Article
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

SUMMARY This paper presents a model for response interoperability between IDSs, compatible with the model for alert interoperability developed by the IDWG group. Alterations in the IDSs IDWG architecture are proposed in order to provide for response interoperability support. The development and testing of the proposed model and its components are also presented.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Supplementary resource (1)

... For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance (e.g. [7], [1]). To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. ...
Article
Full-text available
The cloud computing is the fastest growing concept in IT industry. The IT companies have realized that the cloud computing is going to be the hottest topic in the field of IT. Cloud Computing reduces cost by sharing computing and storage resources, merged with an on demand provisioning mechanism relying on a pay-per use business model. Due to varied degree of security features and management schemes within the cloud entities security in the cloud is challenging. Security issues ranging from system misconfiguration, lack of proper updates, or unwise user behaviour from remote data storage that can expose user‗s private data and information to unwanted access can plague a Cloud Computing. The intent of this paper is to investigate the security related issues and challenges in Cloud computing environment. We also proposed a security scheme for protecting services keeping in view the issues and challenges faced by cloud computing.
... Sending data to other nodes for processing didn't seem necessary. 7 The individual analysis performed in each node reduces the complexity and the volume of data in comparison to previous solutions, where the audit data is concentrated in single points. ...
Article
The goal of IDS is to analyze events on the network and identify attacks. The increasing number of network security related incidents makes it necessary for organizations to actively protect their sensitive data with the installation of intrusion detection systems (IDS). People are paid more attention on intrusion detection which as an important computer network security technology. According to the development trend of intrusion detection, detecting all kinds of intrusions effectively requires a global view of the monitored network, Here, discuss about new intrusion detection mechanism based on cloud computing, which can make up for the deficiency of traditional intrusion detection, and proved to be great scalable.
Book
Full-text available
Novas tendências na área de gerência de redes e serviços vêm sendo pesquisadas, entre estas destacam-se; self-management, gerência autônoma, gerência ubíqua, gerência proativa, distribuição da gerência de redes, gerência para redes distribuídas, gerência de redes móveis e sem fio, gerência em segurança de redes, uso de inteligência artificial em gerência de redes e uso da tecnologia Web na gerência de redes. Além do emprego de gerência de redes baseada em políticas, políticas de segurança, multi-agentes e grids de agentes... Estas novas tendências vêm sendo pesquisadas no Laboratório de Redes e Gerência (LRG) da UFSC e a partir deste projeto as mesmas poderão ser aperfeiçoadas através das seguintes atividades deste projeto: Abordagens de Segurança para Interconexão de Clusters em Rede de Sensores Sem Fio; Modelo para Integração de Sistemas de Detecção de Intrusão através de Grades Computacionais; Método para Detecção de Intrusão em Grades Computacionais; Gerência em Grades Computacionais de Dispositivos Móveis; Especificação, Monitoração e Controle de Acordos de Níveis de Serviço para Segurança; Gerência de Nível de Serviço Para o Setor Elétrico Utilizando Web Services; e Gerência em Rede de Sensores sobre Grades Computacionais para Telemedicina. Devido à explosão de complexidade dos serviços exigidos e do tamanho das redes de computadores e telecomunicações, novos conceitos devem ser agregados ao gerenciamento de redes e serviços.
Book
Full-text available
Devido à explosão de complexidade dos serviços exigidos e do tamanho das redes de computadores e telecomunicações, novos conceitos devem ser agregados ao gerenciamento de redes e serviços. A urgência do desenvolvimento, emprego e aperfeiçoamento dos seguintes conceitos é muito importante: Gerência de segurança (IDS, criptografia, infra-estrutura de chaves públicas, protocolos...); Gerência para computação em nuvem; Gerência para computação em grade; Sistemas de detecção de intrusão; Acordo de nível de serviço e segurança; Segurança em web serviços; Gerência autonômica; e Autoconfiguração... Estas novas tendências e conceitos vêm sendo pesquisados no Laboratório de Redes e Gerência (LRG) da UFSC e poderão ser aperfeiçoados através das seguintes atividades deste projeto: Gerência e segurança para computação em grade e nuvem no ambiente de telemedicina; Gerência autonômica e segurança para computação em grade e nuvem; Técnicas de detecção de intrusão para computação em grade e nuvem; Acordos de nível de serviço e segurança para computação em grade e nuvem; Segurança em web services via validação de entradas de dados; Framework para sensoriamento do espectro em redes cognitivas; e Auto-configuração para alocação automática de canal em rede sem fio.
Article
Full-text available
Providing security in a distributed system requires more than user authentication with passwords or digital certificates and confidentiality in data transmission. The Grid and Cloud Computing Intrusion Detection System integrates knowledge and behavior analysis to detect intrusions.
Conference Paper
Cloud computing is an On-demand self-service Internet infrastructure where a customer can pay and use only what is needed, managed by an API. The SP plays an active role in transmitting information across the cloud. Privacy for the information through authentication is being considered important. Providing security requires more than user authentication with passwords or digital certificates. The discretion algorithm has been designed and the IDS provide passive security solution. Since the context data is stored by the service provider the control of the data propagate to the whole cloud chain.
