Advertisement

Network Intrusion Detection Systems in Data Centers

Chapter
  • 3.5k Downloads

Abstract

Access to Data Centers must be protected by perimeter defense systems such as firewalls, access lists or intrusion detection systems. Despite the importance of each of them, the NIDS (Network-based Intrusion Detection Systems) are the most sophisticated and accurate measure to deal with external attacks. Therefore, it is essential to know the characteristics of this kind of system, and each of its variants. In this chapter the most relevant aspects of the NIDS are described in detail, in order to improve their integration into networks operating on Data Centers.

Notes

Acknowledgment

Part of the computations of this work were performed in EOLO, the HPC of Climate Change of the International Campus of Excellence of Moncloa, funded by MECD and MICINN.

References

  1. 1.
    Lippmann, R.P., Cunningham, R.K.: Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks. Computer Network 34(4) (October 2000) 597–603CrossRefGoogle Scholar
  2. 2.
    University of California, Irvine: KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (Accessed August 2013)
  3. 3.
    Yeung, D.Y., Ding, Y.: Host-Based Intrusion Detection using Dynamic and Static Behavioral Models. Pattern Recognition 36(1) (January 2003) 229–243Google Scholar
  4. 4.
    Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection. Computers & Security 31(3) (May 2012) 357–374CrossRefGoogle Scholar
  5. 5.
    Lee, W., Miller, M., Stolfo, S.J., Fan, W., Zadok, E.: Toward Cost-Sensitive Modeling for Intrusion Detection and Response. Journal of Computer Security 10 (August 2002) 5–22Google Scholar
  6. 6.
    K. Killourhy, R.M.: Why Did My Detector Do That?! In: Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection. (September 15–17 2010) 256–276Google Scholar
  7. 7.
    Cheng, T.H., Lin, Y.D., Lai, Y.C., Lin, P.C.: Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems. IEEE Communications Surveys Tutorials 14(4) (October 2012) 1011–1020CrossRefGoogle Scholar
  8. 8.
    Kumar, M., Hanumanthappa, M., Suresh Kumar, T.V.: Encrypted Traffic and IPsec Challenges for Intrusion Detection System. In: Proceedings of the International Conference on Advances in Computing. (August 9–11 2012) 721–727Google Scholar
  9. 9.
    Sourcefire and CTO Martin Roesch: Snort: Open Source Network Intrusion Detection System. http://www.snort.org (Accessed August 2013)
  10. 10.
    Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31 (December 1999) 2435–2463Google Scholar
  11. 11.
    Thonnard, O., Bilge, L., O’Gorman, G., Kiernan, S., Lee, M.: Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat. In: Proceedings of the 15th International Conference on Research in Attacks, Intrusions, and Defenses, Berlin, Heidelberg, Springer-Verlag (September 12–14 2012) 64–85Google Scholar
  12. 12.
    Wang, L., Jajodia, S., Singhal, A., Noel, S.: K-zero Day Safety: Measuring the Security Risk of Networks Against Unknown Attacks. In: Proceedings of the 15th European Conference on Research in Computer Security, Berlin, Heidelberg, Springer-Verlag (September 2010) 573–587Google Scholar
  13. 13.
    Salah, S., Maciá-Fernández, G., Díaz-Verdejo, J.E.: A Model-Based Survey of Alert Correlation Techniques. Computer Networks 57(5) (April 2013) 1289–1317CrossRefGoogle Scholar
  14. 14.
    Elshoush, H.T., Osman, I.M.: Alert Correlation in Collaborative Intelligent Intrusion Detection Systems–A Survey. Applied Soft Computing 11(7) (October 2011) 4349–4365CrossRefGoogle Scholar
  15. 15.
    Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes. IEEE Transactions on Dependable and Secure Computing 4(1) (February 2007) 41–55CrossRefGoogle Scholar
  16. 16.
    Dreger, H., Kreibich, C., Paxson, V., Sommer, R.: Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context. In: Proceedings of the Second International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Berlin, Heidelberg, Springer-Verlag (July 7–8 2005) 206–221Google Scholar
  17. 17.
    Nehinbe, J.: Log Analyzer for Network Forensics and Incident Reporting. In: Proceedings of the International Conference on Intelligent Systems, Modelling and Simulation. (January 27–29 2010) 356–361Google Scholar
  18. 18.
    Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. Computer Networks 34(4) (October 2000) 547–570Google Scholar
  19. 19.
