Abstract
Access to Data Centers must be protected by perimeter defense systems such as firewalls, access lists or intrusion detection systems. Despite the importance of each of them, the NIDS (Network-based Intrusion Detection Systems) are the most sophisticated and accurate measure to deal with external attacks. Therefore, it is essential to know the characteristics of this kind of system, and each of its variants. In this chapter the most relevant aspects of the NIDS are described in detail, in order to improve their integration into networks operating on Data Centers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lippmann, R.P., Cunningham, R.K.: Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks. Computer Network 34(4) (October 2000) 597–603
University of California, Irvine: KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (Accessed August 2013)
Yeung, D.Y., Ding, Y.: Host-Based Intrusion Detection using Dynamic and Static Behavioral Models. Pattern Recognition 36(1) (January 2003) 229–243
Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection. Computers & Security 31(3) (May 2012) 357–374
Lee, W., Miller, M., Stolfo, S.J., Fan, W., Zadok, E.: Toward Cost-Sensitive Modeling for Intrusion Detection and Response. Journal of Computer Security 10 (August 2002) 5–22
K. Killourhy, R.M.: Why Did My Detector Do That?! In: Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection. (September 15–17 2010) 256–276
Cheng, T.H., Lin, Y.D., Lai, Y.C., Lin, P.C.: Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems. IEEE Communications Surveys Tutorials 14(4) (October 2012) 1011–1020
Kumar, M., Hanumanthappa, M., Suresh Kumar, T.V.: Encrypted Traffic and IPsec Challenges for Intrusion Detection System. In: Proceedings of the International Conference on Advances in Computing. (August 9–11 2012) 721–727
Sourcefire and CTO Martin Roesch: Snort: Open Source Network Intrusion Detection System. http://www.snort.org (Accessed August 2013)
Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31 (December 1999) 2435–2463
Thonnard, O., Bilge, L., O’Gorman, G., Kiernan, S., Lee, M.: Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat. In: Proceedings of the 15th International Conference on Research in Attacks, Intrusions, and Defenses, Berlin, Heidelberg, Springer-Verlag (September 12–14 2012) 64–85
Wang, L., Jajodia, S., Singhal, A., Noel, S.: K-zero Day Safety: Measuring the Security Risk of Networks Against Unknown Attacks. In: Proceedings of the 15th European Conference on Research in Computer Security, Berlin, Heidelberg, Springer-Verlag (September 2010) 573–587
Salah, S., Maciá-Fernández, G., DĂaz-Verdejo, J.E.: A Model-Based Survey of Alert Correlation Techniques. Computer Networks 57(5) (April 2013) 1289–1317
Elshoush, H.T., Osman, I.M.: Alert Correlation in Collaborative Intelligent Intrusion Detection Systems–A Survey. Applied Soft Computing 11(7) (October 2011) 4349–4365
Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes. IEEE Transactions on Dependable and Secure Computing 4(1) (February 2007) 41–55
Dreger, H., Kreibich, C., Paxson, V., Sommer, R.: Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context. In: Proceedings of the Second International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Berlin, Heidelberg, Springer-Verlag (July 7–8 2005) 206–221
Nehinbe, J.: Log Analyzer for Network Forensics and Incident Reporting. In: Proceedings of the International Conference on Intelligent Systems, Modelling and Simulation. (January 27–29 2010) 356–361
Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. Computer Networks 34(4) (October 2000) 547–570
Porras, P., Schnackenberg, D., Staniford-Chen, S., Stillman, M., Wu, F.: The common Intrusion Detection Framework Architecture. CIDF Working Group. http://gost.isi.edu/cidf/drafts/architecture.txt (Accessed August 2013)
Standard, I.: Information technology - Security Techniques - Selection, Deployment and Operations of Intrusion Detection Systems. Technical Report ISO/IEC 18043:2006, ISO/IEC (June 2006)
