Framework for Distributed and Self-healing Hybrid Intrusion Detection and Prevention System
|
|
- Joleen Melton
- 8 years ago
- Views:
Transcription
1 Framework for Distributed and Self-healing Hybrid Detection and Prevention System Fauzia Idrees 1,2, Muttukrishnan Rajarajan 1, A.Y. Memon 2 1 School of Engineering and Mathematical Sciences, City University London, UK 2 National University of Sciences Technologies Karachi, Pakistan {Fauzia.Idrees.1, attaullah@pnec.edu.pk Abstract is a versatile security paradigm which can avert most of the computer and network related attacks, if efficiently employed. This paper presents a novel solution for and prevention of known and unknown network and cloud vulnerabilities. The proposed framework is an amalgamation of some of the existing state-ofthe-art intrusion and prevention technologies. The design of this novel system is adaptable with little customization by complicated networks, cloud, Voice over IP and Next Generation Networks in order to abate the versatile threat environments. Keywords and prevention; Cloud ; Classification; Clustering; Misuse and based. I. INTRODUCTION technology is gaining an indubitable appreciation after undergoing revolutionary changes. It has become the basic foundation of network security structure. Its primary role is to evaluate the information collected on a host or network points against the security policies, generate early warnings and responses thereafter to mitigate the intrusions. With the rapid developments and increasing reliance on computer and network technologies, the attack landscape has also expanded with new threat models to gain unauthorized access to lucrative resources and monetary benefits [1]. With the popularity of cloud, Voice over Internet Protocol (VoIP) and other bandwidth hungry applications, network speed and traffic have also tremendously increased alongside the security concerns to accommodate the performance challenges. The traditional Detection Systems (IDS) technology relying on the single approach is insufficient to fulfill the ever demanding requirements. New techniques are being exploited to make attack s efficient and effective [2] [3]. Still there is a dire need to have a compact intrusion and prevention system with all in one flavor to keep up with the network throughput and speed as well as to deal with the varying environments effectively. In this paper, we present the design of a multi-threaded distributed and prevention system with self-healing hybrid engines and Detection and Prevention Operation Centre (IDPOC). This framework uses NIDS and HIDS at distributed locations augmented with a central operation centre to monitor and coordinate their operations besides the individual and prevention capabilities. Two self-healing engines (misuse and anomaly based) are integrated in the system with multithreaded functionality to cope up with the throughput and speed bottlenecks. Our model consists of Snort and supervised and unsupervised classification and clustering stages based on Bayesian classification, Decision tree and Naïve Bayes algorithms. Different deployment scenarios including the cloud (IaaS, SaaS and PaaS) and VoIP are evaluated for the proof of concept. The rest of this paper is organized as follows: In section II related work is investigated. Sections III and IV present the proposed architecture, its components and suitable deployment scenarios respectively. Finally, section V concludes the work with the possible future work. II. LITERATURE REVIEW The earliest intrusion systems were performing two functions of data capture and analysis. Analysis part was based on signatures of known attacks [3] [4]. Later on anomaly based intrusion was introduced along with the prevention functionality to actively respond against the attacks rather passively monitoring of systems. Additionally, those architectures were centralized thereby relying on a single point of failure [5]. With the technology advancements, distributed IDS functionality was explored by various researchers [6] [9] [12] [13]. Different designed architectures have pros and cons while operating in their basic mode. However, researcher started integrating various methodologies to get best performance out of it. A comparative study on previously integrated solutions is presented in Table I. III. SYSTEM DESIGN The aim of proposed design is to develop a comprehensive and prevention model for accurate and fast intrusion mitigation at a par with the ever demanding network diversity and speed issues. A. Main Operations The idea behind this system design is to perform the and prevention operations on network and host machines efficiently and in a cooperative manner /13/$ IEEE 277 ICTC 2013
