Network Intrusion Detection Systems in Data Centers

Access to Data Centers must be protected by perimeter defense systems such as firewalls, access lists or intrusion detection systems. Despite the importance of each of them, the NIDS (Network-based Intrusion Detection Systems) are the most sophisticated and accurate measure to deal with external attacks. Therefore, it is essential to know the characteristics of this kind of system, and each of its variants. In this chapter the most relevant aspects of the NIDS are described in detail, in order to improve their integration into networks operating on Data Centers.

[1]  Roy A. Maxion,et al.  Why Did My Detector Do That?! - Predicting Keystroke-Dynamics Error Rates , 2010, RAID.

[2]  Rami Puzis,et al.  Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures , 2008, EuroISI.

[3]  Benoit Claise,et al.  Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information , 2008, RFC.

[4]  Joshua Ojo Nehinbe,et al.  Log Analyzer for Network Forensics and Incident Reporting , 2010, 2010 International Conference on Intelligent Systems, Modelling and Simulation.

[5]  Jürgen Quittek,et al.  Requirements for IP Flow Information Export (IPFIX) , 2004, RFC.

[6]  Saurabh Bagchi,et al.  Determining Placement of Intrusion Detectors for a Distributed Application through Bayesian Network Modeling , 2008, RAID.

[7]  Yajin Zhou,et al.  Dissecting Android Malware: Characterization and Evolution , 2012, 2012 IEEE Symposium on Security and Privacy.

[8]  Julie Greensmith,et al.  Immune system approaches to intrusion detection – a review , 2004, Natural Computing.

[9]  Heejo Lee,et al.  On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[10]  Salvatore J. Stolfo,et al.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response , 2002, J. Comput. Secur..

[11]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[12]  Yongzheng Zhang,et al.  A Survey of Alert Fusion Techniques for Security Incident , 2008, 2008 The Ninth International Conference on Web-Age Information Management.

[13]  Sushil Jajodia,et al.  k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks , 2010, ESORICS.

[14]  Eugene H. Spafford,et al.  Intrusion detection using autonomous agents , 2000, Comput. Networks.

[15]  Vern Paxson,et al.  Enhancing the Accuracy of Network-Based Intrusion Detection with Host-Based Context , 2005, DIMVA.

[16]  Hajime Inoue,et al.  Comparing Anomaly Detection Techniques for HTTP , 2007, RAID.

[17]  Ming Gu,et al.  Efficient Presentation of Multivariate Audit Data for Intrusion Detection of Web-Based Internet Services , 2003, ACNS.

[18]  Huwaida Tagelsir Elshoush,et al.  Alert correlation in collaborative intelligent intrusion detection systems - A survey , 2011, Appl. Soft Comput..

[19]  P. Santhi Thilagam,et al.  SQL Injection Attack Mechanisms and Prevention Techniques , 2011, ADCONS.

[20]  Pieter H. Hartel,et al.  POSEIDON: a 2-tier anomaly-based network intrusion detection system , 2006, Fourth IEEE International Workshop on Information Assurance (IWIA'06).

[21]  Leyla Bilge,et al.  Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat , 2012, RAID.

[22]  Mohammad Zulkernine,et al.  A hybrid network intrusion detection technique using random forests , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[23]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[24]  Po-Ching Lin,et al.  Re-examining the performance bottleneck in a NIDS with detailed profiling , 2013, J. Netw. Comput. Appl..

[25]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[26]  Susan M. Bridges,et al.  FUZZY DATA MINING AND GENETIC ALGORITHMS APPLIED TO INTRUSION DETECTION , 2002 .

[27]  Ying Chen,et al.  Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes , 2007, IEEE Transactions on Dependable and Secure Computing.

[28]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[29]  Radu State,et al.  Monitoring SIP Traffic Using Support Vector Machines , 2008, RAID.

[30]  Christopher Krügel,et al.  Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks , 2009, DIMVA.

[31]  Thorsten Holz,et al.  IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM , 2011, RAID.

[32]  Felix Naumann,et al.  Data fusion , 2009, CSUR.

[33]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Worm Detection and Signature Generation , 2005, RAID.

[34]  Yuan-Cheng Lai,et al.  Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems , 2012, IEEE Communications Surveys & Tutorials.

[35]  Gabriel Maciá-Fernández,et al.  A model-based survey of alert correlation techniques , 2013, Comput. Networks.

[36]  M. Hanumanthappa,et al.  Encrypted Traffic and IPsec Challenges for Intrusion Detection System , 2013 .

[37]  Grant A. Jacoby,et al.  Mobile Host-Based intrusion Detection and Attack Identification , 2007, IEEE Wireless Communications.

[38]  Martin May,et al.  Impact of packet sampling on anomaly detection metrics , 2006, IMC '06.

[39]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[40]  Tadeusz Pietraszek,et al.  Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.

[41]  Frank Piessens,et al.  DEMACRO: Defense against Malicious Cross-Domain Requests , 2012, RAID.

[42]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[43]  Sotiris Ioannidis,et al.  Gnort: High Performance Network Intrusion Detection Using Graphics Processors , 2008, RAID.

[44]  Xin Xu,et al.  Defending DDoS Attacks Using Hidden Markov Models and Cooperative Reinforcement Learning , 2007, PAISI.

[45]  Shu-Ching Chen,et al.  Principal Component-based Anomaly Detection Scheme , 2006, Foundations and Novel Approaches in Data Mining.

[46]  Céline Fiot,et al.  Data Mining for Intrusion Detection: From Outliers to True Intrusions , 2009, PAKDD.

[47]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[48]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[49]  Vladimir A. Golovko,et al.  Neural Network and Artificial Immune Systems for Malware and Network Intrusion Detection , 2010, Advances in Machine Learning II.

[50]  Salvatore J. Stolfo,et al.  Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.

[51]  Yuxin Ding,et al.  Host-based intrusion detection using dynamic and static behavioral models , 2003, Pattern Recognit..