Skip to main content
SpringerLink
Log in
Book cover

International Multi Topic Conference

IMTIC 2008: Wireless Networks, Information Processing and Systems pp 433–444Cite as

PrISM: Automatic Detection and Prevention from Cyber Attacks

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 20))

Abstract

Network security is a discipline that focuses on securing networks from unauthorized access. Given the escalating threats of malicious cyber attacks, modern enterprises employ multiple lines of defense. A comprehensive defense strategy against such attacks should include: (1) an attack detection component that determines the fact that a system is compromised, (2) an attack identification and prevention component that identifies attack packets so that one can block such packets in the future and prevent the attack from further propagation. Over the last decade, significant research time has been invested in systems that can detect cyber attacks, either statically at compile time, or dynamically at run time. However, not much effort has been spent on automated attack packet identification or attack prevention. In this paper, we present a unified solution to these problems. We implemented this solution after reverse engineering an Open Source Security Information Management (OSSIM) system, called Preventive Information Security Management (PrISM) system, which correlates input from different sensors so that the resulting product can automatically detect any cyber attack against it, and prevent attack by identifying the actual attack packet(s). PrISM was always able to detect the attacks, identify the attack packets and most often prevent attack by blocking the attacker’s IP address to continue normal execution. There is no additional run-time performance overhead for attack prevention.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Guttman, J.D., Herzog, A.L.: Rigorous automated network security management. Int. J. Inf. Secur. 4, 29–48 (2005)

    Article  Google Scholar 

  2. Landwehr, C.E.: Computer security. IJIS 1, 3–13 (2001)

    Article  Google Scholar 

  3. Krause, M., Harold, F.T.: Handbook of Information Security Management. CRC Press LLC (2006)

    Google Scholar 

  4. Technical White Paper, Event Horizontm: Lanifex Intrusion Detection Solution., ver. 1.5, CSO Lanifex GmbH (2003)

    Google Scholar 

  5. Smirnov, A., Chiueh, T.: DIRA: Automatic Detection, Identification, and Repair of Control-Hijacking Attacks. In: Proc. of 12th Annual Network and Distributed System Security Symposium, San Diego, California (2005)

    Google Scholar 

  6. Anwar, M., Zafar, M.F., Ahmed, Z.: A Proposed Preventive Information Security System. In: Proceedings of International Multitopic Conference (INMIC 2006), Islamabad, Pakistan (2006)

    Google Scholar 

  7. Guo, F., Yu, Y., Chiueh, T.: Automated and Safe Vulnerability Assessment. In: Proceedings of 21st Annual Computer Security Applications Conference (ACSAC 2005), Tucson, USA (2005)

    Google Scholar 

  8. Evans, D., Guttag, J., Horning, J., Tan, Y.M.: LCLint: A tool for using specifications to check code. In: Proceedings of the ACM SIGOFT Symposium on the Foundations of Software Engineering, vol. 19(5), pp. 87–96 (1994)

    Google Scholar 

  9. Johnson, S.C.: Lint, a C program checker. In: AT&T Bell Laboratories. Murray Hill, NJ, USA (1978)

    Google Scholar 

  10. Nazario, J.: Project Pedantic – source code analysis tool(s) (2002), pedantic.sourceforge.net

  11. Secure software solutions. Rough auditing tool for security, RATS 2.1, www.securesw.com/rats

  12. Viega, J., Bloch, J.T., Kohno, T., McGraw, G.: ITS4: A static vulnerability scanner for C and C++ code. In: Proceeding of the 16th Annual Computer Security Applications Conference (ACSAC 2000), p. 257 (2000)

    Google Scholar 

  13. Wheeler, D.: Flawfinder, www.dwheeler.com/flawfinder

  14. Vendicator. StackShield, G.C.C.: Compiler patch, http://www.angelfire.com/sk/stackshield

  15. Chiueh, T.C., Hsu, F.H.: RAD: A compile-time solution to buffer overflow attacks. In: Proc. of 21st Intl. Conf. on Distributed Computing Systems (ICDCS 2001), pp. 4–9 (2001)

    Google Scholar 

  16. Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G., Frantzen, M., Lokier, J.: Format Guard: Automatic protection from printf format string vulnerabilities. In: Proceedings of 10th USENIX Security Symposium, Washington, D.C., USA (2001)

    Google Scholar 

  17. Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: Stack-Guard: Automatic detection and prevention of buffer over flow attacks. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX, USA (1998)

    Google Scholar 

  18. Etoh, H.: GCC extensions for protecting applications from stack-smashing attacks (2000), http://www.trl.ibm.com/projects/security/ssp

  19. Frantzen, M., Shuey, M.: StackGhost: Hardware facilitated stack protection. In: Proceedings of the 10th USENIX Security Symposium, Washington, D.C., USA (2001)

    Google Scholar 

  20. Team, P.: Non-executable pages design and implementation, http://pax.grsecurity.net/~docs/noexec.txt

  21. Openwall project, http://www.openwall.com

  22. Hastings, R., Joyce, B.: Purify: Fast detection of memory leaks and access errors. In: Proceedings of the Winter USENIX Conference San Francisco, USA, pp. 125–138 (1992)

    Google Scholar 

  23. Hangal, S., Lam, M.S.: Tracking down software bugs using automatic anomaly detection. In: Proceedings of 24th Int. Conf. Software Engineering, pp. 291–301 (2002)