2 Ref Year Detection Detection Technique Time TABLE I. COMPARATIVE STUDY OF PREVIOUS APPROACHES Response Architecture Coverage Prevention Pros Cons This work 2013 Misuse Online Offline (Optional) Active Host Network Distributed Computers Networks Cloud VoIP NGN Hybrid, Distributed and optional nondistributed operations, Multithreaded processing for optimum speed and throughput, Versatile coverage scenarios, Real time and prevention functions. High computation cost which could be controlled with efficient implementation. [6] 2012 Misuse [7] 2012 Misuse [8] 2012 [9] 2012 [10] 2011 [11] 2011 [12] 2011 Misuse [13] 2010 Misuse [14] 2010 [15] 2010 Misuse [16] 2010 Misuse [17] 2009 [18] 2008 Misuse Online Active Host Networks VM Cloud Better accuracy of classifier Works only for Cloud. Offline Passive Network Networks Better accuracy of classifier Works only for network. Online Active Network Network Good of well-known anomaly based attacks Online Passive Distributed Cloud Fast computation due to multithreaded operations. P2P structure used to avoid single point of failure. Online Passive Host Networks Good accuracy of well-known Offline Passive VM Cloud Online Active Host Network t known Active Host Networks User s flexibility to choose between low and high security levels to control the speed and throughput. Works only for network. Misuse Works only for Cloud. Works only for Network. High Computation cost. Works only for Cloud. Management task increased due to monitoring of different security levels. Network Can detect many known attacks Detects only known Works only for IPv6 networks. Cannot detect unknown Networks Can detect known and unknown attacks with good accuracy Works only for Networks and and efficiently. may be hosts. Online Active Network Networks Performance not evaluated Detects only unknown Works only for cloud. Online Active Host Cloud Online Active VM Cloud Can detect many known attacks Cannot detect unknown Works only for cloud. Secures VM from DDoS attacks Detects only known prevention. Works only for cloud. Offline Passive Networks Networks Good accuracy for of unknown attacks Online Active Networks Networks Can detect known and unknown Slow anomaly. Works only for Networks. Slow and large data processing for anomaly. Works only for Networks. 278
3 Following functions are incorporated as a one box solution which makes this work unique:- Distributed IDPS. and misuse based s. Detection and prevention operations. Centralized and cooperative logistics. Customizable design for various environments. B. Proposed Architecture The architecture of proposed model is shown in Figure 1. It consists of three main components namely hybrid Network Detection Prevention System (NIDPS), hybrid Host Detection Prevention Systems (HIDPS) and a centralized Detection Prevention Operations Centre (IDPOC). Design of NIDPS and HIDPS are similar except the Multi-threading functionality introduced in NIDPS to efficiently process the large throughput and high speed network traffic. The engines of NIDPS and HIDPS are customized according to the specific threat domains of network and hosts. positioned on the critical machines/servers. Operations of NIDPS and HIDPS are supplemented by IDPOC, which coordinates with NIDPS and HIDPS for data logging, reporting, response and updating tasks. Each IDPS is integrated with SNORT based misuse engine and classification and clustering techniques based anomaly engine. Operations of individual IDPS are closely monitored, organized and upgraded with the help of a supervisor unit, which also communicates with the IDPOC for overall joint operations. Before elaborating the overall functionality of each of these components, the working methodologies of three common sub units of IDPS are discussed in the subsequent paragraphs. 1) Misuse Detection Engine: For misuse, we are using open source SNORT tool to distinguish between the suspicious and normal traffic. It analyses the network traffic for patterns matching with a library of known signatures called SNORT rules, which can be modified by a text editor. These rules are generalized and updated with the help of anomaly classifiers and clustering algorithms to extricate novel Using updated and generalized alert rules, intrusion would be fast and efficient. 2) Detection Engine: model consists of two stages of training and. In the training phase, the normal usage model is learnt by observing the normal traffic in a controlled environment. In the phase, the target data is compared with the learnt normal model to detect any deviations. It generates an alert if the observed events are out of threshold. In order to acquire the accurate classification and reduce the false positives, a layered scheme is developed. The architecture of proposed integrated classifier is shown in Figure 2. In first step, Decision Tree Algorithm is used to classify data as per anomalous attacks and other data. In the second layer, the unclassified data is further analyzed for the anomalous data with the help of Naïve Bayes technique. In the last step, Bayesian clustering is used to get advanced unknown Fig. 1. Architecture of proposed IDPS system. In this framework, NIDPS is to be deployed on perimeter network point in the DMZ zone, whereas HIDPSs are Fig. 2. Working model for engine. 3) Supervisor: Supervisors are local controller of each IDS which performs the reporting tasks and rule updating. It 279
