AN EFFICIENT INTRUSION DETECTION SYSTEM FOR NETWORKS WITH CENTRALIZED ROUTING

Paulo F. Andrade, Fernando Mira da Silva, Carlos Ribeiro

2007

Abstract

As Internet becomes more and more ubiquitous, security is an increasingly important topic. Furthermore, private networks are expanding and security threats from within the network have to be cautioned. For these large networks, which are generally high-speed and with several segments, Intrusion Detection System (IDS) placement usually comes down to a compromise between money invested and monitored services. One common solution in these cases, is to use more than one IDS scattered across the network, thus, raising the amount invested and administrative power to operate. Another solution is to collect data through sensors and send it to one IDS via an Ethernet hub or switch. This option normally tends to overload the hub/switch port where the IDS is connected. This paper presents a new solution, for networks with a star topology, where an IDS is coupled to the network’s core router. This solution allows the IDS to monitor every different network segment attached to the router in a round-robin fashion.

References

  1. Kessler, G. C. (2001). IDS-in-Depth: Top Layer's AppSwitch filters a copy of traffic flows to downstream IDSeS. Information Security Magazine.
  2. Netcraft (2006). November 2006 Web Server Survey. http://news.netcraft.com/archives/2006/11/01/ november 2006 web server survey.html - November, 2006.
  3. Ptacek, T. H. and Newsham, T. N. (1998). Intursion, Evasion and Denial of Service: Eluding Intrusion Detection.
  4. Rich, A. (2005). Introduction to Intrusion Detection With Snort.
  5. http://www.sun.com/bigadmin/features/articles/ intrusion detection.html - Avail. December, 2006.
  6. Singh, K. K. (2005). Intrusion Detection and Analysis. PhD thesis, University of British Columbia.
  7. Sourcefire (2006). Snort. http://www.snort.org/ - Avail. April, 2007.
Download


Paper Citation


in Harvard Style

F. Andrade P., Mira da Silva F. and Ribeiro C. (2007). AN EFFICIENT INTRUSION DETECTION SYSTEM FOR NETWORKS WITH CENTRALIZED ROUTING . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 102-106. DOI: 10.5220/0002127001020106


in Bibtex Style

@conference{secrypt07,
author={Paulo F. Andrade and Fernando Mira da Silva and Carlos Ribeiro},
title={AN EFFICIENT INTRUSION DETECTION SYSTEM FOR NETWORKS WITH CENTRALIZED ROUTING},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={102-106},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002127001020106},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - AN EFFICIENT INTRUSION DETECTION SYSTEM FOR NETWORKS WITH CENTRALIZED ROUTING
SN - 978-989-8111-12-8
AU - F. Andrade P.
AU - Mira da Silva F.
AU - Ribeiro C.
PY - 2007
SP - 102
EP - 106
DO - 10.5220/0002127001020106