    Google Scholar 

  24. Prvulovic, M., Torrellas, J.: ReEnact: Using thread-level speculation to debug software; An application to data races in multithreaded codes. In: Proceedings of the 30th Annual International Symposium on Computer Architecture, pp. 110–121 (2003)

    Google Scholar 

  25. Zhou, P., Qin, F., Liu, W., Zhou, Y., Torrellas, J.: iWatcher: Efficient architectural support for software debugging. In: Proceedings of the 31st Annual International Symposium on Computer Architecture (2004)

    Google Scholar 

  26. Kim, H.A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of 13th USENIX Security Symposium, San Diego, CA, USA (2004)

    Google Scholar 

  27. Toth, T., Kruegel, C.: Accurate buffer overflow detection via abstract payload execution. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 274–291. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  28. Min, S.L., Choi, J.D.: An efficient cache-based access anomaly detection scheme. In: Proceedings of the Fourth International Conference on Architectural Support for Programming Languages and Operating Systems, Santa Clara, CA, USA, pp. 235–244 (1991)

    Google Scholar 

  29. Open Source Security Management, www.ossim.net

  30. LBL Network Research Group: Arpwatch, www.securityfocus.com/tools/142

  31. Zalewski, M.: P0f: a versatile passive OS fingerprinting tool, http://lcamtuf.coredump.cx/p0f.shtml

  32. http://www.lsli.com/pad.whitepaper.html

  33. Tenable Network Security, The Network Vulnerability Scanner, http://www.nessus.org

  34. Sourcefire, Inc., Open Source Snort, http://www.snort.org

  35. Benson, S.: Tcptrack, A sniffer to displays information about TCP connections on a network interface, www.rhythm.cx/~steve/devel/tcptrack/

  36. Hoagland, J., Staniford, S.: SPADE (Statistical Packet Anomaly Detection Engine) Snort preprocessor plugin, www.securityfocus.com/tools/1767

  37. ntop. A network traffic probe to show network usage, www.ntop.org

  38. Nagios Enterprises, L.L.C.: Nagios, Open source host, service and network monitoring program, www.nagios.org

  39. Paul, J.B.: Intrusion Detection – Evolution beyond Anomalous Behavior and Pattern Matching. Security Essentials Version 1.4 (2002)

    Google Scholar 

  40. Denning, D.E.: An Intrusion Detection Model. IEEE Trans. Software Eng. 13(2), 222–232 (1987)

    Article  Google Scholar 

  41. Wang, T., Suckow, W., Brown, D.: A Survey of Intrusion Detection Systems. In: CSE221 course notes, Department of Computer Science, University of California, San Diego, CA, USA (2001)

    Google Scholar 

  42. Ghosh, A.K., Wanken, J., Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Proc. Annual Computer Security Application Conference (ACSAC 1998), pp. 259–267. IEEE CS Press, Los Alamitos (1998)

    Google Scholar 

  43. Ilgun, K., Kemmerer, R.A., Porras, P.A.: State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Trans. Software Eng. 21(3), 181–199 (1995)

    Article  Google Scholar 

  44. Lindqvist, U., Porras, P.A.: Detecting Computer and Network Misuse with the Production-Based Expert System Toolset (P-BEST). In: 1999 IEEE Symp. Security and Privacy, pp. 146–161 (1999)

    Google Scholar 

  45. Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS). Special Publication 800-94, National Institute of Standards and Technology, Gaithersburg, MD, US (2007)

    Google Scholar 

  46. Roesch, M.: Snort – Lightweight Intrusion Detection for Networks, www.snort.org/docs/lisapaper.txt

  47. Aleph One: Smashing the Stack for Fun and Profit, Phrack, vol. 7(49), (1996), www.phrack.com

  48. Hansen, S.E., Atkins, E.T.: Centralized System Monitoring with Swatch. In: USENIX Seventh Conference on Systems Administration, Monterey, California, USA, pp. 145–152 (1993)

    Google Scholar 

  49. Angela, O., Eric, C.: Intrusion Prevention and Active Response: Implementing an Open Source Defense. Sys. Admin. Magazine 14(3) (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Informatics Complex (ICCC), H-8/1, Islamabad, Pakistan

    Ahmed Zeeshan, Anwar M. Masood, Zafar M. Faisal, Azam Kalim & Naheed Farzana

Authors
  1. Ahmed Zeeshan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anwar M. Masood
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zafar M. Faisal
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Azam Kalim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Naheed Farzana
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Software Engineering & Media Technology, Aalborg University, Niels Bohrs Vej 8, 6700, Esbjerg, Denmark

    D. M. Akbar Hussain

  2. Mehran University of Engineering & Technology, Jamshoro, Pakistan

    Abdul Qadeer Khan Rajput

  3. Department of Electronics and Telecommunication Engineering, Faculty of Electrical, Electronics & Computer Engineering, Mehran UET, Jamshoro, Pakistan

    Bhawani Shankar Chowdhry

  4. Learning Societies Lab, Electronics and Computer Science, University of Southampton, United Kingdom

    Quintin Gee

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Zeeshan, A., Masood, A.M., Faisal, Z.M., Kalim, A., Farzana, N. (2008). PrISM: Automatic Detection and Prevention from Cyber Attacks. In: Hussain, D.M.A., Rajput, A.Q.K., Chowdhry, B.S., Gee, Q. (eds) Wireless Networks, Information Processing and Systems. IMTIC 2008. Communications in Computer and Information Science, vol 20. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89853-5_46

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89853-5_46

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89852-8

  • Online ISBN: 978-3-540-89853-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation