Towards NIC-based intrusion detection

We present and evaluate a NIC-based network intrusion detection system. Intrusion detection at the NIC makes the system potentially tamper-proof and is naturally extensible to work in a distributed setting. Simple anomaly detection and signature detection based models have been implemented on the NIC firmware, which has its own processor and memory. We empirically evaluate such systems from the perspective of quality and performance (bandwidth of acceptable messages) under varying conditions of host load. The preliminary results we obtain are very encouraging and lead us to believe that such NIC-based security schemes could very well be a crucial part of next generation network security systems.

[1]  Editors , 1986, Brain Research Bulletin.

[2]  Sally Floyd,et al.  Wide area traffic: the failure of Poisson modeling , 1995, TNET.

[3]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[5]  H. Javitz,et al.  Detecting Unusual Program Behavior Using the Statistical Component of the Next-generation Intrusion Detection Expert System ( NIDES ) 1 , 1997 .

[6]  Hans-Peter Kriegel,et al.  Incremental Clustering for Mining in a Data Warehousing Environment , 1998, VLDB.

[7]  Bruce G. Lindsay,et al.  Approximate medians and other quantiles in one pass and with limited memory , 1998, SIGMOD '98.

[8]  Carla E. Brodley,et al.  Temporal sequence learning and data reduction for anomaly detection , 1998, CCS '98.

[9]  Richard P. Martin,et al.  - 1-On Using Intelligent Network Interface Cards to support Multimedia Applications , 1998 .

[10]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[11]  Brian N. Bershad,et al.  SPINE: a safe programmable and integrated network environment , 1998, ACM SIGOPS European Workshop.

[12]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[13]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[14]  Sudipto Guha,et al.  ROCK: a robust clustering algorithm for categorical attributes , 1999, Proceedings 15th International Conference on Data Engineering (Cat. No.99CB36337).

[15]  Jeffrey S. Chase,et al.  Network I/O with Trapeze , 1999 .

[16]  Srinivasan Parthasarathy,et al.  Incremental and interactive sequence mining , 1999, CIKM '99.

[17]  Sudipto Guha,et al.  ROCK: A Robust Clustering Algorithm for Categorical Attributes , 2000, Inf. Syst..

[18]  Karsten Schwan,et al.  A Network Co-Processor-Based Approach to Scalable Media Streaming in Servers , 2000, ICPP.

[19]  Sudipto Guha,et al.  Clustering Data Streams , 2000, FOCS.

[20]  Geoff Hulten,et al.  Mining time-changing data streams , 2001, KDD '01.

[21]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[22]  Sushil Jajodia,et al.  Detecting Novel Network Intrusions Using Bayes Estimators , 2001, SDM.

[23]  Dhabaleswar K. Panda,et al.  NIC-based rate control for proportional bandwidth allocation in Myrinet clusters , 2001, International Conference on Parallel Processing, 2001..

[24]  Dhabaleswar K. Panda,et al.  Fast NIC-based barrier over Myrinet/GM , 2001, Proceedings 15th International Parallel and Distributed Processing Symposium. IPDPS 2001.

[25]  Jeffrey S. Chase,et al.  Payload Caching: High-Speed Data Forwarding for Network Intermediaries , 2001, USENIX ATC, General Track.

[26]  David Friedman,et al.  Building firewalls with intelligent network interface cards , 2001 .

[27]  William Gropp,et al.  NIC-based atomic operations on Myrinet/GM , 2002 .

[28]  Srinivasan Parthasarathy,et al.  Mining Frequent Itemsets in Evolving Databases , 2002, SDM.

[29]  Sushil Jajodia,et al.  Applications of Data Mining in Computer Security , 2002, Advances in Information Security.

[30]  Philip K. Chan,et al.  Learning nonstationary models of normal network traffic for detecting novel attacks , 2002, KDD.

[31]  Srinivasan Parthasarathy,et al.  Parallel Incremental 2D-Discretization on Dynamic Datasets , 2002, IPDPS.

[32]  Mohammed J. Zaki,et al.  ADMIT: anomaly-based data mining for intrusions , 2002, KDD.