An overview to Software Architecture in Intrusion Detection System



Similar documents
A Review of Anomaly Detection Techniques in Network Intrusion Detection System

A Process View on Architecture-Based Software Development

A Review on Network Intrusion Detection System Using Open Source Snort

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS

Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks

Data Mining For Intrusion Detection Systems. Monique Wooten. Professor Robila

A NOVEL OVERLAY IDS FOR WIRELESS SENSOR NETWORKS

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Structuring Product-lines: A Layered Architectural Style

Intrusion Detection: Game Theory, Stochastic Processes and Data Mining

Ensuring Security in Cloud with Multi-Level IDS and Log Management System

CHAPTER 4: PATTERNS AND STYLES IN SOFTWARE ARCHITECTURE

SURVEY OF INTRUSION DETECTION SYSTEM

A Secure Intrusion detection system against DDOS attack in Wireless Mobile Ad-hoc Network Abstract

An Alternative Model Of Virtualization Based Intrusion Detection System In Cloud Computing

Two State Intrusion Detection System Against DDos Attack in Wireless Network

Problems of Security in Ad Hoc Sensor Network

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

LOAD BALANCING AS A STRATEGY LEARNING TASK

Second-generation (GenII) honeypots

Design and Develop an Intrusion Detection System Using Component Based Software Design

Observation and Findings

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Intrusion Detection. Tianen Liu. May 22, paper will look at different kinds of intrusion detection systems, different ways of

HYBRID INTRUSION DETECTION FOR CLUSTER BASED WIRELESS SENSOR NETWORK

Network packet payload analysis for intrusion detection

Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System

AN EFFICIENT LOAD BALANCING ALGORITHM FOR A DISTRIBUTED COMPUTER SYSTEM. Dr. T.Ravichandran, B.E (ECE), M.E(CSE), Ph.D., MISTE.,

A Catechistic Method for Traffic Pattern Discovery in MANET

How To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme

A solution for comprehensive network security

An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks

Speedy Signature Based Intrusion Detection System Using Finite State Machine and Hashing Techniques

Firewalls and IDS. Sumitha Bhandarkar James Esslinger

Ashok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram.

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus

Open Source Software: How Can Design Metrics Facilitate Architecture Recovery?

On Building Secure SCADA Systems using Security Patterns. Outline

Weighted Total Mark. Weighted Exam Mark

A methodology for secure software design

Implementation of a Lightweight Service Advertisement and Discovery Protocol for Mobile Ad hoc Networks

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool

Excerpts from Chapter 4, Architectural Modeling -- UML for Mere Mortals by Eric J. Naiburg and Robert A. Maksimchuk

Intrusion Detection Systems with Correlation Capabilities

CSCE 465 Computer & Network Security

Introduction. Observation Patterns. Accounting Patterns. How to use Patterns

Thwarting Selective Insider Jamming Attacks in Wireless Network by Delaying Real Time Packet Classification

Security Infrastructure for Trusted Offloading in Mobile Cloud Computing

Robust Quick String Matching Algorithm for Network Security

Taxonomy of Intrusion Detection System

Intrusion Detection for Grid and Cloud Computing

Software Adaptation Patterns for Service-Oriented Architectures

Intrusion Detection in AlienVault

Network Security Administrator

Component-based Development Process and Component Lifecycle Ivica Crnkovic 1, Stig Larsson 2, Michel Chaudron 3

Securing Cloud using Third Party Threaded IDS

Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor

Implementation of a Department Local Area Network Management System

Deployment Pattern. Youngsu Son 1,JiwonKim 2, DongukKim 3, Jinho Jang 4

Web Forensic Evidence of SQL Injection Analysis

Introduction to Cyber Security / Information Security

Intrusion Detection from Simple to Cloud

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Knowledge-based Approach in Information Systems Life Cycle and Information Systems Architecture

Dynamic Rule Based Traffic Analysis in NIDS

Networking for Caribbean Development

Wireless Sensor Network: Challenges, Issues and Research

Firewall and VPN Investigation on Cloud Computing Performance

Architecture Definitions

Intrusion Detection Systems

Network Security Using Hybrid Port Knocking

Detection and mitigation of Web Services Attacks using Markov Model

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

STUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS

Preventing Resource Exhaustion Attacks in Ad Hoc Networks

Hyper Node Torus: A New Interconnection Network for High Speed Packet Processors

An Empirical Approach - Distributed Mobility Management for Target Tracking in MANETs

