Network Security Intrusion: Mitigating Breaches With Holistic Approach - Essay Sample

Introduction

Network security intrusion is among the most severe issues facing security systems today. Determining the most rational means through which to solve the challenges that lie in such systems can be a logistical and mechanical nightmare for the organizations that rely on them. Dong and Wang (2016) cited the rapid increase in network breaches in the recent past, requiring a holistic approach to between the agencies and organizations to mitigate the issues associated with network breaches. The rapid speed with which technology has been implemented has made it extremely easy for individuals to access technology and equipment. Inevitably, the wrong type of people may access such technology, increasing the risk of a possible breach. In the contemporary world of business, companies continue to adopt the latest technological frameworks for their systems. Technology has provided reliability, efficiency, and accuracy, enhancing the outcomes and subsequent security of the processes that so desperately depend on these systems.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Intrusion falls under the international definition of cybercrime. It is the result of unauthorized access to computer networks, mostly with malicious intent. Bijone (2016) considers the individuals involved in such actions as in search of adventure or to obtain information illegally, which finds willing customers in the black market. Some companies have suffered this experience with disastrous consequences. For instance, Solaris Computers was hacked on 30th March 2000, while they were in the process of running a crucial scientific experiment (Bould, 2014). The company's IT department noticed the ongoing hack when they found a foreign account tried to access its systems. What ensued was a desperate attempt by members of the department to contain the situation by stopping the entity from proceeding with the exercise. Solaris's information security office was alerted, and the company managed to escape from the problem relatively unscathed. Cases like Solaris's are common because they affect companies with the most reliable systems. This project aims to demystify the ways that network intrusion occurs, with additional attention on how to detect and subsequently resolve such challenges.

Literature Review

Technology Proliferation and Network Intrusion

Technological development witnessed across the globe over recent centuries has resulted in various problems. Data security and related issues, which emanate from a data-based computer system, have become a significant challenge in the world. There has been an increase in the number of malicious users of the internet, hackers as a result of network traffic (Ugochukwu & Bennett, 2018). For this reason, there is an intrusion detection system (IDS), which has been developed to detect and prevent such attacks.

Keegan et al. (2016) analyzed the cloud-based network intrusion detection. The primary aim of this study was to find the harnessing mechanism between cloud computing technology and machine learning, which can be used to detect threats and computation times. The authors of this article, therefore, set out to determine ways that can be used to detect network intrusion. The study explored previous research in two different fields; machine learning and cloud computing, which also utilize machine learning algorithms (MLAs). The authors offered an overview of this growing body of research, challenges, future directions that could be taken by MLAs and successes.

Keegan et al. (2016) established that detection methods are divided into two categories. The categories include signature-based and behavior-based or anomaly-based technique. Signature-based techniques, which are known as knowledge-based techniques, are perfect for referencing databases of previous attacks and vulnerabilities. It implies that the signature-based techniques are best for known attacks. Although constant maintenance of attack signatures is required for the effectiveness of this technique, it might sometimes require high overhead and a considerable amount of resources. Behavior-based techniques are best known for protection against unknown attacks. To detect against such intrusions, the authors posited that anomaly-based methods detect intrusion as deviation and comparing them to the network's normal activities, which is command and traffic.

Keegan et al. (2016) added that the system first undergoes training to set a standard profile. This typical profile is then used to detect deviations and behavior-based techniques, which do not necessarily compare against the baseline. Additionally, the authors established that most cloud-based intrusion detection techniques are designed to comprise of data parser, mapper, reducer, and data processing. The data parser mainly focuses on getting rid of useless features. It extracts information from the input data through the elimination of unnecessary data. The parsed information is used to determine crucial elements, which are formatted as a metadata file. The launching of data mapper by job cloud dispatcher takes place at each computing node. The mapping process then follows this, then data reducer is performed to eliminate the redundancy that might emerge. To minimize the biases in this study, the authors harnessed the previous researches, which they made sure were relevant and adequate.