4 also acts as a coordinator with the IDPOC for centralized reporting and updating operations. Whenever there is an alert generated from any of the engines, it is sent to the supervisor which will report to IDPOC for further requisite response in accordance to the nature of threat and policy guidelines. Consequently, the rules and signatures databases are also updated with the new threat patterns. C. NIDPS Architecture The NIDPS architecture is shown in Figure 3. It uses the multi-threading approach to sustain the speed and performance bottlenecks. The network traffic is captured and parsed into multiple threads for concurrent execution and sent to the queue handler. By adopting the concurrent executing threads the performance could be optimized in terms of latency and packet loss. The data packets from the queue handler are processed by the two engines against the available signatures and pre-defined normal behavior rule set. The normal data packets are forwarded for further processing and the detected alerts are sent to the supervisor unit for preparation of alert reports for subsequent forwarding to IDPOC. constantly upgrade their knowledge database in coordination with supervisor. HIDPS Internet Incoming Traffic based Alert Supervisor IDPOC NIDPS Internet Incoming Traffic Multi Threads Queue Handler based Run Fig. 3. Architecture of NIDPS. Alert Supervisor IDPOC D. HIDPS Architecture The HIDPS architecture is shown in Figure 4. It has same components as the NIDPS excluding the multi-threading and queue handler components. Its engines consist of customized signatures and rules specific to operating system and most common applications of host machines. These engines are designed with the self-healing feature to Run Fig. 4. Architecture of HIDPS. E. IDPOS Model IDPOS is a central management console used to collect the alerts data from supervisors and log them. It also compiles and sends reports to the administrator and users. IV. DEPLOYMENT SCENARIOS Recognizing the importance of IDS to fit the security needs of underlying network is the basic essence of information security. However, the efficiency of IDS depends on the deployment and configuration efficacy as per the needs of a particular network [9]. Accurate and proper IDS deployments will ensure the timely counter measures against the intrusions. Some of the possible deployment scenarios are discussed in subsequent paragraphs. A. Cloud Computing The advantages of cloud make it most wanted facility but due to its multi-tenant nature, security has been the biggest concern. Well-known cloud threats include abuse and nefarious use of cloud services, denial of service, shared technology related issues, insecure Interfaces and APIs, malicious insiders, data loss or leakage including insufficient authentication, authorization or audit controls, operational failures, and data center reliability, account and service hijacking, phishing, fraud, unknown risk profile and eavesdropping etc. These threats can, however, be surmounted with adequate security measures. The offered solution is depicted in Figure 5. It consists of NIDPS installed at the perimeter to monitor, detect, and alert on incoming traffic. Additionally, HIDPS are installed on individual hosts/hypervisors to monitor the hypervisor and traffic between the VMs on that hypervisor. In this deployment, appropriate filters are to be implemented to avoid 280
5 the overload of IDSs. IDPOS is processing the alerts from NIDPS and HIDPSs and generate the reports for the cloud provider and users (optional). This framework is workable for SaaS, PaaS and IaaS models of cloud. An additional layer of HIDPSs can be applied on individual VMs to monitor, detect and alert its activity. The proposed architecture can be custom installed to fit in the public, private or internal clouds scenarios. VoIP traffic is processed in VoIP rule engine. The engine compares with the legitimate behavior and looks for the deviations. It generates and sends the alerts to IDPOS for further analysis and countermeasure in case of finding intrusive activities. With multi- threading feature of IDS multiple calls can be monitored simultaneously with minimum processing delay to avoid the inherent issues of jitter and latency. VoIP clients VoIP clients IDPOS NIDPS PBX Gateway VoIP Serever Fig. 5. Deployment model for cloud. B. VoIP VoIP being a heterogeneous and real time application it is a bit challenging for the of malicious activities. Its use of multiple protocols (SIP, RTP, MGCP etc) for each call session and distributed operations (Servers, clients, gateways) make it different from other internet applications. VoIP specific attacks include Denial of Service, billing frauds, eavesdropping, session hijacking, registration hijacking, session tearing down, registration flooding, masquerading, buffer overflow and media stream-based A customized VoIP rule engine module based on stateful, cross-protocol, and VoIP specific signaling and media protocols (SIP and RTP) is proposed to detect the VoIP specific threats. The protocol based rules are generated from standard specifications of SIP and RTP defined in their respective RFCs and used to derive legitimate behavior of VoIP traffic. The normal behavior model is also trained on the session s legitimate transitions to cover the cross protocol states as well as the interactions. Once the legitimate behavior is built and the related attribute features are identified, this rule engine not only lowers the number of false alarms but is also capable of detecting unknown Our proposed architecture is shown in Figures 6 and 7 respectively for two typical VoIP configurations. The NIDPS are to be installed at intermediate nodes like servers, proxies or gateways and HIDPS at the vital clients (optional depending on the vulnerability of the client). The captured Analog Phones Fig. 6. Deployment model for Voice over IP. Fig. 7. Deployment model for Internet Telephony. 281
