 23-36). Springer, Singapore.
Bijone, M. (2016). A survey on secure network: intrusion detection & prevention approaches. American Journal of Information Systems, 4(3), 69-88.
Deng, L., Li, D., Yao, X., Cox, D., & Wang, H. (2019). Mobile network intrusion detection for IoT system based on transfer learning algorithm. Cluster Computing, 22(4), 9889-9904.
Deogirikar, J., & Vidhate, A. (2017, February). Security attacks in IoT: A survey. In 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)(I-SMAC) (pp. 32-37). IEEE.
Dong, B., & Wang, X. (2016, June). Comparison deep learning method to traditional methods using for network intrusion detection. In 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN) (pp. 581-585). IEEE.
Eyada, H. (2018). U.S. Patent No. 10,084,813. Washington, DC: U.S. Patent and Trademark Office.
Fleming, T., & Wilander, H. (2018). Network intrusion and detection: An evaluation of snort.
Gkounis, D., Kotronis, V., Liaskos, C., & Dimitropoulos, X. (2016). On the interplay of link-flooding attacks and traffic engineering. ACM SIGCOMM Computer Communication Review, 46(2), 5-11.
Hodo, E., Bellekens, X., Hamilton, A., Dubouilh, P. L., Iorkyase, E., Tachtatzis, C., & Atkinson, R. (2016, May). Threat analysis of IoT networks...
Cite this page
Network Intrusion: A Growing Security Threat - Essay Sample. (2023, Mar 27). Retrieved from https://proessays.net/essays/network-intrusion-a-growing-security-threat-essay-sample
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Report Example on Computer Network Design
- Setting Up the IT Security Defense Paper Example
- IT Security Risk Assessment Essay Example
- Corporate Insider Threat Detection Paper Example
- Enterprise Content Management Implementation in Current Enterprises Paper Example
- Safety Management Systems in Toshiba Organization - Essay Sample
- Essay Example on Big Data: Unlocking Hidden Insights for Better Results