Towards NIC-based intrusion detection

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Towards NIC-based intrusion detection

Full text

Pdf (104 KB)

Source

International Conference on Knowledge Discovery and Data Mining archive
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining table of contents

Washington, D.C.

POSTER SESSION: Industrial/government track table of contents

Pages: 723 - 728

Year of Publication: 2003

ISBN:1-58113-737-0

Authors

M. Otey	The Ohio State University
S. Parthasarathy	The Ohio State University
A. Ghoting	The Ohio State University
G. Li	The Ohio State University
S. Narravula	The Ohio State University
D. Panda	The Ohio State University

Sponsors

SIGKDD: ACM Special Interest Group on Knowledge Discovery in Data
SIGMOD: ACM Special Interest Group on Management of Data

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 12, Downloads (12 Months): 76, Citation Count: 4

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/956750.956847 What is a DOI?

ABSTRACT

We present and evaluate a NIC-based network intrusion detection system. Intrusion detection at the NIC makes the system potentially tamper-proof and is naturally extensible to work in a distributed setting. Simple anomaly detection and signature detection based models have been implemented on the NIC firmware, which has its own processor and memory. We empirically evaluate such systems from the perspective of quality and performance (bandwidth of acceptable messages) under varying conditions of host load. The preliminary results we obtain are very encouraging and lead us to believe that such NIC-based security schemes could very well be a crucial part of next generation network security systems.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	D. Anderson, T. Lunt, H. Javitz, A. Tamaru, and A. Valdes. Detecting unusual program behavior using the statistical component of the next-generation intrusion detection expert system (nides). In Technical Report SRI-CSL-95-06, SRI, 1995.
	2	Daniel Barbara , Sushil Jajodia, Applications of Data Mining in Computer Security, Kluwer Academic Publishers, Norwell, MA, 2002
	3	D. Barbara, N. Wu, and S. Jajodia, Detecting novel network intrusions using bayes estimators. In Poc. SIAM Intl. Conf. Data Mining. 2001.
	4	Silicon Defense. Spade. In http://www.silicondefense.com/software/spice/, 2001.
	5	Martin Ester , Hans-Peter Kriegel , Jörg Sander , Michael Wimmer , Xiaowei Xu, Incremental Clustering for Mining in a Data Warehousing Environment, Proceedings of the 24rd International Conference on Very Large Data Bases, p.323-333, August 24-27, 1998
	6	Stephanie Forrest , Steven A. Hofmeyr , Anil Somayaji , Thomas A. Longstaff, A Sense of Self for Unix Processes, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.120, May 06-08, 1996
	7	Stephanie Forrest , Steven A. Hofmeyr , Anil Somayaji, Computer immunology, Communications of the ACM, v.40 n.10, p.88-96, Oct. 1997 [doi>10.1145/262793.262811]
	8	Anup K. Ghosh , Aaron Schwartzbard , Michael Schatz, Learning Program Behavior Profiles for Intrusion Detection, Proceedings of the Workshop on Intrusion Detection and Network Monitoring, p.51-62, April 09-12, 1999
	9	S. Guha , N. Mishra , R. Motwani , L. O'Callaghan, Clustering data streams, Proceedings of the 41st Annual Symposium on Foundations of Computer Science, p.359, November 12-14, 2000
	10	Geoff Hulten , Laurie Spencer , Pedro Domingos, Mining time-changing data streams, Proceedings of the seventh ACM SIGKDD international conference on Knowledge discovery and data mining, p.97-106, August 26-29, 2001, San Francisco, California [doi>10.1145/502512.502529]
	11	Terran Lane , Carla E. Brodley, Temporal sequence learning and data reduction for anomaly detection, ACM Transactions on Information and System Security (TISSEC), v.2 n.3, p.295-331, Aug. 1999 [doi>10.1145/322510.322526]
	12	Matthew V. Mahoney , Philip K. Chan, Learning nonstationary models of normal network traffic for detecting novel attacks, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, July 23-26, 2002, Edmonton, Alberta, Canada [doi>10.1145/775047.775102]
	13	G. Manku and R. Motwani. Approximate frequency counts over data streams. In proceeding of the 28th VLDB Conference, Hong Kong, China, 2002.
	14	Gurmeet Singh Manku , Sridhar Rajagopalan , Bruce G. Lindsay, Approximate medians and other quantiles in one pass and with limited memory, Proceedings of the 1998 ACM SIGMOD international conference on Management of data, p.426-435, June 01-04, 1998, Seattle, Washington, United States
	15	D. Nagle and D. Friedman. Building firewalls with intelligent network interface cards. In CMU SCS Technical Report CMU-CS-00-173, 2002.
	16	M. Otey, S. Parthasarathy, A. Ghoting, G. Li, S. Narravula, and D. Panda. Towards nic-based intrusion detection. In OSU-CISRC-3/03-TR12, 2003.
	17	Srinivasan Parthasarathy , Arun Ramakrishnan, Parallel Incremental 2D-Discretization on Dynamic Datasets, Proceedings of the 16th International Parallel and Distributed Processing Symposium, p.247, April 15-19, 2002
	18	S. Parthasarathy , M. J. Zaki , M. Ogihara , S. Dwarkadas, Incremental and interactive sequence mining, Proceedings of the eighth international conference on Information and knowledge management, p.251-258, November 02-06, 1999, Kansas City, Missouri, United States [doi>10.1145/319950.320010]
	19	V. Paxon. Bro: A system for detecting network intruders in real-time. In Proc. 7th USENIX Security Symp., 1998.
	20	Vern Paxson , Sally Floyd, Wide area traffic: the failure of Poisson modeling, IEEE/ACM Transactions on Networking (TON), v.3 n.3, p.226-244, June 1995 [doi>10.1109/90.392383]
	21	Martin Roesch, Snort - Lightweight Intrusion Detection for Networks, Proceedings of the 13th USENIX conference on System administration, November 07-12, 1999, Seattle, Washington
	22	R. Sekar , M. Bendre , D. Dhurjati , P. Bollineni, A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.144, May 14-16, 2001
	23	Karlton Sequeira , Mohammed Zaki, ADMIT: anomaly-based data mining for intrusions, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, July 23-26, 2002, Edmonton, Alberta, Canada [doi>10.1145/775047.775103]
	24	A. Veloso, W. Meira, M. Carvalho, B. Possas, S. Parthasarathy, and M. Zaki. Mining frequent itemsets in evolving databases. SIAM International Conference on Data Mining, 2002.

CITED BY 4

	Matthew Eric Otey , Amol Ghoting , Srinivasan Parthasarathy, Fast Distributed Outlier Detection in Mixed-Attribute Data Sets, Data Mining and Knowledge Discovery, v.12 n.2-3, p.203-228, May 2006
	Ruoming Jin , Dave Fuhry , Abdulkareem Alali, Cost-based query optimization for complex pattern mining on multiple databases, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
	Jeffrey Shafer , Scott Rixner, RiceNIC: a reconfigurable network interface for experimental research and education, Proceedings of the 2007 workshop on Experimental computer science, p.21-es, June 13-14, 2007, San Diego, California
	Varun Chandola , Arindam Banerjee , Vipin Kumar, Anomaly detection: A survey, ACM Computing Surveys (CSUR), v.41 n.3, p.1-58, July 2009