6 C. Organizational/ Ordinary Networks The IDS deployment in organizational networks is challenging not only due to the versatility of attacks and number of endpoint machines but also the diverse locations of these endpoints as well as the high throughput and the multirole nature. Organizations must deal with the issue of setting the IDS to capture relevant data only and block or ignore the intrusions [17]. Most common network related attacks include social engineering attacks, network sniffing, packet spoofing, session-hijacking Packet, cyber-threats bullying, automated probes and scans, distributed denial of attacks, industrial espionage, executable code attacks, DNS attacks, stealth scanning, remote access attacks, spams, trojan distribution, worms, botnet command and control attacks etc. One possible deployment scenario for typical organization network is shown in Figure 8. An organization with geographically diverse locations and multiple departments might need to deploy NIDS at each distinct location. An additional layer of HIDS might be added to sensitive points. Alerts from all the deployed systems are centrally administered by IDPOS. Figure 8. Deployment model for organizational networks. V. CONCLUSION systems form a necessary layer of a defense in-depth strategy and play a critical role in a comprehensive information protection program [9] [15]. In this paper, we proposed an integrated and hybrid IDPS solution comprising of NIDPS and HIDPS each with misuse and anomaly engines based on Snort, Bayesian classifier, Decision tree and Naïve Bayes techniques. The system is designed to detect known and unknown attacks in cloud, VoIP and standard networks as well as Next Generation Networks (NGN) with customized databases for each scenario. REFERENCES [1] A. Patcha, J. Park, An overview of anomaly techniques: existing solutions and latest technological trends, Int. J. Computer Networks, vol. 12, no. 51, pp , [2] R. Goel, A. Sardana, R. C. Joshi, Parallel misuse and anomaly model, Int. J. Network Security, vol. 14, no. 4, pp , July [3] C. Modi, D. Patel, B. Borisaniya, H. Patel, A. Patel and M. Rajarajan, A survey of intrusion techniques in cloud, Int. J. Network and Comp. Apps., 2012, pp [4] Y. K. Penya, P.G. Bringas, Integrating Network misuse and anomaly prevention, 6th IEEE Int. Conf. Ind. Informatics South Korea, 2008, pp [5] Xuedou Yu, A new model of intelligent hybrid network intrusion system, Int. Conf. Bioinformatics and Biomedical Tech. China, 2010, pp [6] N.M. Chirag, R.P. Dhiren, A. Patel, R. Muttukrishnan, Baysian classifier and Snort based Network Detection system in cloud, Third Int. Conf. Computing, Communication and Networking Tech., 2012, pp [7] H. Om, A. Kundu, A hybrid system for reducing the false alarm rate of anomaly intrusion system, 1st Int. Conf. Advances in Info. Tech., 2012, pp [8] N. Wattanapongsakorn, S. Srakaew, E. Wonghirunsombat, C. Sribavonmongkol, T. Junhom, P. Jongsubsook, C. Charnsripinyo, A Practical Network-based Detection and Prevention System, 11 th Int. Conf. Trust, Security and Privacy in Computing and Comm., 2012, pp [9] H.A. Kholidy, F. Baiardi, CIDS: A Framework for Detection in Cloud Systems, Int. J. Cloud Computing Services and Architecture, vol. 2, no. 6, 2012, pp [10] E.W.T. Ferreira, G.A. Carrijo, R. de Oliveira, N.V. de Souza, Detection System with wavelet and neural artificial network approach for network computers, IEEE Latin America Transactions, 2011, vol. 9,. 5, pp [11] Jun-Ho Lee, Min-Woo Park, Jung-Ho Eom, Tai-Myoung Chung, Multi-level Detection System and log management in Cloud Computing, 13th Int. Conf. on Advanced Communication Technology, 2011, pp [12] Ke Yun, Zhu Jian Mei, Research of Hybrid Detection and Prevention System for IPv6 Network, Int. Conf. on Digital Object Identifier, 2011, pp [13] D. Zhao, Q. Xu, Z. Feng, Research and Design for Detection System with Hybrid Detector and Apriori Algorithm, 2nd Int. Conf. on e-business and Information system security, 2010, pp [14] C. Mazzariello, R. Bifulco, R. Canonoco, Integrating a network IDS into an open source cloud, Sixth int. conf. information assurance and security (IAS), 2010, pp [15] A. Bakshi, B. Yogesh, Securing cloud from DDOS attacks using intrusion system in virtual machine, Second Int. Conf. Comm. software and networks, 2010, pp [16] H. Lu, J. Xu, Three-level Hybrid system, Int. Conf. Info. Engg. Comp. Science, 2009, pp [17] Y. K. Penva, P. G. Bringas, Integrating Network misuse and anomaly prevention, Sixth Int. Conf. Industrial Informatics, 2008, pp
Securing Cloud using Third Party Threaded IDS
Securing Cloud using Third Party Threaded IDS Madagani Rajeswari, Madhu babu Janjanam 1 Student, Dept. of CSE, Vasireddy Venkatadri Institute of Technology, Guntur, AP 2 Assistant Professor, Dept. of CSE,
More informationAn Alternative Model Of Virtualization Based Intrusion Detection System In Cloud Computing
An Alternative Model Of Virtualization Based Intrusion Detection System In Cloud Computing Partha Ghosh, Ria Ghosh, Ruma Dutta Abstract: The massive jumps in technology led to the expansion of Cloud Computing
More informationIDS / IPS. James E. Thiel S.W.A.T.
IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods
More informationTaxonomy of Intrusion Detection System
Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use
More informationIntegration Misuse and Anomaly Detection Techniques on Distributed Sensors
Integration Misuse and Anomaly Detection Techniques on Distributed Sensors Shih-Yi Tu Chung-Huang Yang Kouichi Sakurai Graduate Institute of Information and Computer Education, National Kaohsiung Normal
More informationHow To Protect A Network From Attack From A Hacker (Hbss)
Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment
More informationModule II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University
Module II. Internet Security Chapter 7 Intrusion Detection Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 7.1 Threats to Computer System 7.2 Process of Intrusions
More informationSecond-generation (GenII) honeypots
Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they
More informationSURVEY OF INTRUSION DETECTION SYSTEM
SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT
More informationComplete Protection against Evolving DDoS Threats
Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls... 3 Intrusion
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationSecure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks. Karnataka. www.ijreat.org
Secure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks Kruthika S G 1, VenkataRavana Nayak 2, Sunanda Allur 3 1, 2, 3 Department of Computer Science, Visvesvaraya Technological
More informationA Review of Anomaly Detection Techniques in Network Intrusion Detection System
A Review of Anomaly Detection Techniques in Network Intrusion Detection System Dr.D.V.S.S.Subrahmanyam Professor, Dept. of CSE, Sreyas Institute of Engineering & Technology, Hyderabad, India ABSTRACT:In
More informationGUJARAT TECHNOLOGICAL UNIVERSITY
GUJARAT TECHNOLOGICAL UNIVERSITY Seminar on Intrusion Detection for Hypervisor- Based Cloud Computing Infrastructure by Dr. Rajeev Agrawal, North Carolina A&T State University, USA GTU s PG Research Center
More informationArchitecture Overview
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
More informationIntrusion Detection/Prevention Systems in the Cloud. Joseph Johann ICTN6875. East Carolina University
Intrusion Detection/Prevention Systems in the Cloud Joseph Johann ICTN6875 East Carolina University Abstract With more and more organizations moving all or part of their infrastructures to the cloud it
More informationKeyword: Cloud computing, service model, deployment model, network layer security.
Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging
More informationSecurity Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)
Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security
More informationCS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013
CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationAnalyze & Classify Intrusions to Detect Selective Measures to Optimize Intrusions in Virtual Network
Analyze & Classify Intrusions to Detect Selective Measures to Optimize Intrusions in Virtual Network 1 T.Ganesh, 2 K.Santhi 1 M.Tech Student, Department of Computer Science and Engineering, SV Collge of
More informationWhite paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.
TrusGuard DPX: Complete Protection against Evolving DDoS Threats AhnLab, Inc. Table of Contents Introduction... 2 The Evolution of DDoS Attacks... 2 Typical Protection against DDoS Attacks... 3 Firewalls...
More informationCity Research Online. Permanent City Research Online URL: http://openaccess.city.ac.uk/1737/
Modi, C., Patel, D., Patel, H., Borisaniya, B., Patel, A. & Rajarajan, M. (2013). A survey of intrusion detection techniques in Cloud. Journal of Network and Computer Applications, 36(1), pp. 42-57. doi:
More informationVoice Over IP (VoIP) Denial of Service (DoS)
Introduction Voice Over IP (VoIP) Denial of Service (DoS) By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Denial of Service (DoS) is an issue for any IP network-based
More informationIntrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool
Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool Mukta Garg Assistant Professor, Advanced Educational Institutions, Palwal Abstract Today s society
More informationIntrusion Detection Systems
Intrusion Detection Systems Advanced Computer Networks 2007 Reinhard Wallner reinhard.wallner@student.tugraz.at Outline Introduction Types of IDS How works an IDS Attacks to IDS Intrusion Prevention Systems
More informationEnsuring Security in Cloud with Multi-Level IDS and Log Management System
Ensuring Security in Cloud with Multi-Level IDS and Log Management System 1 Prema Jain, 2 Ashwin Kumar PG Scholar, Mangalore Institute of Technology & Engineering, Moodbidri, Karnataka1, Assistant Professor,
More informationSHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper
SHARE THIS WHITEPAPER Top Selection Criteria for an Anti-DDoS Solution Whitepaper Table of Contents Top Selection Criteria for an Anti-DDoS Solution...3 DDoS Attack Coverage...3 Mitigation Technology...4
More informationVoice Over IP and Firewalls
Introduction Voice Over IP and Firewalls By Mark Collier Chief Technology Officer SecureLogix Corporation mark.collier@securelogix.com Use of Voice Over IP (VoIP) in enterprises is becoming more and more
More informationA Review on Network Intrusion Detection System Using Open Source Snort
, pp.61-70 http://dx.doi.org/10.14257/ijdta.2016.9.4.05 A Review on Network Intrusion Detection System Using Open Source Snort Sakshi Sharma and Manish Dixit Department of CSE& IT MITS Gwalior, India Sharmasakshi1009@gmail.com,
More informationDenial of Service attacks: analysis and countermeasures. Marek Ostaszewski
Denial of Service attacks: analysis and countermeasures Marek Ostaszewski DoS - Introduction Denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended
More informationNETWORK INTRUSION DETECTION SYSTEM USING HYBRID CLASSIFICATION MODEL
NETWORK INTRUSION DETECTION SYSTEM USING HYBRID CLASSIFICATION MODEL Prof. Santosh T. Waghmode 1, Prof. Vinod S. Wadne 2 Department of Computer Engineering, 1, 2 JSPM s Imperial College of Engineering
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More informationA Review on Intrusion Detection System to Protect Cloud Data
A Review on Intrusion Detection System to Protect Cloud Data Shivani Arora 1, Rajesh Kumar Bawa 2 M.Tech Student 1, Associate Professor 2 Department of Computer Science, Punjabi University Patiala 1, 2
More informationIJREAT International Journal of Research in Engineering & Advanced Technology, Volume 1, Issue 1, March, 2013 ISSN: 2320-8791 www.ijreat.
