Distributed Intrusion Detection and Attack Containment for Organizational Cyber Security

The sheer number and sophistication of cyber attacks are making our nation’s critical computer networks increasingly vulnerable. At the same time, these networks are being called upon to play a key role in processing, data storage, monitoring and control of critical infrastructures such as energy, transportation, and finance. Disruption of these networks can have highly damaging affects on our Nation. Current cyber security systems are not capable of protecting from all attacks nor providing near real-time response. Host-based intrusion detection systems are not sufficient to protect these networks due to the sheer volume, distributed nature of data, and real-time response requirements. Further they only detect known attacks. We developed an integrated cyber security framework for identifying and containing attacks within an organizational network domain. This framework is distributed, autonomous, and capable of detecting new attacks. It integrates existing cyber security systems and provides a single picture of the entire network, which allows real-time situational awareness of large scale network systems. It consists of individual components for host-level anomaly detection, attack source localization, and attack containment.

[1]  M. Iri,et al.  An algorithm for diagnosis of system failures in the chemical process , 1979 .

[2]  N. Viswanadham,et al.  Fault diagnosis in dynamical systems: a graph theoretic approach , 1987 .

[3]  Nageswara S. V. Rao Expected-Value Analysis of Two Single Fault Diagnosis Algorithms , 1993, IEEE Trans. Computers.

[4]  Nageswara S. V. Rao,et al.  Computational Complexity Issues in Operative Diagnosis of Graph-Based Systems , 1993, IEEE Trans. Computers.

[5]  Carmen Mas Machuca,et al.  An efficient algorithm for locating soft and hard failures in WDM networks , 2000, IEEE Journal on Selected Areas in Communications.

[6]  N. Rao,et al.  Nearest neighbor projective fuser for function estimation , 2002, Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997).

[7]  Robert K. Cunningham,et al.  A taxonomy of computer worms , 2003, WORM '03.

[8]  Mallikarjun Shankar,et al.  Fusing intrusion data for detection and containment , 2003, IEEE Military Communications Conference, 2003. MILCOM 2003..