With the rise of modern smartphones and the Internet of Things providing considerable computing power, the Internet is changing towards a bigger, more dynamic, and organic environment. However, not all changes are ben...
详细信息
With the rise of modern smartphones and the Internet of Things providing considerable computing power, the Internet is changing towards a bigger, more dynamic, and organic environment. However, not all changes are beneficial as new cyber-threats are emerging. This leads to the need for novel intrusiondetection and prevention systems safeguarding the increasing amount of vulnerable devices. In this article, we identify system requirements a state-of-the-art detection engine should fulfill and propose a conceptual blue print for an intelligent distributed IDS, which relies on well-known concepts from the organic computing community.
With the risk factor of network security continuously improving, firewalls, which once as a means of the most important safety precautions, can no longer satisfy people's demand for network security. As a compleme...
详细信息
With the risk factor of network security continuously improving, firewalls, which once as a means of the most important safety precautions, can no longer satisfy people's demand for network security. As a complement of the firewall, distributed intrusion detection system can effectively improve the security. This article describes the framework, the structure, the Working principle, the functional structure and the development status quo, the development trend and the algorithm design of distributed intrusion detection system, analyzes the data collection module operation of distributed intrusion detection system. As distributed intrusion detection system can prevent internal attacks, external attacks and disoperation, it plays a crucial role in the network security protection.
The advanced Metering Infrastructure (AMI) is one of the core components of smart grids' architecture. As AMI components are connected through mesh networks in a distributed mechanism, new vulnerabilities will be ...
详细信息
ISBN:
(纸本)9781467387347
The advanced Metering Infrastructure (AMI) is one of the core components of smart grids' architecture. As AMI components are connected through mesh networks in a distributed mechanism, new vulnerabilities will be exploited by grid's attackers who intentionally interfere with network's communication system and steal customer data. As a result, identifying distributed security solutions to maintain the confidentiality, integrity, and availability of AMI devices' traffic is an essential requirement that needs to be taken into account. This paper proposes a real-time distributed intrusion detection system (DIDS) for the AMI infrastructure that utilizes stream data mmmg techniques and a multi-layer implementation approach. Using unsupervised online clustering techniques, the anomaly-based DIDS monitors the data flow in the AMI and distinguish if there are anomalous traffics. By comparing between online and offline clustering techniques, the experimental results showed that online clustering "Mini-Batch K-means" were successfully able to suit the architecture requirements by giving high detection rate and low false positive rates.
Itrusion detection has become an important approach to solve the security problems. On the basis of analyzing the defects of the modern intrusiondetectionsystem and migrating with the technology of mobile agent, thi...
详细信息
ISBN:
(纸本)9780769536002
Itrusion detection has become an important approach to solve the security problems. On the basis of analyzing the defects of the modern intrusiondetectionsystem and migrating with the technology of mobile agent, this article proposes a distributed intrusion detection system model based on agents. The function of each module in the system and the advantage of the whole system are described in detail. The proposed model adopts the architecture which has no control server and realizes the distributeddetection and reaction really. Each component in the system independent and executes its junction. The model is an open system with good flexibility and expansibility, and the problem of a single point failure is solved completely. Finally,the implementation, evaluation and future works are presented.
An yeast is a new characteristic of Ipv6 and it has played an important role in many application fields. Therefore, in order to ensure that Anycast service can be performed in security and develop healthily this paper...
详细信息
ISBN:
(纸本)9781424436927
An yeast is a new characteristic of Ipv6 and it has played an important role in many application fields. Therefore, in order to ensure that Anycast service can be performed in security and develop healthily this paper has proposed a distributed intrusion detection system model based on Anycast service. This distributed intrusion detection system model effectively combines the host intrusiondetection and network intrusiondetection and improves the Anycast servers' ability to defend against intrusion attacks, and in the meanwhile it can also ensure that Anycast service can be performed in security.
The advanced Metering Infrastructure (AMI) is one of the core components of smart grids' architecture. As AMI components are connected through mesh networks in a distributed mechanism, new vulnerabilities will be ...