Extensible Network Configuration and Communication Framework

Integration Misuse and Anomaly Detection Techniques on Distributed Sensors

ENHANCED HYBRID FRAMEWORK OF RELIABILITY ANALYSIS FOR SAFETY CRITICAL NETWORK INFRASTRUCTURE

Securing the Intelligent Network

Securing MANET Using Diffie Hellman Digital Signature Scheme

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

CNA 432/532 OSI Layers Security

Keywords - Intrusion Detection System, Intrusion Prevention System, Artificial Neural Network, Multi Layer Perceptron, SYN_FLOOD, PING_FLOOD, JPCap

Preprocessing Web Logs for Web Intrusion Detection

Transcription:

An overview to Software Architecture in Intrusion Detection System * Mehdi Bahrami 1, Mohammad Bahrami 2 Department of Computer Engineering, I.A.U., Booshehr Branch, Iran Bahrami 1 ;Shayan 2 @LianPro.com Abstract. Today by growing network systems, security is a key feature of each network infrastructure. Network Intrusion Detection Systems (IDS) provide defense model for all security threats which are harmful to any network. The IDS could detect and block attack-related network traffic. The network control is a complex model. Implementation of an IDS could make delay in the network. Several software-based network intrusion detection systems are developed. However, the model has a problem with high speed traffic. This paper reviews of many type of software architecture in intrusion detection systems and describes the design and implementation of a high-performance network intrusion detection system that combines the use of software-based network intrusion detection sensors and a network processor board. The network processor which is a hardware-based model could acts as a customized load balancing splitter. This model cooperates with a set of modified content-based network intrusion detection sensors rather than IDS in processing network traffic and controls the high-speed. Keywords: Intrusion Detection systems, Software Architecture, IDS, Network 1. Introduction In this decade the Internet has experienced an explosive growth. Growing the network adds new services through Internet. These new services, add impact of security attacks [2]. Several algorithms and software systems are developed to protect network and systems from all attacks [4]. These services are provided through operating systems, software applications, such as: Antivirus, Firewall, Anti Spams and etc. Intrusion Detection Systems (IDS) [3] are provided from around two decades ago, starting in 1980 with the publication of John Anderson s Computer Security Threat Monitoring and Surveillance [1]. Another paper, An Intrusion Detection Model, published in 1987 which was provided a methodological framework and was useful for commercial products [1]. Several commercial investments are emerges for developing IDS such as [5, 6]. However, technology was limited to provide a cost-effective model. In this decade, several algorithms [7, 8] for encryption, decryption, public key exchange, secure socket layer, digital signature are developed. These algorithms help to improve IDS technology as well. In [1], John McHugh et. al. compared an attack sophistication versus intruder technical knowledge which is shown in the figure 1. 1

Figure 1. Attack sophistication versus intruder technical knowledge [1] This chart, shows the complex model emerges through years and shows the simple model could not maintenance safety for a system. To provide a safe model we need complex model which could use knowledge based model, such as data mining on the network protocols. For example, Lee et. al. in [2] provide a framework for constructing features and models for IDS. This model is shown in figure 2. The model provides a data mining audit data framework for automated models in intrusion detection systems. Data mining allows the IDS to discover threat on the network. 2

Figure 2. MADAM ID [2] IDS could provide through software-based or hardware-based. The hardware-based could be provided through network connection and control over the network. The important part of network IDS or NIDS is far away from Operating Systems and other software applications. This segmentation allows NIDS works on without any conflict with software layer in a computer device. 2. Software Architecture Software architecture provides a view of software components, connection between each component[26] and high-level design of software applications. However, different definitions of software architecture available [12-24] or for distributed system in [25], the following are a few of the most cited definition of software architecture: Bass, Clements, and Kazman, 1998: The software architecture of a program or computing system is the structure or structures of the system, which comprise software components, the externally visible properties of those components, and the relationships among them. By externally visible properties, we are referring to those assumptions other components can make of a component, such as its provided services, performance characteristics, fault handling, shared resource usage, and so on[9]. Garlan and Perry, 1995: The structure of the components of a program/system, their interrelationships, and principles and guidelines governing their design and evolution over time [10]. Garlan and Shaw, 1993:...beyond the algorithms and data structures of the computation [11]; Simple software architecture that shows important components of an IDS is shown in the figure 2. 3