Feiertag, R., Kahn, C., Porras, P., Schnackenberg, D., Staniford-Chen, S.: A Common Intrusion Specication Language (CISL). http://gost.isi.edu/cidf/drafts/language.txt (Accessed August 2013)
H. Debar, D. Curry, B.F.: The Intrusion Detection Message Exchange Format (IDMEF). Requests for Comments RFC 4765, Internet Engineering Task Force (March 2007)
Jacoby, G.A., Davis, N.J.: Mobile Host-Based intrusion Detection and Attack Identification. IEEE Wireless Communications 14(4) (August 2007) 53–60
Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting Malware Infection Through IDS-driven Dialog Correlation. In: Proceedings of the 16th USENIX Security Symposium, Berkeley, CA, USA, USENIX Association (August 6–10 2007) 167–182
Wang, K., Stolfo, S.J.: Anomalous Payload-based Network Intrusion Detection. In: Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection. (September 15–17 2004) 203–222
Wang, K., Cretu, G., Stolfo, S.J.: Anomalous Payload-based Worm Detection and Signature Generation. In: Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg (September 20–22 2006) 227–246
Ingham, K.L., Inoue, H.: Comparing Anomaly Detection Techniques for HTTP. In: Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 5–7 2007) 42–62
Chandrashekhar, R., Mardithaya, M., Thilagam, S., Saha, D.: SQL Injection Attack Mechanisms and Prevention Techniques. In: Proceedings of the International Conference on Advanced Computing, Networking and Security, Berlin, Heidelberg, Springer-Verlag (2012) 524–533
Lekies, S., Nikiforakis, N., Tighzert, W., Piessens, F., Johns, M.: DEMACRO: Defense against Malicious Cross-Domain Requests. In: Proceedings of the 15th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 12–14 2012) 254–273
Zhou, Y., Jiang, X.: Dissecting Android Malware: Characterization and Evolution. In: Proceedings of the IEEE Symposium on Security and Privacy. (May 20–23 2012) 95–109
Park, K., Lee, H.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack. In: Proceedings of the Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies. Volume 1. (April 22–26 2001) 338–347
Bolzoni, D., Etalle, S., Hartel, P.: POSEIDON: A 2-Tier Anomaly-Based Network Intrusion Detection System. In: Proceedings of the Fourth IEEE International Workshop on Information Assurance. (April 13–14 2006) 144–156
Lin, P.C., Lee, J.H.: Re-Examining the Performance Bottleneck in a NIDS with Detailed Profiling. Journal of Network and Computer Applications 36(2) (March 2013) 768–780
Puzis, R., Klippel, M.D., Elovici, Y., Dolev, S.: Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures. In: Proceedings of the 1st European Conference on Intelligence and Security Informatics, Berlin, Heidelberg, Springer-Verlag (2008) 191–203
Quittek, J., Zseby, T., Claise, B., Zander, S.: Requirements for IP Flow Information Export (IPFIX). Requests for Comments RFC 3917, Internet Engineering Task Force (October 2004)
Claise, B.: Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. Requests for Comments RFC 5101, Internet Engineering Task Force (July 2008)
Claise, B.: Cisco Systems NetFlow Services Export Version 9. Requests for Comments RFC 3954, Internet Engineering Task Force (October 2004)
Brauckhoff, D., Tellenbach, B., Wagner, A., May, M., Lakhina, A.: Impact of Packet Sampling on Anomaly Detection Metrics. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, New York, NY, USA (October 25–7 2006) 159–164
Vasiliadis, G., Antonatos, S., Polychronakis, M., P, E., Ioannidis, S.: Gnort: High Performance Network Intrusion Detection using Graphics Processors. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection. (September 15–17 2008) 116–134
Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending Browsers Against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks. In: Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Berlin, Heidelberg, Springer-Verlag (July 9–10 2009) 88–106
Heiderich, M., Frosch, T., Holz, T.: IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM. In: Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 20–21 2011) 281–300
