Based on analysis of relative and absolute traffic anomalies a fully DIDS(distributed intrusion detection system) is built to detect and respond flooding DoS(Denial of Service) in a specific network area, using traffi...
详细信息
ISBN:
(纸本)9780878492459
Based on analysis of relative and absolute traffic anomalies a fully DIDS(distributed intrusion detection system) is built to detect and respond flooding DoS(Denial of Service) in a specific network area, using traffic trees as data structure to store, execute, communicate and combine abnormal data. A single component settled in a network element is called Tree-Devices and all Tree-Devices construct a Tree-DIDS, a fully DIDS. Tree-Devices communicate with other devices in three ways and collaborate to detect attacks, by which communication cost is reduced. Fully architecture avoids the single point failure, while double anomalies help to warn earlier. The simulation results and performance analysis show that Tree-DIDS works effectively.
This paper introduces the existing distributedintrusiondetection technology and points out the disadvantages of the traditional intrusiondetectionsystem. A distributed intrusion detection system based on self-simi...
详细信息
ISBN:
(纸本)9781424452729
This paper introduces the existing distributedintrusiondetection technology and points out the disadvantages of the traditional intrusiondetectionsystem. A distributed intrusion detection system based on self-similar traffic is designed and the specific implementation of all parts is presented. In the analysis system, an anomaly detection engine is added before the misuse detection engine. The authors design an anomaly detection engine based on self-similar traffic model. Then we optimize the evaluation of Hurst parameter and its value scope based-on time-domain analysis. These improvements can effectively detect unknown intrusion after filtering the normal network traffic.
This paper proposes a scheme for the design and implementation of a new security architecture for protecting exposed intranets or groups of computers in a network from malicious attacks. The proposed scheme presents a...
详细信息
ISBN:
(纸本)9781424453641
This paper proposes a scheme for the design and implementation of a new security architecture for protecting exposed intranets or groups of computers in a network from malicious attacks. The proposed scheme presents an approach of building a distributed intrusion detection system for a network by using the network based intrusiondetectionsystem sensors at several places in the network and then communicating the alert information generated by the network intrusiondetectionsystem sensors to all the hosts present in the network for a dynamic policy update. The dynamic policy is updated using the iptables for linux hosts and for windows hosts the policy update is carried out using a new windows firewall application that has been developed.
This paper describes the design and research of intrusiondetection rules in the distributed intrusion detection system which is based on agent. The hierarchical framework model based on intelligent agents is proved i...
详细信息
ISBN:
(纸本)9781424420957
This paper describes the design and research of intrusiondetection rules in the distributed intrusion detection system which is based on agent. The hierarchical framework model based on intelligent agents is proved in the distribute intrusionsystem. The model involves three kinds of intelligent agents: A type agent, B type agent and C type agent which have different task. The definition and analysis of intrusion rules in the agent is discussed. This article also studies how to use the XML to design the system data and intrusiondetection rules. The definition and transportation of four kings of data called XML protocol data, XML control information, XML intrusiondetection rules and XML intrusion response in the agent is presented. The IAP and SSL are used to solve the safety of XML data transported between two agents in the system.
This paper describes the design and research of intrusiondetection rules in the distributed intrusion detection system which is based on agent. The hierarchical framework model based on intelligent agents is proved i...
详细信息
This paper describes the design and research of intrusiondetection rules in the distributed intrusion detection system which is based on agent. The hierarchical framework model based on intelligent agents is proved in the distribute intrusionsystem. The model involves three kinds of intelligent agents: A type agent, B type agent and C type agent which have different task. The definition and analysis of intrusion rules in the agent is discussed. This article also studies how to use the XML to design the system data and intrusiondetection rules. The definition and transportation of four kings of data called XML protocol data, XML control information, XML intrusiondetection rules and XML intrusion response in the agent is presented. The IAP and SSL are used to solve the safety of XML data transported between two agents in the system.
Traditional intrusiondetectionsystem (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent di...
详细信息
Traditional intrusiondetectionsystem (IDS) based on hosts or networks no longer meets the security requirements in today's network environment due to the increasing complexity and distributivity. A multi-agent distributed IDS model, enhanced with a method of computing its statistical values of performance is presented. This model can accomplish not only distributed information collection, but also distributedintrusiondetection and real-time reaction. Owing to prompt reaction and openness, it can detect intrusion behavior of both known and unknown sources. According to preliminary tests, the accuracy ratio of intrusiondetection is higher than 92% on the average.
While a firewall installed at the perimeter of a local network provides the first line of defense against the hackers, many intrusion incidents are the results of successful penetration of the firewalls. One computer&...
详细信息
ISBN:
(纸本)0819457973
While a firewall installed at the perimeter of a local network provides the first line of defense against the hackers, many intrusion incidents are the results of successful penetration of the firewalls. One computer's compromise often put the entire network at risk. In this paper, we propose an IDS that provides a finer control over the internal network. The system focuses on the variations of connection-based behavior of each single computer, and uses a weighted link graph to visualize the overall traffic abnormalities. The functionality of our system is of a distributed personal IDS system that also provides a centralized traffic analysis by graphical visualization. We use a novel weight assignment schema for the local detection within each end agent. The local abnormalities are quantitatively carried out by the node weight and link weight and further sent to the central analyzer to build the weighted link graph. Thus, we distribute the burden of traffic processing and visualization to each agent and make it more efficient for the overall intrusiondetection. As the LANs are more vulnerable to inside attacks, our system is designed as a reinforcement to prevent corruption from the inside.
This paper presents a new Mobile Agent distributed IDS (MADIDS) system basing on the mobile agents. This system is specifically designed for WAN, In MADIDS, the agents that are set at each node process the data transf...
详细信息
This paper presents a new Mobile Agent distributed IDS (MADIDS) system basing on the mobile agents. This system is specifically designed for WAN, In MADIDS, the agents that are set at each node process the data transfer by distributed computation architecture. It has the ability of intrusiondetection within the entire network and has good portability. The consumption of the network and servers' resources is not high, which means the possibility of network bottleneck is decreased. In this paper, we construct the infrastructure and theoretical model of MADIDS, and the deficiencies of MADIDS and future research work are also indicated.
暂无评论