Network Traffic TCP Dump (Packet Render) Pre Data Packet Analysis Intrusion Detection Training Correct False Detection Progress Decision Making Database or Knowledgebase Figure 3. IDS software architecture overview 3. Cluster software architecture for IDS Some other IDS model emerges for using IDS on the cluster of networks. The Cluster Head Module (CHM) is other model proposed and published in [31]. Some other model such as [27-30] are emerged for control in a distributed models. In this section we will review this architecture which is based on [31]. The CHM runs on each clusterhead node, and is responsible for the management of the cluster-member nodes in the cluster. CHM is also responsible for initiating cooperative intrusion detection and response action upon receiving a request from a cluster-member node. The CHM is divided into six modules: I. Cluster management module II. Network information module III. Mobile agent management module IV. Global intrusion information module V. Collaborative intrusion detection module VI. Global intrusion response module. The interrelationships among the modules are depicted in Figure 4. The modules interact with each other via suitable messages in order to collect, store, process, and analyze the data. The functionalities of these modules are described below. 4

Figure 4. The architecture of the cluster head module [31] The cluster management module manages the cluster by performing the functions such as [31]: I. Registration of newly joined nodes II. Supervision of elections in the cluster III. Communication with other nodes in the cluster for cooperative intrusion detection. This module consists of three sub-modules: a. Cluster-member registration sub module b. Cluster-head election sub-module c. Cluster member communication sub-module. In the rest of this subsection, the functionalities of these modules are described in the rest of this Section. 4. Conclusion In this paper, we have presented a review of some important software architecture for intrusion detection systems as simple model, knowledge-based and cluster-based intrusion detection system architectures. The clustering of the network nodes makes message communication efficient. An efficient model allows to network working without any delay. Local detection also allows for detection of attacks for localized and could also work as global model with collaboration among the nodes in different clusters. References [1] John McHugh, Alan Christie, Julia Allen, "Defending Yourself: The Role of Intrusion Detection Systems," IEEE Software, vol. 17, no. 5, pp. 42-51, Sept.-Oct. 2000, doi:10.1109/52.877859 [2] AntiServer, Denial Of Service Download Area, http://www.antiserver.it/denial-of-service [3] Denning D.E., An Intrusion-Detection Model, IEEE Transactions on Software Engineering, February 1987. [4] Stallings, W., Cryptography and Network Security, Principles and Practice, Prentice Hall, 2003. [5] G. Giacinto, Intrusion Detection Systems for Computer Networks, February 2005. [6] Roesch, M., Snort - Lightweight Intrusion Detection for Network, Proc. USENIX Lisa, 1999. 5