Intrusion Detection in Cloud for Smart Phones Namitha Jacob Department of Information Technology, SRM University, Chennai, India Abstract The popularity of smart phone is increasing day to day and the
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationIntrusion Detection Categories (note supplied by Steve Tonkovich of CAPTUS NETWORKS)
1 of 8 3/25/2005 9:45 AM Intrusion Detection Categories (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Intrusion Detection systems fall into two broad categories and a single new one. All categories
More informationRole of Anomaly IDS in Network
Role of Anomaly IDS in Network SumathyMurugan 1, Dr.M.Sundara Rajan 2 1 Asst. Prof, Department of Computer Science, Thiruthangal Nadar College, Chennai -51. 2 Asst. Prof, Department of Computer Science,
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationAn Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks
2011 International Conference on Network and Electronics Engineering IPCSIT vol.11 (2011) (2011) IACSIT Press, Singapore An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks Reyhaneh
More informationChapter 9 Firewalls and Intrusion Prevention Systems
Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish
More informationIntrusion Detection Systems
Intrusion Detection Systems Assessment of the operation and usefulness of informatics tools for the detection of on-going computer attacks André Matos Luís Machado Work Topics 1. Definition 2. Characteristics
More informationOverview - Snort Intrusion Detection System in Cloud Environment
International Journal of Information and Computation Technology. ISSN 0974-2239 Volume 4, Number 3 (2014), pp. 329-334 International Research Publications House http://www. irphouse.com /ijict.htm Overview
More informationIDS : Intrusion Detection System the Survey of Information Security
IDS : Intrusion Detection System the Survey of Information Security Sheetal Thakare 1, Pankaj Ingle 2, Dr. B.B. Meshram 3 1,2 Computer Technology Department, VJTI, Matunga,Mumbai 3 Head Of Computer TechnologyDepartment,
More informationIntrusion Detection System for Cloud Network Using FC-ANN Algorithm
Intrusion Detection System for Cloud Network Using FC-ANN Algorithm Swati Ramteke 1, Rajesh Dongare 2, Komal Ramteke 3 Student, Department of Information Technology, VIIT, Pune, India 1 Student, Department
More informationInternational Journal of Enterprise Computing and Business Systems ISSN (Online) : 2230-8849
WINDOWS-BASED APPLICATION AWARE NETWORK INTERCEPTOR Ms. Shalvi Dave [1], Mr. Jimit Mahadevia [2], Prof. Bhushan Trivedi [3] [1] Asst.Prof., MCA Department, IITE, Ahmedabad, INDIA [2] Chief Architect, Elitecore
More informationIntrusion Detection for Mobile Ad Hoc Networks
Intrusion Detection for Mobile Ad Hoc Networks Tom Chen SMU, Dept of Electrical Engineering tchen@engr.smu.edu http://www.engr.smu.edu/~tchen TC/Rockwell/5-20-04 SMU Engineering p. 1 Outline Security problems
More informationPerformance Evaluation of Intrusion Detection Systems
Performance Evaluation of Intrusion Detection Systems Waleed Farag & Sanwar Ali Department of Computer Science at Indiana University of Pennsylvania ABIT 2006 Outline Introduction: Intrusion Detection
More informationReal-time Network Monitoring and Security Platform for Securing Next-Generation Network. Assoc. Prof. Dr. Sureswaran Ramadass
Real-time Network Monitoring and Security Platform for Securing Next-Generation Network Assoc. Prof. Dr. Sureswaran Ramadass The platform Definition A description of a software framework that makes services
More informationOn-Premises DDoS Mitigation for the Enterprise
On-Premises DDoS Mitigation for the Enterprise FIRST LINE OF DEFENSE Pocket Guide The Challenge There is no doubt that cyber-attacks are growing in complexity and sophistication. As a result, a need has
More informationAdvancement in Virtualization Based Intrusion Detection System in Cloud Environment
Advancement in Virtualization Based Intrusion Detection System in Cloud Environment Jaimin K. Khatri IT Systems and Network Security GTU PG School, Ahmedabad, Gujarat, India Mr. Girish Khilari Senior Consultant,
More informationThe Cyber Threat Profiler
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationA Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.
