ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Enhancing interoperability and stateful analysis of cooperative network intrusion detection systems
Full text PdfPdf (576 KB)
Source
Symposium On Architecture For Networking And Communications Systems archive
Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems table of contents
Orlando, Florida, USA
SESSION: Detection and inspection table of contents
Pages 165-174  
Year of Publication: 2007
ISBN:978-1-59593-945-6
Authors
Michele Colajanni  University of Modena and Reggio Emilia
Daniele Gozzi  University of Modena and Reggio Emilia
Mirco Marchetti  University of Modena and Reggio Emilia
Sponsors
SIGARCH: ACM Special Interest Group on Computer Architecture
ACM: Association for Computing Machinery
SIGCOMM: ACM Special Interest Group on Data Communication
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 18,   Downloads (12 Months): 139,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1323548.1323576
What is a DOI?

ABSTRACT

A traditional Network Intrusion Detection System (NIDS) is based on a centralized architecture that does not satisfy the needs of most modern network infrastructures characterized by high traffic volumes and complex topologies. The of decentralized NIDS based on multiple sensors is that each of them gets just a partial view of the network traffic and this prevents a stateful and fully reliable traffic analysis. We propose a novel cooperation mechanism that the previous issues through an innovative state management and state migration framework. It allows multiple decentralized sensors to share their internal state, thus accomplishing innovative and powerful traffic analysis. The advanced functionalities and performance of the proposed cooperative framework for network intrusion detection systems are demonstrated through a fully operative prototype.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
M. Andreolini, M. Colajanni, and M. Nuccio. Scalability of content-aware server switches for cluster-based web information systems.In Proc. of the 12th International World Wide Web Conference (WWW2003)Budapest, Hungary, May 2003.
2
Valeria Cardellini , Emiliano Casalicchio , Michele Colajanni , Philip S. Yu, The state of the art in locally distributed Web-server systems, ACM Computing Surveys (CSUR), v.34 n.2, p.263-311, June 2002  [doi>10.1145/508352.508355]
 
3
C. J. Coit, S. Staniford, and J. McAlerney. Towards faster string matching for intrusion detection or exceeding the speed of snort. In Proc. of the DARPA Information Survivability Conference and Exposition 2001.
 
4
M. Colajanni and M. Marchetti. A parallel architecture for stateful intrusion detection in high traffic networks. In Proc. of the IEEE/IST Workshop on "Monitoring, attack detection and mitigation" (MonAM 2006)Tuebingen, Germany, September 2006.
 
5
A. Constantine and R. Stadler. Adaptable sevrer cluster with QoS constraints. In Proc. of the 9th IFIP/IEEE International Symposium on Integrated Network Management Nice, France, May 2005.
6
Holger Dreger , Anja Feldmann , Vern Paxson , Robin Sommer, Operational experiences with high-volume network intrusion detection, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030086]
 
7
IETF Intrusion Detection Working Group. The intrusion detection message exchange format, 2006.
 
8
Christopher Kruegel , Fredrik Valeur , Giovanni Vigna , Richard Kemmerer, Stateful Intrusion Detection for High-Speed Networks, Proceedings of the 2002 IEEE Symposium on Security and Privacy, p.285, May 12-15, 2002
 
9
Richard Lippmann , Joshua W. Haines , David J. Fried , Jonathan Korba , Kumar Das, Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation, Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, p.162-182, October 02-04, 2000
10
Dejan S. Milojičić , Fred Douglis , Yves Paindaveine , Richard Wheeler , Songnian Zhou, Process migration, ACM Computing Surveys (CSUR), v.32 n.3, p.241-299, Sept. 2000  [doi>10.1145/367701.367728]
 
11
V. A. Pham and A. Karmouch. Mobile software agents: An overview. IEEE Communication Magazine 36(7):16--37, 1998.
 
12
P. Porras, D. Schnackenberg, S. Staniford-Chen, Davis, M. Stillman, and F. Wu. The common intrusion detection framework architecture, 1999.
 
13
T. H. Ptacek and T. N. Newsham. Insertion, evasion, and denial of service: Eluding network intrusion detection. Technical report,Secure Networks,Inc., Suite 330, 1201 5th Street S. W, Calgary, Alberta, Canada, T2R-0Y6, 1998.
 
14
L. Schaelicke, T. Slabach, B. Moore, and C. Freeland. Characterizing the performance of network intrusion detection sensors. In Proc. of the Sixth International Symposium on Recent Advances in Intrusion Detection Pittsburgh, PA, USA, September 2003.
15
Lambert Schaelicke , Kyle Wheeler , Curt Freeland, SPANIDS: a scalable network intrusion detection loadbalancer, Proceedings of the 2nd conference on Computing frontiers, May 04-06, 2005, Ischia, Italy  [doi>10.1145/1062261.1062314]
 
16
Robin Sommer , Vern Paxson, Exploiting Independent State For Network Intrusion Detection, Proceedings of the 21st Annual Computer Security Applications Conference, p.59-71, December 05-09, 2005  [doi>10.1109/CSAC.2005.24]
 
17
N. Tuck, T. Sherwood, B. Calder, and G. Varghese. Deterministic memory-efficient string matching algorithms fo intrusion detection. In Proc. of the IEEE Conference on Computer Communication Hong Kong, China, March 2004.
 
18
D. Winer. XMLRPC, 2007.
 
19
Konstantinos Xinidis , Ioannis Charitakis , Spiros Antonatos , Kostas G. Anagnostakis , Evangelos P. Markatos, An Active Splitter Architecture for Intrusion Detection and Prevention, IEEE Transactions on Dependable and Secure Computing, v.3 n.1, p.31, January 2006  [doi>10.1109/TDSC.2006.6]

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.3 Network Operations
          Subjects: Network monitoring


General Terms:
Design, Experimentation, Security


Keywords:
distributed architectures, network intrusion detection systems, state migration, traffic analysis

Collaborative Colleagues:
Michele Colajanni: colleagues
Daniele Gozzi: colleagues
Mirco Marchetti: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player