Pietraszek, T., Berghe, C.V.: Defending Against Injection Attacks Through Context-sensitive String Evaluation. In: Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 7–9 2005) 124–145
Chandola, V., Banerjee, A., Kumar, V.: Anomaly Detection: A Survey. ACM Computing Surveys 41(3) (July 2009) 1–58
Shyu, M.L., Chen, S.C., Sarinnapakorn, K., Chang, L. In: Principal Component-based Anomaly Detection Scheme. Volume 9. Springer Berlin Heidelberg (2006) 311–329
Guo, Z., Chung, S.L., Gu, M., Sun, J.G.: Efficient Presentation of Multivariate Audit Data for Intrusion Detection of Web-Based Internet Services. In: Proceedings of the 1st International Conference on Applied Cryptography and Network Security. (October 16–19 2003) 63–75
Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A Content Anomaly Detector Resistant to Mimicry Attack. In: Proceedings of the 9th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 20–22 2006) 226–248
Howard, G.M., Bagchi, S., Lebanon, G.: Determining Placement of Intrusion Detectors for a Distributed Application through Bayesian Network Modeling. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 15–17 2008) 271–290
Xu, X., Sun, Y., Huang, Z.: Defending DDoS Attacks Using Hidden Markov Models and Cooperative Reinforcement Learning. In: Proceedings of the 2007 Pacific Asia Conference on Intelligence and Security Informatics, Berlin, Heidelberg, Springer-Verlag (April 11–12 2007) 196–207
Ramadas, M., Ostermann, S., Tjaden, B.: Detecting Anomalous Network Traffic with Self-organizing Maps. In: Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 8–10 2003) 36–54
Golovko, V., Bezobrazov, S., Kachurka, P., Vaitsekhovich, L.: Neural Network and Artificial Immune Systems for Malware and Network Intrusion Detection. In Koronacki, J., Raś, Z., Wierzchoń, S., Kacprzyk, J., eds.: Advances in Machine Learning II. Volume 263 of Studies in Computational Intelligence. Springer Berlin Heidelberg (2010) 485–513
Bridges, S.M., Vaughn, R.B.: Fuzzy Data Mining And Genetic Algorithms Applied To Intrusion Detection. In: Proceedings of the 23rd National Information Systems Security Conference. (October 16–19 2000) 13–31
Bridges, S.M., Vaughn, R.B., Professor, A., Professor, A.: Data Mining for Intrusion Detection: From Outliers to True Intrusions. In: Proceedings of the 13th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining. (April 27–30 2009) 891–898
Nassar, M., State, R., Festor, O.: Monitoring SIP Traffic Using Support Vector Machines. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 15–17 2008) 311–330
Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune System Approaches to Intrusion Detection – a Review. Natural Computing 6(4) (December 2007) 413–466
Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of the 20th National Information Systems Security Conference. (October 1997) 353–365
Zhang, J., Zulkernine, M.: A Hybrid Network Intrusion Detection Technique using Random Forests. In: Proceedings of the First International Conference on Availability, Reliability and Security. (April 2006) 262–269
Zang, T., Yun, X., Zhang, Y.: A Survey of Alert Fusion Techniques for Security Incident. In: Proceedings of the Ninth International Conference on Web-Age Information Management. (July 20–22 2008) 475–481
Acknowledgment
Part of the computations of this work were performed in EOLO, the HPC of Climate Change of the International Campus of Excellence of Moncloa, funded by MECD and MICINN.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer Science+Business Media New York
About this chapter
Cite this chapter
Maestre Vidal, J., Sandoval Orozco, A., GarcĂa Villalba, L. (2015). Network Intrusion Detection Systems in Data Centers. In: Khan, S., Zomaya, A. (eds) Handbook on Data Centers. Springer, New York, NY. https://doi.org/10.1007/978-1-4939-2092-1_41
Download citation
DOI: https://doi.org/10.1007/978-1-4939-2092-1_41
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4939-2091-4
Online ISBN: 978-1-4939-2092-1
eBook Packages: Computer ScienceComputer Science (R0)