Combining Multiple Intrusion Detection and Response Technologies in an Active Networking Based Architecture
作者: Andreas Hess , Michael Jung , Günter Schäfer
DOI:
关键词: Honeypot 、 Principal (computer security) 、 Intrusion detection system 、 Denial-of-service attack 、 The Internet 、 Overhead (computing) 、 Telecommunications network 、 Computer security 、 Engineering 、 Active networking
摘要: With the ever growing number of hosts connected to Internet, representing potential sources malicious attacks, and increasing sophistication attacking techniques automated tools, network intrusion detec- tion response has evolved into a very active field research in recent years wide variety approaches been developed (LFG + 00, NN01). However, isolated operation specific detection defense technolo- gies generally exhibits only strengths drawbacks one particular approach. In order allow for co-ordinated combination existing emerging security technologies (e.g. signature based detection, anomaly de- tection, DDoS mechanisms, honeypots, etc.) we propose flexible framework called FIDRAN (HJS03) that is on networking technology. Principal findings so far are net- working proves be well suited technology response, load can distributed among multiple systems with this approach, overhead stays acceptable ranges. Recent developments show securing communication networks singular insufficient cope vulnerabilities today's timely manner. The reasons behind trend originate from developments. First, steadily Internet implying an accordingly vulnerable offers targets activities. Second, many private professional users not sensible affecting their own
tu-berlin.de参考文章(14)
Samuel Patton, An Achilles Heel in Signature-Based IDS : Squealing False Positives in SNORT Proceedings of RAID2001, Davis, CA, USA. ,(2001)
Edward G. Amoroso, Intrusion detection : an introduction to Internet surveillance, correlation, traps, trace back, and response ,(1999)
Stephen Northcutt, Scott Winters, Karen Frederick, Lenny Zeltser, Ronald W Ritchey, None, Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems ,(2002)
Martina Zitterbart, A. Wolisz, Marcus Schöller, Adam Hess, G. Schäfer, A dynamic and flexible Access Control and Resource Monitoring Mechanism for Active Nodes The Fifth IEEE Conference on Open Architectures and Network Programming (OpenArch 2002), New York, NY, June 28-29, 2002. ,(2002)
K.G. Anagnostakis, S. Ioannidis, S. Miltchev, M. Greenwald, J.M. Smith, J. Ioannidis, Efficient packet monitoring for network management network operations and management symposium. pp. 423- 436 ,(2002) , 10.1109/NOMS.2002.1015599
R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, M.A. Zissman, Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation darpa information survivability conference and exposition. ,vol. 2, pp. 12- 26 ,(2000) , 10.1109/DISCEX.2000.821506
Stefan Axelsson, The base-rate fallacy and its implications for the difficulty of intrusion detection computer and communications security. pp. 1- 7 ,(1999) , 10.1145/319709.319710
Stephen Northcutt, Judy Novak, Donald McLachlan, Network Intrusion Detection: An Analyst's Handbook ,(2000)
A. Hess, G. Schäfer, A Flexible and Dynamic Access Control Policy Framework for an Active Networking Environment kommunikation in verteilten systemen. pp. 321- 332 ,(2003) , 10.1007/978-3-642-55569-5_26
Hilary Browne William, William A Arbaugh, M John, William L Fithen, A trend analysis of exploitations ieee symposium on security and privacy. pp. 214- 229 ,(2001) , 10.1109/SECPRI.2001.924300