    Porras, P., Schnackenberg, D., Staniford-Chen, S., Stillman, M., Wu, F.: The common Intrusion Detection Framework Architecture. CIDF Working Group. http://gost.isi.edu/cidf/drafts/architecture.txt (Accessed August 2013)
  20. 20.
    Standard, I.: Information technology - Security Techniques - Selection, Deployment and Operations of Intrusion Detection Systems. Technical Report ISO/IEC 18043:2006, ISO/IEC (June 2006)Google Scholar
  21. 21.
    Feiertag, R., Kahn, C., Porras, P., Schnackenberg, D., Staniford-Chen, S.: A Common Intrusion Specication Language (CISL). http://gost.isi.edu/cidf/drafts/language.txt (Accessed August 2013)
  22. 22.
    H. Debar, D. Curry, B.F.: The Intrusion Detection Message Exchange Format (IDMEF). Requests for Comments RFC 4765, Internet Engineering Task Force (March 2007)Google Scholar
  23. 23.
    Jacoby, G.A., Davis, N.J.: Mobile Host-Based intrusion Detection and Attack Identification. IEEE Wireless Communications 14(4) (August 2007) 53–60Google Scholar
  24. 24.
    Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting Malware Infection Through IDS-driven Dialog Correlation. In: Proceedings of the 16th USENIX Security Symposium, Berkeley, CA, USA, USENIX Association (August 6–10 2007) 167–182Google Scholar
  25. 25.
    Wang, K., Stolfo, S.J.: Anomalous Payload-based Network Intrusion Detection. In: Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection. (September 15–17 2004) 203–222Google Scholar
  26. 26.
    Wang, K., Cretu, G., Stolfo, S.J.: Anomalous Payload-based Worm Detection and Signature Generation. In: Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg (September 20–22 2006) 227–246Google Scholar
  27. 27.
    Ingham, K.L., Inoue, H.: Comparing Anomaly Detection Techniques for HTTP. In: Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 5–7 2007) 42–62Google Scholar
  28. 28.
    Chandrashekhar, R., Mardithaya, M., Thilagam, S., Saha, D.: SQL Injection Attack Mechanisms and Prevention Techniques. In: Proceedings of the International Conference on Advanced Computing, Networking and Security, Berlin, Heidelberg, Springer-Verlag (2012) 524–533Google Scholar
  29. 29.
    Lekies, S., Nikiforakis, N., Tighzert, W., Piessens, F., Johns, M.: DEMACRO: Defense against Malicious Cross-Domain Requests. In: Proceedings of the 15th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 12–14 2012) 254–273Google Scholar
  30. 30.
    Zhou, Y., Jiang, X.: Dissecting Android Malware: Characterization and Evolution. In: Proceedings of the IEEE Symposium on Security and Privacy. (May 20–23 2012) 95–109Google Scholar
  31. 31.
    Park, K., Lee, H.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack. In: Proceedings of the Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies. Volume 1. (April 22–26 2001) 338–347Google Scholar
  32. 32.
    Bolzoni, D., Etalle, S., Hartel, P.: POSEIDON: A 2-Tier Anomaly-Based Network Intrusion Detection System. In: Proceedings of the Fourth IEEE International Workshop on Information Assurance. (April 13–14 2006) 144–156Google Scholar
  33. 33.
    Lin, P.C., Lee, J.H.: Re-Examining the Performance Bottleneck in a NIDS with Detailed Profiling. Journal of Network and Computer Applications 36(2) (March 2013) 768–780CrossRefMathSciNetGoogle Scholar
  34. 34.
    Puzis, R., Klippel, M.D., Elovici, Y., Dolev, S.: Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures. In: Proceedings of the 1st European Conference on Intelligence and Security Informatics, Berlin, Heidelberg, Springer-Verlag (2008) 191–203Google Scholar
  35. 35.
    Quittek, J., Zseby, T., Claise, B., Zander, S.: Requirements for IP Flow Information Export (IPFIX). Requests for Comments RFC 3917, Internet Engineering Task Force (October 2004)Google Scholar
  36. 36.
    Claise, B.: Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. Requests for Comments RFC 5101, Internet Engineering Task Force (July 2008)Google Scholar
  37. 37.
    Claise, B.: Cisco Systems NetFlow Services Export Version 9. Requests for Comments RFC 3954, Internet Engineering Task Force (October 2004)Google Scholar
  38. 38.
    Brauckhoff, D., Tellenbach, B., Wagner, A., May, M., Lakhina, A.: Impact of Packet Sampling on Anomaly Detection Metrics. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, New York, NY, USA (October 25–7 2006) 159–164Google Scholar
  39. 39.
    Vasiliadis, G., Antonatos, S., Polychronakis, M., P, E., Ioannidis, S.: Gnort: High Performance Network Intrusion Detection using Graphics Processors. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection. (September 15–17 2008) 116–134Google Scholar