详细信息
ISBN:
(纸本)9781467387729
The advanced Metering Infrastructure (AMI) is one of the core components of smart grids' architecture. As AMI components are connected through mesh networks in a distributed mechanism, new vulnerabilities will be exploited by grid's attackers who intentionally interfere with network's communication system and steal customer data. As a result, identifying distributed security solutions to maintain the confidentiality, integrity, and availability of AMI devices' traffic is an essential requirement that needs to be taken into account. This paper proposes a real-time distributed intrusion detection system (DIDS) for the AMI infrastructure that utilizes stream data mining techniques and a multi-layer implementation approach. Using unsupervised online clustering techniques, the anomaly-based DIDS monitors the data flow in the AMI and distinguish if there are anomalous traffics. By comparing between online and offline clustering techniques, the experimental results showed that online clustering "Mini-Batch K-means" were successfully able to suit the architecture requirements by giving high detection rate and low false positive rates.
Nowadays, cloud computing becomes quite popular and a lot of research is done on services it provides. Most of security challenges induced by this new architecture are not yet tackled. In this work, we propose a new s...
详细信息
ISBN:
(纸本)9781479931972
Nowadays, cloud computing becomes quite popular and a lot of research is done on services it provides. Most of security challenges induced by this new architecture are not yet tackled. In this work, we propose a new security architecture, based on a massively distributed network of security solutions, to address these challenges. Current solutions, like IDS or firewalls, were not formerly designed to detect attacks that draw profit from the cloud structure. Our solution DISCUS is based on a distributed architecture using both physical and virtual probes, along with former security solutions (IDS and firewalls). This paper describes DISCUS SCRIPT, a dedicated language that provides an easy way to configure the components of our solution.
The research on distributed intrusion detection system (DIDS) is a rapidly growing area of interest because the existence of centralized intrusiondetectionsystem (IDS) is increasingly unfit for the current network c...
详细信息
ISBN:
(纸本)9781424420957
The research on distributed intrusion detection system (DIDS) is a rapidly growing area of interest because the existence of centralized intrusiondetectionsystem (IDS) is increasingly unfit for the current network circumstance. So we have designed a distributed intrusion detection system prototype, based on mobile agents. Our agents travel between systems in a network, obtain information, analyze and deal with correlative information and send alarm to the manager or user of the DIDS. Since the mobility of the intrusiondetection component, the system security and flexibility have been greatly improved, and also the defense capacity of the system is increased.
The research on distributed intrusion detection system (DIDS) is a rapidly growing area of interest because the existence of centralized intrusiondetectionsystem (IDS) is increasingly unfit for the current network c...
详细信息
The research on distributed intrusion detection system (DIDS) is a rapidly growing area of interest because the existence of centralized intrusiondetectionsystem (IDS) is increasingly unfit for the current network circumstance. So we have designed a distributed intrusion detection system prototype, based on mobile agents. Our agents travel between systems in a network, obtain information, analyze and deal with correlative information and send alarm to the manager or user of the DIDS. Since the mobility of the intrusiondetection component, the system security and flexibility have been greatly improved, and also the defense capacity of the system is increased.
Spanning tree protocol (STP) is a link layer protocol used for link management, prevention of loop formation etc. in the network. Although STP is widely used, it is still prone to many kinds of attacks that exploit th...
详细信息
ISBN:
(纸本)9781467301275
Spanning tree protocol (STP) is a link layer protocol used for link management, prevention of loop formation etc. in the network. Although STP is widely used, it is still prone to many kinds of attacks that exploit the lack of security features both in basic working process and STP packet format. By exploiting STP control packet an attacker can pretend to be the new root in STP domain and perform unauthorized activities that lead to root take-over attack, STP control packet flooding, traffic redirection and so on. In this paper, a coverage based distributed intrusion detection system (DIDS) has been introduced, for the detection of attacks on STP. The proposed scheme computes a set of switches in the network that can cover the STP network completely;where every switch belongs to that set is installed with a small module of IDS. This set of IDSs logically divides the STP network into a set of local zones. All the switches in a zone is directly connected to one switch installed with IDS and thus covered by at least one IDS in STP domain. Each IDS can detect and verify any exploit inside its local zone. Additionally IDSs communicate with each other so that any exploit outside the local zone of a particular IDS can also be detected and verified. The results show that the proposed DIDS approach can detect all the STP based attacks.
暂无评论