Ensemble Defense System: Combining Signature-based and Behavioral-based Intrusion Detection Tools

Abstract

Cyber attacks are becoming increasingly sophisticated, which poses significant challenges for organizations in detecting and preventing these attacks. Implementing robust defense mechanisms that can detect, prevent, and respond to these threats and attacks is crucial. In this thesis, we design, develop, and evaluate a novel Ensemble Defense System (EDS), addressing the critical need for advanced defense systems. The EDS combines the capabilities of Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) to provide an effective defense against cyber threats. The EDS incorporates hybrid-based IDS technologies, leveraging the strengths of signature-based IDS tools like Zeek and Suricata and behavioral-based IDS tools like Slips. By utilizing hybrid-based IDS, the EDS provides a more effective system for countering cyber threats. Moreover, the EDS integrates open-source SIEM, specifically Elasticsearch, to provide data management and analysis capabilities and create user-friendly visualization. The effectiveness of the EDS has been evaluated through a designed bash script that performs several attacks, such as port scanning, privilege escalation, and Denial-of-Service (DoS). This research contributes to better cybersecurity by introducing an EDS that can detect various cyber attacks.