SPECIFICATION-BASED INTRUSION DETECTION SYSTEM FOR CARRIER ETHERNET

Pan Jieke, João Redol, Miguel Correia

2007

Abstract

Layered network architectures (OSI, TCP/IP) separate functionality in layers, allowing them to be designed and implemented independently. However, from the security point of view, once a lower layer is compromised, the reliability of the higher layers can be impaired. This paper is about the security of the Data Link Layer, which can affect the reliability of higher layers, like TCP, HTTP and other World-Wide Web protocols. The paper analyzes security-wise a layer 2 protocol – the Spanning Tree Protocol (STP), part of the Ethernet suite – and presents a solution to detect attacks against this protocol using Specification-based Intrusion Detection.

References

  1. Balepin, I., Maltsev, S., Rowe, J., and Levitt, K. N. (2003). Using specification-based intrusion detection for automated response. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection, pages 136-154.
  2. Cisco (2005a). Spanning Tree PortFast BPDU Guard Enhancement. Cisco Systems Inc. Document ID 10586.
  3. Cisco (2005b). Spanning Tree Protocol Root Guard Enhancement. Cisco Systems Inc. Document ID 10588.
  4. IEEE (1998). ANSI/IEEE 802.1D-2004 standard - Part 3: Media Access Control (MAC) Bridges.
  5. Kruegel, C., Valeur, F., and Vigna, G. (2005). Intrusion Detection and Correlation: Challenges and Solutions, volume 14 of Advances in Information Security. Springer-Verlag.
  6. Marro, G. M. (2003). Attacks at the data link layer. Master's thesis, University of California.
  7. Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., and Zhou, S. (2002). Specification-based anomaly detection: a new approach for detecting network intrusions. In Proceedings of the 9th ACM conference on Computer and communications security, pages 265-274.
  8. Uppuluri, P. and Sekar, R. (2001). Experiences with specification-based intrusion detection. Lecture Notes in Computer Science, 2212:172-189.
Download


Paper Citation


in Harvard Style

Jieke P., Redol J. and Correia M. (2007). SPECIFICATION-BASED INTRUSION DETECTION SYSTEM FOR CARRIER ETHERNET . In Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-972-8865-77-1, pages 426-429. DOI: 10.5220/0001283204260429


in Bibtex Style

@conference{webist07,
author={Pan Jieke and João Redol and Miguel Correia},
title={SPECIFICATION-BASED INTRUSION DETECTION SYSTEM FOR CARRIER ETHERNET},
booktitle={Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2007},
pages={426-429},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001283204260429},
isbn={978-972-8865-77-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - SPECIFICATION-BASED INTRUSION DETECTION SYSTEM FOR CARRIER ETHERNET
SN - 978-972-8865-77-1
AU - Jieke P.
AU - Redol J.
AU - Correia M.
PY - 2007
SP - 426
EP - 429
DO - 10.5220/0001283204260429