The Optimization Of Stepping Stone Detection: Packet Capturing Steps

Kertas kerja ini mencadangkan pengoptimuman langkah penawanan paket di dalam algoritma pengesanan batu loncatan yang boleh memendekkan masa tindak balas keseluruhan mekanisma penindakbalasan. Tujuan penyelidikan ini adalah bagi membuktikan langkah penawanan paket di dalam algoritma batu loncatan seterusnya membolehkan percepatan penindakbalasan bahagian penindakbalasan daripada keseluruhan sistem pengesanan dan penindakbalasan. Kaedah yang dicadangkan diperkenalkan dengan menggunakan saiz penimbal pengguna dan penimbal kernel yang kecil. Eksperimen dijalankan dengan menggunakan dua jenis aliran paket rangkaian; i) 10 kbps dan ii) 10 000 kbps yang dijana menggunakan perkakasan Tfgen (penjana paket) dan kombinasi sembilan saiz penimbal yang berbeza untuk setiap aliran paket rangkaian yang diuji. Keputusan daripada eksperimen dianalisa. Daripada keputusan, kaedah yang dicadangkan (dengan menggunakan saiz penimbal yang kecil) memberikan keputusan yang lebih baik. Penyelidikan ini menyimpulkan bahawa dengan menggunakan kaedah yang dicadangkan, masa tindak balas dapat diperbaiki. Kata kunci: IDS, IRS, pengesanan batu loncatan, jurang masa, pengoptimuman This paper proposes an optimized packet capturing stone detection algorithm that can shorten the response time of overall response mechanism. The aim of the research is to improve the packet capturing step in stepping stone algorithm, thus, improve the response from overall detection and response system. The proposed method is to use small size of user buffer and kernel buffer. Experiments were conducted with two types of packet stream; i) 10 kbps and ii) 10 000 kbps data generated by Tfgen (packet generator) tools and nine combinations of different buffer sizes for each network packet stream were tested. Results from the experiment were analyzed. From the result, it is proven that the proposed method (by using small size of buffer) gives better result. The research concludes that by using the proposed method, the response time can be improved. Key words: IDS, IRS, detecting stepping stones, time gap, optimization

[1]  Eugene H. Spafford,et al.  Using embedded sensors for detecting network attacks , 2000 .

[2]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[3]  Isij Monitor,et al.  Network Intrusion Detection: An Analyst’s Handbook , 2000 .

[4]  Hiroaki Etoh,et al.  Finding a Connection Chain for Tracing Intruders , 2000, ESORICS.

[5]  Fred Cohen,et al.  Simulating cyber attacks, defences, and consequences , 1999, Comput. Secur..

[6]  Stephen Northcutt,et al.  Network Intrusion Detection: An Analyst's Hand-book , 1999 .

[7]  Stuart Staniford-Chen,et al.  Holding intruders accountable on the Internet , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[8]  Jeffrey C. Mogul,et al.  The packer filter: an efficient mechanism for user-level network code , 1987, SOSP '87.

[9]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[10]  Biswanath Mukherjee,et al.  A Methodology for Testing Intrusion Detection Systems , 1996, IEEE Trans. Software Eng..

[11]  Fulvio Risso,et al.  An architecture for high performance network analysis , 2001, Proceedings. Sixth IEEE Symposium on Computers and Communications.

[12]  Subariah Ibrahim,et al.  Towards Solving Time Gap Problems through the Optimization of Packet Capture Technique , 2003, CITA.

[13]  Sang Lyul Min,et al.  Caller Identification System in the Internet Environment , 1993 .

[14]  Douglas S. Reeves,et al.  Inter-Packet Delay Based Correlation for Tracing Encrypted Connections through Stepping Stones , 2002, ESORICS.

[15]  George Varghese,et al.  Intrusion Response Systems: A Survey , 2008 .

[16]  Yin Zhang,et al.  Detecting Stepping Stones , 2000, USENIX Security Symposium.

[17]  Duane C. Hanselman,et al.  Mastering MATLAB 5: A Comprehensive Tutorial and Reference , 1995 .

[18]  Sangwook Kim,et al.  A self-extension monitoring for security management , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[19]  Vern Paxson,et al.  Multiscale Stepping-Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay , 2002, RAID.

[20]  Udo W. Pooch,et al.  Adaptation techniques for intrusion detection and intrusion response systems , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[21]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[22]  Biswanath Mukherjee,et al.  A Methodology for Testing Intrusion Detection Systems 1 , 1996 .