nach oben

Journal of Network and Systems Management

Erschienen in:

01.12.2011

Network Security Alerts Management Architecture for Signature-Based Intrusions Detection Systems within a NAT Environment

verfasst von: Meharouech Sourour, Bouhoula Adel, Abbes Tarek

Erschienen in: Journal of Network and Systems Management | Ausgabe 4/2011

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Internet is providing essential communication between an infinite number of people and is being increasingly used as a tool for commerce. At the same time, security is becoming a tremendously important issue to deal with. Different network security solutions exist and contribute to enhanced security. From these solutions, Intrusion detection systems (IDS) have become one of the most common countermeasures for monitoring safety in computer systems and networks. The purpose of IDSs is distinguishing between intruders and normal users. However, IDSs report a massive number of isolated alerts. These isolated alerts represent low-level security-related events. Many of these isolated alerts are logically involved in a single multi-stage intrusion incident and a security officer often wants to analyze the complete incident instead of each individual simple alert. Another problem is that IDSs cannot work correctly with an environment managed with a NAT technique (Network Address Translation) since the host information (IP address and port number) are affected by the NAT devices. In order to address these limitations, the paper proposes a well-structured model to manage the massive number of isolated alerts and includes the NAT information in the IDS analysis. In fact, our solution permits to determine the real identities of entities implicated in security issues and abstracts the logical relation between alerts in order to support automatic correlation of those alerts involved in the same intrusion and to construct comprehensible attacks scenarios.

Vorheriger Artikel Policy Management for Secure Data Access Control in Vehicular Networks

Nächster Artikel A Study on the Effectiveness of SNMP OID Compression

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Gordon, L.A., Loeb, M.P., Lucyshyn, W., Richardson, R.: Ninth Annual CSI/FBI Computer Crime and Security Survey. Computer Security Institute (2004)

Morin, B., Me, L., Debar, H., Ducasse, M.: M2D2: a formal data model for IDS alert correlation. Recent advances in intrusion detection (RAID2002). In: Lecture Notes in Computer Science, vol. 2516, pp. 115–137. Springer, Berlin (2002)

Cohen, F.B.: Simulating Cyber Attacks, Defences, and Consequences. The Infosec technical baseline studies, March 1999. http://www.all.net/journal/ntb/simulate/simulate.html (1999)

Senie, D.: Network address translator (NAT)-friendly application design guidelines, RFC 3235

Hain, T.: Architectural Implications of NAT, RFC 2993

Shieh, S.-P., Ho, F.-S., Huang, Y.-L., Luo, J.-N.: Network address translators: effects on security protocols and applications in the TCP/IP stack. IEEE INTERNET COMPUTING. (2000)

Cuppens, F., Miège, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P02). (2002)

Kruegel, C., Valeur, F., Vigna, G.: Intrusion detection and correlation. Advances in information security, vol. 14. Springer, Berlin (2005)

Afonso, J., Monteiro, E., Costa, V.: Development of an integrated solution for intrusion detection: a model based on data correlation. 2006 IEEE. (2006)

10.

Huang, T.-C., Shieh, C.-K., Lai, W.-H., Miao, Y.-B.: Smart tunnel union for NAT traversal. In: Proceedings of the 2005 Fourth IEEE International Symposium on Network Computing and Applications (NCA’05). (2005)

11.

Goto, Y., Suzuki, H., Watanabe, A.: Researches on Extended Dynamic Process Resolution Protocol that Can Traverse NAT. 2007 IEEE. (2007)

12.

RFC 3947 at http://www.ietf.org/rfc/rfc3947.txt

13.

RFC 3948 at http://www.ietf.org/rfc/rfc3948.txt

14.

Curry, D., Debar, H.: Intrusion detection message exchange format data model and extensible markup language (XML) document type definition. Draft-itetf-idwg-idmef-xml-03.txt, Feb 2001

15.

Common Vulnerabilities and Exposures, http://www.cve.mitre.org/about/

16.

Valdes, A., Skinner, K.: Probabilistic alert correlation. Recent advances in intrusion detection (RAID2001). In: Lecture Notes in Computer Science, vol. 2212, pp. 54–68. Springer, Berlin (2001)

17.

Lee, S., Chung, B., Kim, H., Lee, Y., Park, C., Yoon, H.: Real-time analysis of intrusion detection alerts via correlation. J. Comput. Secur. (2005)

18.

Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. Recent advances in intrusion detection (RAID2001). In: Lecture Notes in Computer Science, vol. 2212, pp. 85–103. Springer, Berlin (2001)

19.

Browne, H., Arbaugh, W., McHugh, J., Fithen, W.: A trend analysis of exploitations. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 214–29. May (2001)

Titel: Network Security Alerts Management Architecture for Signature-Based Intrusions Detection Systems within a NAT Environment
verfasst von: Meharouech Sourour
Bouhoula Adel
Abbes Tarek
Publikationsdatum: 01.12.2011
Verlag: Springer US
Erschienen in: Journal of Network and Systems Management / Ausgabe 4/2011
Print ISSN: 1064-7570
Elektronische ISSN: 1573-7705
DOI: https://doi.org/10.1007/s10922-010-9195-4

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2011

A Short-Term Forecasting Algorithm for Network Traffic Based on Chaos Theory and SVM

Policy Management for Secure Data Access Control in Vehicular Networks

Evaluation of Routing with Robustness to the Variation in Traffic Demand

A Report on the 3rd IFIP/IEEE International Workshop on Management of the Future Internet (ManFI 2011)

Efficient Management of Loosely Collaborative Service Networks: A Report on DANMS 2011

Systems and Virtualization Management: Standards and the Cloud (A report on SVM 2010)

Premium Partner