Network-based Intrusion Prevention System Prototype with Multi-Detection - A Position Paper

Daniel Kavan, Klára Škodová, Martin Klíma

2014

Abstract

The ongoing need to protect key nodes of network infrastructure has been a pressing issue since the outburst of modern Internet threats. This paper presents ideas on building a novel network-based intrusion prevention system combining the advantages of different types of latest intrusion detection systems. Special attention is also given to means of traffic data acquisition as well as security policy decision and enforcement possibilities. With regard to recent trends in PaaS and SaaS, common deployment specific for private and public cloud platforms is considered.

References

  1. ArcSight, Inc., 2009. Common Event Format. [Online] Available at: http://mita-tac.wikispaces.com/file/ view/CEF+White+Paper+071709.pdf [Accessed December 2013].
  2. B. Claise, E., 2004. Cisco Systems NetFlow Services Export Version 9. [Online] Available at: http://tools.ietf.org/html/rfc3954
  3. Debar, H., Curry, D. & Feinstein, B., 2007. The Intrusion Detection Message Exchange Format. [Online] Available at: http://tools.ietf.org/html/rfc4765
  4. Fielding, R. T., 2000. Representational State Transfer. In: Architectural Styles and the Design of Network-based Software Architectures. Irvine: University of California, pp. 76-97.
  5. García-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G. & Vázquez, E., 2009. Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security, 28(1-2), pp. 18-28.
  6. Gómez, J. et al., 2009. Design of a snort-based hybrid intrusion detection system. In: Distributed Computing, Artificial Intelligence, Bioinformatics, Soft Computing, and Ambient Assisted Living. Berlin: Springer, pp. 515-522.
  7. International Organization for Standardization, 1996. ISO/IEC standard 7498-1:1994. [Online].
  8. Kazienko, P. & Dorosz, P., 2003. Intrusion Detection Systems (IDS) Part I. [Online] Available at: http://www.systemcomputing.org/ssm10/intrusion_det ection_systems_architecture.htm [Accessed February 2014].
  9. Leblond, E., 2013. Using NFQUEUE and libnetfilter_queue. [Online] Available at: https://home.regit.org/netfilter-en/using-nfqueue-andlibnetfilter_queue/ [Accessed November 2013].
  10. Lim, S. Y. & Jones, A., 2008. Network anomaly detection system: The state of art of network behaviour analysis.. s.l., s.n., pp. 459-465.
  11. Network Instruments, 2013. TAP vs SPAN. [Online] Available at: http://www.networkinstruments.com/includes/popups/ taps/tap-vs-span.php [Accessed February 2014].
  12. Rehák, M. et al., 2008. CAMNEP: An intrusion detection system for high-speed networks. In Progress in Informatics, number 5, pp. 65-74.
  13. Roesch, M., 1999. Snort: Lightweight Intrusion Detection for Networks. Seattle, WA, s.n., pp. 229-238.
  14. Scarfone, K. & Mell, P., 2007. Guide to intrusion detection and prevention systems (idps). NIST special publication, Volume 800, p. 94.
  15. Snort Team, 2013. SNORT Users Manual 2.9.6. [Online] Available at: http://s3.amazonaws.com/snortorg/www/assets/166/snort_manual.pdf
  16. Šišlák, D. et al., 2005. A-globe: Agent development platform with inaccessibility and mobility support. Software Agent-Based Applications, Platforms and Development Kits, pp. 21-46.
  17. Talawat, T., 2008. Five major types of IDS. [Online] Available at: http://advanced-networksecurity.blogspot.com/2008/04/three-major-types-ofids.html [Accessed November 2013].
Download


Paper Citation


in Harvard Style

Kavan D., Škodová K. and Klíma M. (2014). Network-based Intrusion Prevention System Prototype with Multi-Detection - A Position Paper . In Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014) ISBN 978-989-758-045-1, pages 417-425. DOI: 10.5220/0005102204170425


in Bibtex Style

@conference{secrypt14,
author={Daniel Kavan and Klára Škodová and Martin Klíma},
title={Network-based Intrusion Prevention System Prototype with Multi-Detection - A Position Paper},
booktitle={Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)},
year={2014},
pages={417-425},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005102204170425},
isbn={978-989-758-045-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 11th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2014)
TI - Network-based Intrusion Prevention System Prototype with Multi-Detection - A Position Paper
SN - 978-989-758-045-1
AU - Kavan D.
AU - Škodová K.
AU - Klíma M.
PY - 2014
SP - 417
EP - 425
DO - 10.5220/0005102204170425