Use of Intelligence Agents in Network Intrusion Prevention

A study by Sychugov et al. (2019) sought to establish the prevention of network intrusion by the use of intelligent agents. The authors defined intrusion as a violation of the security policy system. Intrusion detection mechanisms are hence, the ways used to reveal the abuses within the system security policy. This form of intrusion, according to the authors, is based on the assumption that normal activities of the internet can help detect violations. It implies that everything that deviates from the routine activities is considered different, and anomalies are noticeably different and detectable. The other assumption is that the irregularities have characteristics that are caused by unauthorized intrusions. The major objective is always to protect the network data sources provided with the help of firewalls, attack detection systems, antivirus solutions, encryption, and integrity monitoring solutions.

The primary aim of this study according to Sychugov, et al. (2019) was to find the appropriate methods that can be used to detect the anomalies or forbidden events within a network, caused by the unauthorized intrusion. To achieve this objective, the authors say that it is vital to have the ability to detect unspecified anomalies, both distributed and new ones. The authors thus divided network attacks into three types. The first type is referred to as a reconnaissance attack, which majorly gains information about the computer that is being targeted. The second one is exploited, a piece of software attacking other software's' vulnerabilities. The third type is denial-of-service, which jams the central processing unit by overloading it and bringing down the service by overworking the hard drive.

Furthermore, Sychugov et al. (2019) proposed the usage of a multi-agent system for the purposes of data protection. A multi-agent system is a group of software robots that are distributed all over the network. They search for data procedures and knowledge as well as corporate to solve emerging problems. The authors found that to detect attacks aimed at the system, an agent must have software components like autonomy, proactivity, awareness, a sense of purpose, rationality, and fast response. The authors, therefore, introduced a system of network intrusion detection that can easily be applied with the help of computer malfunctions detection. The primary reason for choosing this method is the authors' belief that anomalies can be detected in real-time. According to Sychugov et al. (2019), the success and efficiency of this method is heavily dependent on the language used for programming.

Over recent years, there has been a constant increase in the number of network intrusions like ping flooding, smurf, data fragmentation, replay attacks, and IP spoofing attack. The recognition of computer attacks in the dynamics of the operation of systems of information can be signified based on parameter space analysis in accordance with the established rules and parameters identification (Sychugov et al., 2019). For the purposes of countering computer attacks by the systematic description of means and ways of information protection, it is crucial to implement based on the theory of pattern recognition, which mainly depends on the given computer objects that can easily be recognized and interpreted. Additionally, the authors sought to establish whether a given set of characteristics can serve as anomalies caused by the intrusion of unauthorized persons. Such features include repeated events, actions, inadequate network traffic parameters, sparse attributes of the functioning of the system ad unanticipated parameters within packets of the network.

As aforementioned, the multi-agent method used by the authors targeted problem solution by using several intelligent agents (robots). The authors applied the seven characteristics needed to detect network intrusion. First, the authors believed that having autonomy was crucial because of its ability to control self, regarding the actions and internal state. The second characteristic, which is cooperativity, is to work together in cooperation with other agents, exemplified by message sharing in a language that is common and popular with every agent. The third characteristic, a fast response is also essential. It is the ability to perceive an environment and communicate the findings in due and real-time.

The fourth one is proactivity, which generally means the ability to generate tasks and act rationally on them. The fifth characteristic is awareness, which essentially means the possession of permanent knowledge, operational knowledge, which can sometimes become false with time and unchangeable during the agent's activity. The sixth one, according to the authors, is the sense of purpose, which is the ability to plan actions with achievable goals being the target. Such goals must also be of the required states and situations. The last characteristic is rationality, which is to work soberly with the available resources and minimal time to achieve the set goals. The problems solved for the purposes of the formal description of mental notions include semantic and synaptic.

Knowledge formalism should have its semantic model and language for formal description. It is also expected to apply fuzzy logic to the explanation of the syntax. According to the authors' position, the logic should always be supplemented by the description methods used to aspects of temporal knowledge. It also applied to employ the dynamic nature of real-time characteristics in some cases. It implies that from the point of view of the familiarization of semantics, it is easier to interpret the symbolic structure with the help of the algorithms that correspond to them and data structures.

Additionally, the Sychugov et al. (2019) established that the architecture includes three levels, all of which depend on the agent's capabilities and each level having its features. The first level helps in maintaining an agent's ability to respond to the events that come from upper levels, no matter the planning. The planning level also executes, dynamically reconstructs partial plans, and generates mobile robots route. The third level simulates the behavior that is happening in the external environment and of the agent itself. The authors concluded that the third level could also be used for interpretation of observed behavior and prediction of possi...