This paper proposes a scheme for the design and implementation of a new security architecture for protecting exposed intranets or groups of computers in a network from malicious attacks. The proposed scheme presents a...
详细信息
ISBN:
(纸本)9781424453641
This paper proposes a scheme for the design and implementation of a new security architecture for protecting exposed intranets or groups of computers in a network from malicious attacks. The proposed scheme presents an approach of building a distributed intrusion detection system for a network by using the network based intrusiondetectionsystem sensors at several places in the network and then communicating the alert information generated by the network intrusiondetectionsystem sensors to all the hosts present in the network for a dynamic policy update. The dynamic policy is updated using the iptables for linux hosts and for windows hosts the policy update is carried out using a new windows firewall application that has been developed.
Nowadays, cloud computing becomes quite popular and a lot of research is done on services it provides. Most of security challenges induced by this new architecture are not yet tackled. In this work, we propose a new s...
详细信息
ISBN:
(纸本)9781479931972
Nowadays, cloud computing becomes quite popular and a lot of research is done on services it provides. Most of security challenges induced by this new architecture are not yet tackled. In this work, we propose a new security architecture, based on a massively distributed network of security solutions, to address these challenges. Current solutions, like IDS or firewalls, were not formerly designed to detect attacks that draw profit from the cloud structure. Our solution DISCUS is based on a distributed architecture using both physical and virtual probes, along with former security solutions (IDS and firewalls). This paper describes DISCUS SCRIPT, a dedicated language that provides an easy way to configure the components of our solution.
This paper describes the design and research of intrusiondetection rules in the distributed intrusion detection system which is based on agent. The hierarchical framework model based on intelligent agents is proved i...
详细信息
ISBN:
(纸本)9781424420957
This paper describes the design and research of intrusiondetection rules in the distributed intrusion detection system which is based on agent. The hierarchical framework model based on intelligent agents is proved in the distribute intrusionsystem. The model involves three kinds of intelligent agents: A type agent, B type agent and C type agent which have different task. The definition and analysis of intrusion rules in the agent is discussed. This article also studies how to use the XML to design the system data and intrusiondetection rules. The definition and transportation of four kings of data called XML protocol data, XML control information, XML intrusiondetection rules and XML intrusion response in the agent is presented. The IAP and SSL are used to solve the safety of XML data transported between two agents in the system.
The advanced Metering Infrastructure (AMI) is one of the core components of smart grids' architecture. As AMI components are connected through mesh networks in a distributed mechanism, new vulnerabilities will be ...
详细信息
ISBN:
(纸本)9781467387729
The advanced Metering Infrastructure (AMI) is one of the core components of smart grids' architecture. As AMI components are connected through mesh networks in a distributed mechanism, new vulnerabilities will be exploited by grid's attackers who intentionally interfere with network's communication system and steal customer data. As a result, identifying distributed security solutions to maintain the confidentiality, integrity, and availability of AMI devices' traffic is an essential requirement that needs to be taken into account. This paper proposes a real-time distributed intrusion detection system (DIDS) for the AMI infrastructure that utilizes stream data mining techniques and a multi-layer implementation approach. Using unsupervised online clustering techniques, the anomaly-based DIDS monitors the data flow in the AMI and distinguish if there are anomalous traffics. By comparing between online and offline clustering techniques, the experimental results showed that online clustering "Mini-Batch K-means" were successfully able to suit the architecture requirements by giving high detection rate and low false positive rates.
With the rise of modern smartphones and the Internet of Things providing considerable computing power, the Internet is changing towards a bigger, more dynamic, and organic environment. However, not all changes are ben...
详细信息
With the rise of modern smartphones and the Internet of Things providing considerable computing power, the Internet is changing towards a bigger, more dynamic, and organic environment. However, not all changes are beneficial as new cyber-threats are emerging. This leads to the need for novel intrusiondetection and prevention systems safeguarding the increasing amount of vulnerable devices. In this article, we identify system requirements a state-of-the-art detection engine should fulfill and propose a conceptual blue print for an intelligent distributed IDS, which relies on well-known concepts from the organic computing community.
Spanning tree protocol (STP) is a link layer protocol used for link management, prevention of loop formation etc. in the network. Although STP is widely used, it is still prone to many kinds of attacks that exploit th...
详细信息
ISBN:
(纸本)9781467301275
Spanning tree protocol (STP) is a link layer protocol used for link management, prevention of loop formation etc. in the network. Although STP is widely used, it is still prone to many kinds of attacks that exploit the lack of security features both in basic working process and STP packet format. By exploiting STP control packet an attacker can pretend to be the new root in STP domain and perform unauthorized activities that lead to root take-over attack, STP control packet flooding, traffic redirection and so on. In this paper, a coverage based distributed intrusion detection system (DIDS) has been introduced, for the detection of attacks on STP. The proposed scheme computes a set of switches in the network that can cover the STP network completely;where every switch belongs to that set is installed with a small module of IDS. This set of IDSs logically divides the STP network into a set of local zones. All the switches in a zone is directly connected to one switch installed with IDS and thus covered by at least one IDS in STP domain. Each IDS can detect and verify any exploit inside its local zone. Additionally IDSs communicate with each other so that any exploit outside the local zone of a particular IDS can also be detected and verified. The results show that the proposed DIDS approach can detect all the STP based attacks.
This paper describes the design and research of intrusiondetection rules in the distributed intrusion detection system which is based on agent. The hierarchical framework model based on intelligent agents is proved i...
详细信息
This paper describes the design and research of intrusiondetection rules in the distributed intrusion detection system which is based on agent. The hierarchical framework model based on intelligent agents is proved in the distribute intrusionsystem. The model involves three kinds of intelligent agents: A type agent, B type agent and C type agent which have different task. The definition and analysis of intrusion rules in the agent is discussed. This article also studies how to use the XML to design the system data and intrusiondetection rules. The definition and transportation of four kings of data called XML protocol data, XML control information, XML intrusiondetection rules and XML intrusion response in the agent is presented. The IAP and SSL are used to solve the safety of XML data transported between two agents in the system.
This paper presents a new Mobile Agent distributed IDS (MADIDS) system basing on the mobile agents. This system is specifically designed for WAN, In MADIDS, the agents that are set at each node process the data transf...
详细信息
This paper presents a new Mobile Agent distributed IDS (MADIDS) system basing on the mobile agents. This system is specifically designed for WAN, In MADIDS, the agents that are set at each node process the data transfer by distributed computation architecture. It has the ability of intrusiondetection within the entire network and has good portability. The consumption of the network and servers' resources is not high, which means the possibility of network bottleneck is decreased. In this paper, we construct the infrastructure and theoretical model of MADIDS, and the deficiencies of MADIDS and future research work are also indicated.
暂无评论