A Brief Overview of VoIP Security By John McCarron Voice of Internet Protocol is the next generation telecommunications method. It allows to phone calls to be route over a data network thus saving money
More informationA Novel Approach for Evaluating and Detecting Low Rate SIP Flooding Attack
A Novel Approach for Evaluating and Detecting Low Rate SIP Flooding Attack Abhishek Kumar Department of Computer Science and Engineering-Information Security NITK Surathkal-575025, India Dr. P. Santhi
More informationRadware s Behavioral Server Cracking Protection
Radware s Behavioral Server Cracking Protection A DefensePro Whitepaper By Renaud Bidou Senior Security Specialist,Radware October 2007 www.radware.com Page - 2 - Table of Contents Abstract...3 Information
More informationIntroducing IBM s Advanced Threat Protection Platform
Introducing IBM s Advanced Threat Protection Platform Introducing IBM s Extensible Approach to Threat Prevention Paul Kaspian Senior Product Marketing Manager IBM Security Systems 1 IBM NDA 2012 Only IBM
More informationInternational Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research)
International Association of Scientific Innovation and Research (IASIR) (An Association Unifying the Sciences, Engineering, and Applied Research) ISSN (Print): 2279-0063 ISSN (Online): 2279-0071 International
More informationMODEL OF SOFTWARE AGENT FOR NETWORK SECURITY ANALYSIS
MODEL OF SOFTWARE AGENT FOR NETWORK SECURITY ANALYSIS Hristo Emilov Froloshki Department of telecommunications, Technical University of Sofia, 8 Kliment Ohridski st., 000, phone: +359 2 965 234, e-mail:
More informationData Mining For Intrusion Detection Systems. Monique Wooten. Professor Robila
Data Mining For Intrusion Detection Systems Monique Wooten Professor Robila December 15, 2008 Wooten 2 ABSTRACT The paper discusses the use of data mining techniques applied to intrusion detection systems.
More informationName. Description. Rationale
Complliiance Componentt Description DEEFFI INITION Network-Based Intrusion Detection Systems (NIDS) Network-Based Intrusion Detection Systems (NIDS) detect attacks by capturing and analyzing network traffic.
More informationCHAPTER 1 INTRODUCTION
21 CHAPTER 1 INTRODUCTION 1.1 PREAMBLE Wireless ad-hoc network is an autonomous system of wireless nodes connected by wireless links. Wireless ad-hoc network provides a communication over the shared wireless
More informationIntrusion Detection from Simple to Cloud
Intrusion Detection from Simple to Cloud ICTN 6865 601 December 7, 2015 Abstract Intrusion detection was used to detect security vulnerabilities for a long time. The methods used in intrusion detection
More informationBanking Security using Honeypot
Banking Security using Honeypot Sandeep Chaware D.J.Sanghvi College of Engineering, Mumbai smchaware@gmail.com Abstract New threats are constantly emerging to the security of organization s information
More informationIDPS: An Integrated Intrusion Handling Model for Cloud Computing Environment
IDPS: An Integrated Intrusion Handling Model for Cloud Computing Environment Hassen Mohammed Alsafi, Wafaa Mustafa Abduallah and Al-Sakib Khan Pathan Department of Computer Science Faculty of Information
More informationRecommended IP Telephony Architecture
Report Number: I332-009R-2006 Recommended IP Telephony Architecture Systems and Network Attack Center (SNAC) Updated: 1 May 2006 Version 1.0 SNAC.Guides@nsa.gov This Page Intentionally Left Blank ii Warnings
More informationMalware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Botnet Attacks
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Botnet Attacks R. Kannan Department of Computer Science Sri Ramakrishna Mission Vidyalaya College of Arts and Science Coimbatore,Tamilnadu,India.
More informationProtecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper
Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges
More informationWhite Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
More informationObservation and Findings
Chapter 6 Observation and Findings 6.1. Introduction This chapter discuss in detail about observation and findings based on survey performed. This research work is carried out in order to find out network
More informationSecure Software Programming and Vulnerability Analysis
Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview
More informationColumbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems
Columbia - Verizon Research Securing SIP: Scalable Mechanisms For Protecting SIP-Based Systems Henning Schulzrinne Eilon Yardeni Somdutt Patnaik Columbia University CS Department Gaston Ormazabal Verizon
More informationIntrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science
A Seminar report On Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org
More informationA TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS
ICTACT JOURNAL ON COMMUNICATION TECHNOLOGY, JUNE 2010, ISSUE: 02 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS S.Seetha 1 and P.Raviraj 2 Department of
More informationSIP Security Controllers. Product Overview
SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running
More informationThe Trivial Cisco IP Phones Compromise
Security analysis of the implications of deploying Cisco Systems SIP-based IP Phones model 7960 Ofir Arkin Founder The Sys-Security Group ofir@sys-security.com http://www.sys-security.com September 2002
More informationAn Inspection on Intrusion Detection and Prevention Mechanisms
An Inspection on Intrusion Detection and Prevention Mechanisms Kanagadurga Natarajan 1, Aarthi Sadagopan 2 1, 2 Computer Science and Engineering, A.V.C.College of Engineering, Mannampandal, TamilNadu,
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationHIDS and NIDS Hybrid Intrusion Detection System Model Design Zhenqi Wang 1, a, Dankai Zhang 1,b
Advanced Engineering Forum Online: 2012-09-26 ISSN: 2234-991X, Vols. 6-7, pp 991-994 doi:10.4028/www.scientific.net/aef.6-7.991 2012 Trans Tech Publications, Switzerland HIDS and NIDS Hybrid Intrusion
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationSecure Cloud-Ready Data Centers Juniper Networks
Secure Cloud-Ready Data Centers Juniper Networks JUNIPER SECURITY LEADERSHIP A $1B BUSINESS Market Leadership Data Center with High- End Firewall #1 at 42% Secure Mobility with SSL VPN #1 at 25% Security
More informationA SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM
A SURVEY ON GENETIC ALGORITHM FOR INTRUSION DETECTION SYSTEM MS. DIMPI K PATEL Department of Computer Science and Engineering, Hasmukh Goswami college of Engineering, Ahmedabad, Gujarat ABSTRACT The Internet
More informationDDoS Protection Technology White Paper
DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing Ragib Hasan Johns Hopkins University en.600.412 Spring 2010 Lecture 2 02/01/2010 Threats, vulnerabilities, and enemies Goal Learn the cloud computing threat model
More informationIDS Categories. Sensor Types Host-based (HIDS) sensors collect data from hosts for
Intrusion Detection Intrusion Detection Security Intrusion: a security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts
More informationTHE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS
THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two
More informationDevelopment of a Network Intrusion Detection System
Development of a Network Intrusion Detection System (I): Agent-based Design (FLC1) (ii): Detection Algorithm (FLC2) Supervisor: Dr. Korris Chung Please visit my personal homepage www.comp.polyu.edu.hk/~cskchung/fyp04-05/
More informationCloud Database Storage Model by Using Key-as-a-Service (KaaS)
www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 7 July 2015, Page No. 13284-13288 Cloud Database Storage Model by Using Key-as-a-Service (KaaS) J.Sivaiah
More informationThreat Center. Real-time multi-level threat detection, analysis, and automated remediation
Threat Center Real-time multi-level threat detection, analysis, and automated remediation Description Advanced targeted and persistent threats can easily evade standard security, software vulnerabilities
More informationIPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region
IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express
More informationVOICE OVER IP SECURITY
VOICE OVER IP SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationDeployment of Snort IDS in SIP based VoIP environments
Deployment of Snort IDS in SIP based VoIP environments Jiří Markl, Jaroslav Dočkal Jaroslav.Dockal@unob.cz K-209 Univerzita obrany Kounicova 65, 612 00 Brno Czech Republic Abstract This paper describes
More informationAshok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram.
Protection of Vulnerable Virtual machines from being compromised as zombies during DDoS attacks using a multi-phase distributed vulnerability detection & counter-attack framework Ashok Kumar Gonela MTech
More informationNETWORK SECURITY (W/LAB) Course Syllabus
6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 NETWORK SECURITY (W/LAB) Course Syllabus Course Number: NTWK-0008 OHLAP Credit: Yes OCAS Code: 8131 Course Length: 130 Hours Career Cluster: Information
More informationCustomized Data Exchange Gateway (DEG) for Automated File Exchange across Networks
Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks *Abhishek Vora B. Lakshmi C.V. Srinivas National Remote Sensing Center (NRSC), Indian Space Research Organization (ISRO),
More informationNetwork Security. Chapter 9. Attack prevention, detection and response. Attack Prevention. Part I: Attack Prevention
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Part I: Attack Prevention Network Security Chapter 9 Attack prevention, detection and response Part Part I:
More informationINTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad
INTRUSION DETECTION SYSTEM (IDS) by Kilausuria Abdullah (GCIH) Cyberspace Security Lab, MIMOS Berhad OUTLINE Security incident Attack scenario Intrusion detection system Issues and challenges Conclusion
More informationCisco RSA Announcement Update
Cisco RSA Announcement Update May 7, 2009 Presented by: WWT and Cisco Agenda Cisco RSA Conference Announcements Collaborate with Confidence Overview Cisco s Security Technology Differentiation Review of
More informationHow To Prevent Network Attacks
Ali A. Ghorbani Wei Lu Mahbod Tavallaee Network Intrusion Detection and Prevention Concepts and Techniques )Spri inger Contents 1 Network Attacks 1 1.1 Attack Taxonomies 2 1.2 Probes 4 1.2.1 IPSweep and
More informationWhite Paper. avaya.com 1. Table of Contents. Starting Points
White Paper Session Initiation Protocol Trunking - enabling new collaboration and helping keep the network safe with an Enterprise Session Border Controller Table of Contents Executive Summary...1 Starting
More information