Article
Full-text available
The constant growth of computer and telecommunication networks and the variety of topologies being interconnected are making the efficient management of these networks a hard task. Centralized management, currently the most used model, is becoming inflexible and inefficient in view of this growth. On the other hand, code mobility is being considered as a possible solution to this problem. However, no research proposes a way to identify wich technique is the best to perform any management task in a network with any configuration. In this context, the present work proposes an analytical model to evaluate the performance of Mobile Agents in the decentralization of the management compared with the traditional and centralized management model in a generic network topology.
Conference Paper
Full-text available
Since current computer infrastructures are increasingly vulnerable to malicious activities, intrusion detection is necessary but unfortunately not sufficient. We need to design effective response techniques to circumvent intrusions when they are detected. Our approach is based on a library that implements different types of counter-measures. The idea is to design a decision support tool to help the administrator to choose, in this library, the appropriate counter-measure when a given intrusion occurs. For this purpose, we formally define the notion of anti-correlation which is used to determine the counter-measures that are effective to stop the intrusion. Finally, we present a platform of intrusion detection, called DIAMS, that implements the response mechanisms presented in this paper.
Article
Full-text available
In our present work we introduce the use of data fusion in the field of DoS anomaly detection. We present Dempster-Shafer's Theory of Evidence (D-S) as the mathematical foundation for the development of a novel DoS detection engine. Based on a data fusion paradigm, we combine multiple evidence generated from simple heuristics to feed our D-S inference engine and attempt to detect flooding attacks. Our approach has as its main advantages the modeling power of Theory of Evidence in expressing beliefs in some hypotheses, the ability to add the notions of uncertainty and ignorance in the system and the quantitative measurement of the belief and plausibility in our detection results. We evaluate our detection engine prototype through a set of experiments, that were conducted with real network traffic and with the use of common DDoS tools. We conclude that data fusion is a promising approach that could increase the DoS detection rate and decrease the false alarm rate.
Article
Distributed intrusion detection is one of the most promising information security techniques. It is used to detect various attacks from distributed network environment. But attack behaviors are becoming more complicated with the development of network techniques so that it is becoming more difficult to detect them. In order to overcome the shortcomings of current intrusion detection techniques, a novel hierarchical model of multi-level detection intrusion is proposed. The model utilizes the intelligent, mobile and self-adaptive characteristics of agent and its distributed collaborative calculation capability. So it can detect complicated attacks effectively. The adoption of the clone and migration mechanism of agent and the security communication protocol enhances the security and collaborative detection capability of the model. communication load is reduced effectively and intrusions can be detected and responded as quickly as possible. The model can evolve and adjust itself dynamically to adapt to the external environmental change. The model is robust and scalable.
Article
Web-based vulnerabilities represent a substantial portion of the security exposures of computer networks. In order to detect known web-based attacks, misuse detection systems are equipped with a large number of signatures. Unfortunately, it is difficult to keep up with the daily disclosure of web-related vulnerabilities, and, in addition, vulnerabilities may be introduced by installation-specific web-based applications. Therefore, misuse detection systems should be complemented with anomaly detection systems.This paper presents an intrusion detection system that uses a number of different anomaly detection techniques to detect attacks against web servers and web-based applications. The system analyzes client queries that reference server-side programs and creates models for a wide-range of different features of these queries. Examples of such features are access patterns of server-side programs or values of individual parameters in their invocation. In particular, the use of application-specific characterization of the invocation parameters allows the system to perform focused analysis and produce a reduced number of false positives.The system derives automatically the parameter profiles associated with web applications (e.g., length and structure of parameters) and relationships between queries (e.g., access times and sequences) from the analyzed data. Therefore, it can be deployed in very different application environments without having to perform time-consuming tuning and configuration.
Conference Paper
Security alerts high-level reasoning efforts such as alert filtering and intrusion alert correlation are initiatives to solve security data flooding and high false positive alert rates. These efforts decrease the volume of the security data, marginally reduce the false positive rate, and improve the attack-detection rate. Although the results of these efforts have been encouraging, there are still weaknesses partly due to data quality problems. This paper works on the premise that a quality input data should in theory help in producing good results. Thus, the aim of this paper is to propose an intrusion alert quality framework that addresses alert preparation stage for high-level reasoning by enriching and enhancing the alerts with quality parameters, and then encoding these enriched alerts in the IDMEF format. In this format, the enriched alerts are readily usable by high-level reasoning operations.
DOI: 10.1002/nem.626 1. NIST (National Institute for Standards and Technology) Special Publication on Intrusion Detection Systems
  • P F Da
  • C B Silva
  • Westphall
  • Copyright
P. F. DA SILVA AND C. B. WESTPHALL Copyright © 2006 John Wiley & Sons, Ltd. Int. J. Network Mgmt 2007; 17: 287–294 DOI: 10.1002/nem.626 1. NIST (National Institute for Standards and Technology). Special Publication on Intrusion Detection Systems, November 2001. http://csrc.nist.gov/publications/nistpubs/800-31/sp800-31.pdf [10 April 2005].
A model for interoperability of answers in intrusion detection systems
  • Silva Pf
  • Cb
Silva PF, Westphall CB. A model for interoperability of answers in intrusion detection systems. In 23rd Brazilian Symposium on Computer Networks, Fortaleza, CE, May 2005.