Network Intrusion Detection System Embedded on a Smart Sensor

This paper proposes a Network Intrusion Detection System (NIDS) embedded in a smart-sensor-inspired device under a service-oriented architecture (SOA) approach which is able to operate independently as an anomaly-based NIDS, or integrated transparently in a Distributed Intrusion Detection System (DIDS). The proposal is innovative because it combines the advantages of the smart sensor approach and the subsequent offering of the NIDS functionality as a service with the SOA use to achieve their integration with other DIDS components. The main goal of this paper is to reduce the huge volume of management tasks inherent to this type of network services, as well as facilitating the design of DIDS whose managing complexity could be restricted within well-defined margins. This paper also addresses the construction of a physical sensor prototype. This prototype was used to carry out the tests that has demonstrated the proposal's validity, providing detection and performance ratios similar to those of existing intrusion detection systems (IDS), but with the advantage of a zero-maintenance approach.

[1]  Christopher Krügel,et al.  Intrusion Detection and Correlation - Challenges and Solutions , 2004, Advances in Information Security.

[2]  Bruce J. Neubauer Web Services and Service-Oriented Architectures , 2008 .

[3]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[4]  Gerhard P. Hancke,et al.  Industrial Wireless Sensor Networks: Challenges, Design Principles, and Technical Approaches , 2009, IEEE Transactions on Industrial Electronics.

[5]  Kenneth P. Birman,et al.  Scalable, Self-Organizing Technology for Sensor Networks , 2005 .

[6]  Chris IEEE 802.3af , 2003 .

[7]  Vinayak S. Naik,et al.  A line in the sand: a wireless sensor network for target detection, classification, and tracking , 2004, Comput. Networks.

[8]  F.J. Mora,et al.  Intrusion detection system based on growing grid neural network , 2006, MELECON 2006 - 2006 IEEE Mediterranean Electrotechnical Conference.

[9]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[10]  Bhim Singh,et al.  Neural Network-Based Selective Compensation of Current Quality Problems in Distribution System , 2007, IEEE Transactions on Industrial Electronics.

[11]  David E. Culler,et al.  System architecture directions for networked sensors , 2000, SIGP.

[12]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[13]  Sergio M. Savaresi,et al.  Unsupervised learning techniques for an intrusion detection system , 2004, SAC '04.

[14]  Kymie M. C. Tan,et al.  "Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[16]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[17]  Peter L ichodzijewski Dynamic Intrusion Detection Using Self-Organizing Maps , 2002 .

[18]  Timothy A. Gonsalves,et al.  Embedding RMON in large LAN switches , 1999 .

[19]  Hui Li,et al.  A Stochastic-Based FPGA Controller for an Induction Motor Drive With Integrated Neural Network Algorithms , 2008, IEEE Transactions on Industrial Electronics.

[20]  Vern Paxson,et al.  Shunting: a hardware/software architecture for flexible, high-performance network intrusion prevention , 2007, CCS '07.

[21]  T. Sato,et al.  Reconfigurable hardware implementation of host-based IDS , 2003, 9th Asia-Pacific Conference on Communications (IEEE Cat. No.03EX732).

[22]  M.E. Locasto,et al.  Towards collaborative security and P2P intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[23]  Peter Müller,et al.  Web Based Service for Embedded Devices , 2002, Web, Web-Services, and Database Systems.

[24]  Seul Jung,et al.  Hardware Implementation of a Real-Time Neural Network Controller With a DSP and an FPGA for Nonlinear Systems , 2007, IEEE Transactions on Industrial Electronics.

[25]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[26]  Sung-Bae Cho,et al.  Evolutionary Learning Program's Behavior in Neural Networks for Anomaly Detection , 2004, ICONIP.

[27]  Hamid A. Toliyat,et al.  Phase-Sensitive Detection of Motor Fault Signatures in the Presence of Noise , 2008, IEEE Transactions on Industrial Electronics.

[28]  Douglas K. Barry The Savvy Manager's Guide to Web Services and Service-Oriented Architectures , 2003 .

[29]  Tsern-Huei Lee,et al.  A platform-based SoC design and implementation of scalable automaton matching for deep packet inspection , 2007, J. Syst. Archit..

[30]  Wenke Lee,et al.  Statistical Causality Analysis of INFOSEC Alert Data , 2003, RAID.

[31]  Carlos Miguel Tavares Calafate,et al.  A low-cost embedded IDS to monitor and prevent Man-in-the-Middle attacks on wired LAN environments , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[32]  Dacfey Dzung,et al.  Unplugged but connected [Design and implementation of a truly wireless real-time sensor/actuator interface] , 2007, IEEE Industrial Electronics Magazine.

[33]  Farid Golnaraghi,et al.  A Fastening Tool Tracking System Using an IMU and a Position Sensor With Kalman Filters and a Fuzzy Expert System , 2009, IEEE Transactions on Industrial Electronics.

[34]  R. Krishnan,et al.  Sensorless control of single switch based switched reluctance motor drive using neural network , 2004, 30th Annual Conference of IEEE Industrial Electronics Society, 2004. IECON 2004.