论文信息 - Attack Evaluation and Mitigation Framework

Attack Evaluation and Mitigation Framework

This paper proposes an implementation of an intrusion detection and prevention system in a Linux environment, with an extensive database of attack signatures, but also with a flexible interface for defining new signatures. The project relies on the analysis of current requirements and challenges in network security, leading to an evaluation of existing detection and network attack mitigation techniques. Attack evaluation and mitigation framework has a modular design, with multiple configuration options and availability during configuration. For increased accessibility, the solution provides a graphical interface available through a web browser, and a command line interface for the network administrator.

[1] Matt Carlson,et al. INTRUSION DETECTION AND PREVENTION SYSTEMS , 2006 .

[2] John Wack,et al. Guidelines on Firewalls and Firewall Policy , 2002 .

[3] S. K. Srivatsa,et al. Detecting and preventing attacks using network intrusion detection systems , 2008 .

[4] Karen A. Scarfone,et al. Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[5] Martin Roesch,et al. Snort - Lightweight Intrusion Detection for Networks , 1999 .

[6] Hossein Shirazi,et al. Increasing Overall Network Security by Integrating Signature-Based NIDS with Packet Filtering Firewall , 2009, 2009 International Joint Conference on Artificial Intelligence.

[7] Karen Scarfone,et al. Intrusion Detection and Prevention Systems , 2010, Handbook of Information and Communication Security.

[8] Boleslaw K. Szymanski,et al. Denial of Service Intrusion Detection Using Time Dependent Deterministic Finite Automata , 2002 .

[9] Lance Spitzner,et al. The Honeynet Project: Trapping the Hackers , 2003, IEEE Secur. Priv..