Network-based Hybrid Intrusion Detection and Honeysystems as Active Reaction Schemes

Summary This paper presents some proposals and contributions in network-based intrusion-related technologies. Two key points are discussed in this line: anomaly-based intrusion detection, and active response mechanisms. The first issue is mainly focused on the consideration of a stochastic approach to model the normal behavior of the network system to be monitored and protected. This anomaly-based detection methodology is combined with a signature-based one, thus resulting in a hybrid detection system, in order to improve the overall detection throughput. On the other hand, a honeysystem-based approach is also introduced to deal with the development of a pro-active response mechanism in the context of intrusion detection technologies. Both of the aspects, detection and reaction, will be studied as functional modules of an integral intrusion platform developed from a current available IDS tool.

[1]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[2]  Nevil Brownlee,et al.  Expectations for Computer Security Incident Response , 1998, RFC.

[3]  Fred Cohen,et al.  Simulating cyber attacks, defences, and consequences , 1999, Comput. Secur..

[4]  Dominique Alessandri,et al.  Towards a Taxonomy of Intrusion Detection Systems and Attacks , 2001 .

[5]  Maria Papadaki,et al.  Security Vulnerabilities and System Intrusions - The Need for Automatic Response Frameworks , 2001, Conference on Information Security Management & Small Systems Security.

[6]  L. Spitzner,et al.  Honeypots: Tracking Hackers , 2002 .

[7]  Christopher Krügel,et al.  Evaluating the impact of automated intrusion response mechanisms , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[8]  Koji Nakao,et al.  Intrusion trap system: an efficient platform for gathering intrusion-related information , 2003, 10th International Conference on Telecommunications, 2003. ICT 2003..

[9]  Juan E. Tapiador,et al.  Measuring normality in HTTP traffic for anomaly-based intrusion detection , 2004, Comput. Networks.

[10]  Xuxian Jiang,et al.  Collapsar: A VM-Based Architecture for Network Attack Detention Center , 2004, USENIX Security Symposium.

[11]  J. Crowcroft,et al.  Honeycomb: creating intrusion detection signatures using honeypots , 2004, Comput. Commun. Rev..

[12]  Hassan Artail,et al.  A dynamic honeypot design for intrusion detection , 2004, The IEEE/ACS International Conference onPervasive Services, 2004. ICPS 2004. Proceedings..

[13]  Juan Manuel Estévez Tapiador Detección de intrusiones en redes basada en anomalías mediante técnicas de modelado de protocolos , 2004 .

[14]  Juan E. Tapiador,et al.  Detection of Web-based attacks through Markovian protocol parsing , 2005, 10th IEEE Symposium on Computers and Communications (ISCC'05).

[15]  Ali A. Ghorbani,et al.  Research on Intrusion Detection and Response: A Survey , 2005, Int. J. Netw. Secur..

[16]  Jesús E. Díaz-Verdejo,et al.  Aplicación de técnicas de agrupamiento a la detección de intrusiones en red mediante N3 , 2005 .

[17]  S. Caltagirone,et al.  The response continuum , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[18]  Nora Cuppens-Boulahia,et al.  Analysis of Policy Anomalies on Distributed Network Security Setups , 2006, ESORICS.

[19]  María Bermúdez-Edo,et al.  Proposals on Assessment Environments for Anomaly-Based Network Intrusion Detection Systems , 2006, CRITIS.

[20]  George Varghese,et al.  Intrusion Response Systems: A Survey , 2008 .