[7] S. Kaplantzis, Security Models for Wireless Sensor Networks, PhD Conversion Report, Centre of Telecommunications and Information Engineering, Monash University, Australia, 2006. [8] S. Rajasegarar, C. Leckie, and M. Palaniswami, Detecting Data Anomalies in Wireless Sensor Networks [9] Bass, L.; Clements, P.; & Kazman, R. Software Architecture in Practice. Reading, MA: Addison-Wesley Longman, 1998. [10] Gamma, E.; Helm, V.; Johnson, R.; & Vlissides, J. Design Patterns, Elements of Reusable Object-Oriented Software. Reading, MA: Addison-Wesley, 1995. [11] Garlan, D. & Shaw, M. An Introduction to Software Architecture, in Advances in Software Engineering and Knowledge Engineering, vol. I. River Edge, NJ: World Scientific Publishing Company, 1993. [12] Perry, D.E. & Wolf, A.L. Foundations for the Study of Software Architecture. Software EngineeringNotes, ACM SIGSOFT 17, 4 (October 1992): 40-52. [13] L. Bass, P. Clements and R. Kazman. Software Architecture in Practice. Addison Wesley, 1999, ISBN 0-201-19930-0, 1999. [14] David Garlan, Software Architecture, John Wiley & Sons, Inc., PA, USA, 2001 [15] P. Clements, F. Bachmann, L. Bass, D. Garlan, J. Ivers, R. Little, R. Nord, J. Stafford. Software Architecture Documentation in Practice, Addison Wesley Longman, 2001. [16] D. Garlan and M. Shaw. An Introduction to software architecture. In Advances in Software Engineering and Knowledge Engineering, pages 1-39, Singapore, 1993. World Scientific Publishing Company, 1993. [17] D. E. Perry and A. L. Wolf. Foundations for the study of software architecture. ACM SIGSOFT Software Engineering Notes, 17(4):40-52, October 1992. [18] F. Kuhl, R. Weatherly, J. Dahmann. Creating Computer Simulation Systems: An Introduction to the High Level Architecture. Prentice Hall, 2000. [19] V. Matena and M. Hapner. Enterprise JavaBeans. Sun Microsystems Inc., Palo Alto, California, 1998. C. Szyperski. Component Software: Beyond Object- Oriented Programming. Addison-Wesley, 1998. [20] F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad and M. Stal. Pattern Oriented Software Architecture: A System of Patterns. John Wiley & Sons, 1996. [21] Mehdi Bahrami, Ahmad Faraahi, Amir Masoud Rahmani, AGC4ISR, New Software Architecture for Autonomic Grid Computing, International Conference on Intelligent Systems, Modelling and Simulation, pp.318-321, 2010. [22] P. Clements, L. Bass, R. Kazman and G. Abowd. Predicting software quality by architecture-level evaluation. In Proceedings of the Fifth International Conference on Software Quality, Austin, Texas, Oct, 1995. [23] L. Coglianese and R. Szymanski, DSSA-ADAGE: An Environment for Architecture-based Avionics Development. In Proceedings of AGARD 93, May 1993. [24] D. Garlan, R. Allen and J. Ockerbloom. Exploiting style in architectural design environments. In Proc of SIGSOFT 94: The second ACM SIGSOFT Symposium on the Foundations of Software Engineering, pages 170-185. ACM Press, December 1994. [25] J. Magee, N. Dulay, S. Eisenbach and J. Kramer. Specifying distributed software architectures. In Proceedings of the Fifth European Software Engineering Conference, ESEC'95, September 1995. [26] B. Boehm, P. Bose, E. Horowitz and M. J. Lee. Software requirements negotiation and renegotiation aids: A theory-w based spiral approach. In Proc of the 17th International Conference on Software Engineering, 1994. [27] S. Antonatos, K. G. Anagnostakis, and E. P. Markatos. Generating realistic workloads for intrusion detection systems. In Proceedings of the 4th ACM SIGSOFT/SIGMETRICS Workshop on Software and Performance (WOSP 2004), January 2004. [28] Y. Charitakis, D. Pnevmatikatos, E. P. Markatos, and K. G. Anagnostakis. Code generation for packet header intrusion analysis on the IXP1200 network processor. In Proceedings of the 7th International Workshop on Software and Compilers for Embedded Systems (SCOPES 2003), September 2003. [29] Y. Charitakis, K. G. Anagnostakis, and E. Markatos. An active splitter architecture for intrusion detection (short paper). In Proceedings of the Tenth IEEE/ACM Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems (MASCOTS 2003), October 2003. [30] C. Kruegel, F. Valeur, G. Vigna, and R. Kemmerer. Stateful intrusion detection for high-speed networks. In Proceedings of the IEEE Symposium on Security and Privacy, pp. 285-294, May 2002. 6

[31] Sen, Jaydip. "An intrusion detection architecture for clustered wireless ad hoc networks." Computational Intelligence, Communication Systems and Networks (CICSyN), 2010 Second International Conference on. IEEE, 2010.. 7

Citation: Mehdi Bahrami, Mohammad Bahrami, "An overview to Software Architecture in Intrusion Detection System", International Journal of Soft Computing and Software Engineering [JSCSE], Vol. 1, No. 1, pp. 1-8, 2011 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information