A denial-of-service resistant intrusion detection architecture
暂无分享,去创建一个
Abstract As the capabilities of intrusion detection systems (IDSs) advance, attackers may disable organizations’ IDSs before attempting to penetrate more valuable targets. To counter this threat, we present an IDS architecture that is resistant to denial-of-service (DOS) attacks. The architecture frustrates attackers by making IDS components invisible to attackers’ normal means of “seeing” in a network. Upon a successful attack, the architecture allows IDS components to relocate from attacked hosts to operational hosts thereby mitigating the attack. These capabilities are obtained by using mobile agent technology, utilizing network topology features, and by restricting the communication allowed between different types of IDS components.
[1] Kathleen A. Jackson. INTRUSION DETECTION SYSTEM (IDS) PRODUCT SURVEY , 1999 .
[2] Karl N. Levitt,et al. GrIDS A Graph-Based Intrusion Detection System for Large Networks , 1996 .
[3] Eugene H. Spafford,et al. An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).
[4] Peter Mell,et al. Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems , 1999, Recent Advances in Intrusion Detection.