  40. 40.
    Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending Browsers Against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks. In: Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Berlin, Heidelberg, Springer-Verlag (July 9–10 2009) 88–106Google Scholar
  41. 41.
    Heiderich, M., Frosch, T., Holz, T.: IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM. In: Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 20–21 2011) 281–300Google Scholar
  42. 42.
    Pietraszek, T., Berghe, C.V.: Defending Against Injection Attacks Through Context-sensitive String Evaluation. In: Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 7–9 2005) 124–145Google Scholar
  43. 43.
    Chandola, V., Banerjee, A., Kumar, V.: Anomaly Detection: A Survey. ACM Computing Surveys 41(3) (July 2009) 1–58CrossRefGoogle Scholar
  44. 44.
    Shyu, M.L., Chen, S.C., Sarinnapakorn, K., Chang, L. In: Principal Component-based Anomaly Detection Scheme. Volume 9. Springer Berlin Heidelberg (2006) 311–329Google Scholar
  45. 45.
    Guo, Z., Chung, S.L., Gu, M., Sun, J.G.: Efficient Presentation of Multivariate Audit Data for Intrusion Detection of Web-Based Internet Services. In: Proceedings of the 1st International Conference on Applied Cryptography and Network Security. (October 16–19 2003) 63–75Google Scholar
  46. 46.
    Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A Content Anomaly Detector Resistant to Mimicry Attack. In: Proceedings of the 9th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 20–22 2006) 226–248Google Scholar
  47. 47.
    Howard, G.M., Bagchi, S., Lebanon, G.: Determining Placement of Intrusion Detectors for a Distributed Application through Bayesian Network Modeling. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 15–17 2008) 271–290Google Scholar
  48. 48.
    Xu, X., Sun, Y., Huang, Z.: Defending DDoS Attacks Using Hidden Markov Models and Cooperative Reinforcement Learning. In: Proceedings of the 2007 Pacific Asia Conference on Intelligence and Security Informatics, Berlin, Heidelberg, Springer-Verlag (April 11–12 2007) 196–207Google Scholar
  49. 49.
    Ramadas, M., Ostermann, S., Tjaden, B.: Detecting Anomalous Network Traffic with Self-organizing Maps. In: Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 8–10 2003) 36–54Google Scholar
  50. 50.
    Golovko, V., Bezobrazov, S., Kachurka, P., Vaitsekhovich, L.: Neural Network and Artificial Immune Systems for Malware and Network Intrusion Detection. In Koronacki, J., Raś, Z., Wierzchoń, S., Kacprzyk, J., eds.: Advances in Machine Learning II. Volume 263 of Studies in Computational Intelligence. Springer Berlin Heidelberg (2010) 485–513Google Scholar
  51. 51.
    Bridges, S.M., Vaughn, R.B.: Fuzzy Data Mining And Genetic Algorithms Applied To Intrusion Detection. In: Proceedings of the 23rd National Information Systems Security Conference. (October 16–19 2000) 13–31Google Scholar
  52. 52.
    Bridges, S.M., Vaughn, R.B., Professor, A., Professor, A.: Data Mining for Intrusion Detection: From Outliers to True Intrusions. In: Proceedings of the 13th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining. (April 27–30 2009) 891–898Google Scholar
  53. 53.
    Nassar, M., State, R., Festor, O.: Monitoring SIP Traffic Using Support Vector Machines. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 15–17 2008) 311–330Google Scholar
  54. 54.
    Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune System Approaches to Intrusion Detection – a Review. Natural Computing 6(4) (December 2007) 413–466CrossRefzbMATHMathSciNetGoogle Scholar
  55. 55.
    Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of the 20th National Information Systems Security Conference. (October 1997) 353–365Google Scholar
  56. 56.
    Zhang, J., Zulkernine, M.: A Hybrid Network Intrusion Detection Technique using Random Forests. In: Proceedings of the First International Conference on Availability, Reliability and Security. (April 2006) 262–269Google Scholar
  57. 57.
    Zang, T., Yun, X., Zhang, Y.: A Survey of Alert Fusion Techniques for Security Incident. In: Proceedings of the Ninth International Conference on Web-Age Information Management. (July 20–22 2008) 475–481Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Information Technology and Computer Science, Office 431Universidad Complutense de Madrid (UCM)MadridSpain

Personalised recommendations