Advocating for Hybrid Intrusion Detection Prevention System and Framework Improvement

The network systems of the world are fragile, and can come under attack from any source. The attack can be a denial-of-service (DoS) state or another type of threat. What keep the networks safe are the intrusion detection and prevention systems (IDPS). They constantly monitor network traffic and if a malicious threat is detected, the threat is blocked and reported for further analysis. However, every defensive system must always have some type of weakness. False negatives and false positives are some examples of how IDPS can fail to protect the network. In another instance, a skilled attacker may employ Direct Kernel Object Modification (DKOM) to trick the IDPS into detecting no malicious activities. The IDPS is strong, yet not strong enough. This paper presents a hybrid solution that incorporates both signature and anomaly based systems to detect and prevent more malicious attacks by intensifying what is cataloged to include common anomalies to the baselines used by the signature based systems. We also propose an improvement in the framework to current Host IDPS/Network using signature and anomaly based methodologies by implementing a hybrid VMM-based Honeypot into a theorized self-healing hybrid IDPS to further boost their advantages in efficiency and accuracy.