Chapter 9: Cooperation in Intrusion Detection Networks Authors: Carol Fung and Raouf Boutaba Editors: M. S. Obaidat and S. Misra Jon Wiley & Sons publishing.

Slides:



Advertisements
Similar presentations
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Advertisements

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
Guide to Network Defense and Countermeasures Second Edition
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
 Well-publicized worms  Worm propagation curve  Scanning strategies (uniform, permutation, hitlist, subnet) 1.
Intrusion Detection Systems and Practices
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Distributed Intrusion Detection Systems (dIDS) 2/10 CIS 610.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
School of Computer Science and Information Systems
Collaborating Against Common Enemies Sachin Katti Balachander Krishnamurthy and Dina Katabi AT&T Labs-Research & MIT CSAIL.
Botnets Abhishek Debchoudhury Jason Holmes. What is a botnet? A network of computers running software that runs autonomously. In a security context we.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
SMS Mobile Botnet Detection Using A Multi-Agent System Abdullah Alzahrani, Natalia Stakhanova, and Ali A. Ghorbani Faculty of Computer Science, University.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
SocialFilter: Introducing Social Trust to Collaborative Spam Mitigation Michael Sirivianos Telefonica Research Telefonica Research Joint work with Kyungbaek.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Article presentation for: The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware Based on article by: Jaideep Chandrashekar,
Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
Intrusion Detection Systems Austen Hayes Cameron Hinkel.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Research Direction Introduction Advisor: Professor Frank, Y.S. Lin Presented by Chi-Hsiang Chan 2011/10/111.
11 CONFIGURING TCP/IP ADDRESSING AND SECURITY Chapter 11.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Automatically Generating Models for Botnet Detection Presenter: 葉倚任 Authors: Peter Wurzinger, Leyla Bilge, Thorsten Holz, Jan Goebel, Christopher Kruegel,
IEEE Communications Surveys & Tutorials 1st Quarter 2008.
Mapping Internet Sensors with Probe Response Attacks Authors: John Bethencourt, Jason Franklin, Mary Vernon Published At: Usenix Security Symposium, 2005.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
1 Figure 10-4: Intrusion Detection Systems (IDSs) Actions  Alarms  Interactive analysis Manual event inspection of raw log file Pattern retrieval 
Cryptography and Network Security Sixth Edition by William Stallings.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
Identifying “Best Bet” Web Search Results by Mining Past User Behavior Author: Eugene Agichtein, Zijian Zheng (Microsoft Research) Source: KDD2006 Reporter:
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
PANACEA: AUTOMATING ATTACK CLASSIFICATION FOR ANOMALY-BASED NETWORK INTRUSION DETECTION SYSTEMS Reporter : 鄭志欣 Advisor: Hsing-Kuo Pao.
Volunteer-based Monitoring System Min Gyung Kang KAIST.
IS3220 Information Technology Infrastructure Security
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
SIEM Rotem Mesika System security engineering
TMG Client Protection 6NPS – Session 7.
High Performance Computing Lab.
BotCatch: A Behavior and Signature Correlated Bot Detection Approach
Northwestern Lab for Internet and Security Technology (LIST) Yan Chen Department of Computer Science Northwestern University.
De-anonymizing the Internet Using Unreliable IDs By Yinglian Xie, Fang Yu, and Martín Abadi Presented by Peng Cheng 03/22/2017.
ISMS Information Security Management System
Intrusion Prevention Systems
Intrusion Detection Systems
Presentation transcript:

Chapter 9: Cooperation in Intrusion Detection Networks Authors: Carol Fung and Raouf Boutaba Editors: M. S. Obaidat and S. Misra Jon Wiley & Sons publishing

Network Intrusions Unwanted traffic or computer activities that may be malicious and destructive –Denial of Service –Identity theft –Spam mails Single-host intrusion Cooperative attacks

Intrusion Detection Systems Designed to monitor network traffic or computer activities and alert administrators for suspicious intrusions –Signature-based and anomaly-based –Host-based and network-based

Figure 1. An example of host-based IDS and Network-based IDS

Cooperative IDS IDSs use collective information from others to make more accurate intrusion detection Several features of CIDN –Topology –Cooperation Scope –Specialization –Cooperation Technology

Cooperation Technology Data Correlation Trust Management Load balance

Table 1. Classification of Cooperative Intrusion Detection Networks IDNTopologyScopeSpecializationTechnology and algorithm IndraDistributedLocalWorm- DOMINODecentralizedHybridWorm- DShieldCentralizedGlobalGeneralData Correlation NetShieldDistributedGlobalWormLoad-balancing GossipDistributedLocalWorm- Worminator-GlobalWorm- ABDIASDecentralizedHybridGeneralTrust Management CRIMCentralizedLocalGeneralData Correlation HBCIDSDistributedGlobalGeneralTrust Management ALPACASDistributedGlobalSpamLoad-balancing CDDHTDecentralizedLocalGeneral- SmartScreenCentralizedGlobalPhishing- FFCIDNCentralizedGlobalBotnetData correlation

Indra A early proposal on Cooperative intrusion detection Cooperation nodes take proactive approach to share black list with others

DOMINO Monitor internet outbreaks for large-scale networks Nodes are organized hierarchically Different roles are assigned to nodes

Dshield A centralized firewall log correlation system Data is from the SANS internet storm center Not a real time analysis system Data payload is removed for privacy concern

NetShield A fully distributed system to monitor epidemic worm and DoS attacks The DHT Chord P2P system is used to load-balance the participating nodes Alarm is triggered if the local prevalence of a content block exceeds a threshold Only works on worms with fixed attacking traces, not work on polymorphic worms

Gossip-based Intrusion Detection A local epidemic worm monitoring system A local detector raises a alert when the number of newly created connections exceeds a threshold A Bayesian network analysis system is used to correlate and aggregate alerts

ABDIAS Agent-based Distributed alert system IDSs are grouped into communities Intra-community/inter-community communication A Bayesian network system is used to make decisions

CRIM A centralized system to collect alerts from participating IDSs Alert correlation rules are generated by humans offline New rules are used to detect global-wide intrusions

Host-based CIDS A cooperative intrusion system where IDSs share detection experience with others Alerts from one host is sent to neighbors for analysis Feedback is aggregated based on the trust-worthiness of the neighbor Trust values are updated after every interaction experience

ALPACAS A cooperative spam filtering system Preserve the privacy of the owners A p2p system is used for the scalability of the system s are divided into feature trunks and digested into feature finger prints

SmartScreen Phsihing URL filtering system in IE8 Allow users to report phishing websites A centralized decision system to analyze collected data and make generate the blacklist Users browsing a phishing site will be warned by SmartScreen

FFCIDN A collaborative intrusion detection network to detect fastflux botnet Observe the number of unique IP addresses a domain has. A threshold is derived to decide whether the domain is a fastflux phishing domain

Open Challenges Privacy of the exchanged information Incentive of IDS cooperation Botnet detection and removal

Conclusion CIDNs use collective information from participants to achieve higher intrusion detection accuracy A taxonomy to categorize different CIDNs –Four features are proposed for the taxonomy The future challenges include how to encourage participation and provide privacy for data-sharing among IDSs

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.