Real-time Intrusion Detection and Suppression in ATM Networks

Distributed mission critical systems require support for ultra-secure communication, in which intrusions must be detected and suppressed in real time, possibly before the affected messages reach the receiver. When the distributed application has real-time requirements, the effects of intrusion are particularly severe. In addition to covered channels and potentially tampered data at the receiver, such systems may experience violations of timing requirements and timing instabilities in components not directly related to the intrusion. Systems with real-time requirements have admission and access control mechanisms in place to ensure that timing requirements can be met during normal operation. Such admission control mechanisms require load profiles of traffic (for example in form of leaky bucket descriptors) so that resources can be appropriately allocated to meet application requirements during system operation. In this paper, we report on our project aiming at real-time detection of intrusions in ATM networks. We take advantage of the specification of the traffic profile during connection setup, and use a traffic modeling technique to determine the profile of the traffic on the connection in an arbitrary point in the network, thus providing a base line for detection of load deviations. We designed and analyzed a security device that uses the profile information, detects violations. The traffic is modeled in an accurate but efficient manner. As a result, our device is able to detect an intrusion within 25 µs, yet is simple enough to be economically realized in existing VLSI technology.

[1]  Rene L. Cruz,et al.  Quality of Service Guarantees in Virtual Circuit Switched Networks , 1995, IEEE J. Sel. Areas Commun..

[2]  Domenico Ferrari,et al.  Exact admission control for networks with a bounded delay service , 1996, TNET.

[3]  K. Tan,et al.  The application of neural networks to UNIX computer security , 1995, Proceedings of ICNN'95 - International Conference on Neural Networks.

[4]  Riccardo Bettati,et al.  Static priority scheduling for ATM networks , 1997, Proceedings Real-Time Systems Symposium.

[5]  Domenico Ferrari,et al.  Rate-Controlled Service Disciplines , 1994, J. High Speed Networks.

[6]  Wei Zhao,et al.  Admission control for hard real-time connections in ATM LANs , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[7]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.