A Reliable and Scalable Classification-Based Hybrid IPS

Intrusion Prevention Systems (IPS) are considered essential components that need to assure the reliability of information security. In terms of information security, incrementing the intrusion detection rate on anomaly attacks and decreasing the high false positive rate has been the two major concerns for every sysadmin. The huge amount of logs generated by different assets in the network are not always capable to be correlated and reviewed to determine possible security breaches. We implemented a new reliable and scalable classification-based hybrid IPS that can easily manage the processing of all the authentication log information of different IPSs in the network. This enhanced framework can determine in a more precise manner if a communication can be considered legitimate or an intrusion. This classification method increases the intrusion detection rate and decreases the false positive rate. Our main objective in this paper is to enforce redundancy on different modules of the framework. Our results show that a framework with these features can be easily deployed in networks to ensure reliable security.