Abstract
In this paper, we present the design and implementation of Coordinated Intrusion Prevention System (CIPS), which includes Parallel Firewall (PFW), Flow Detection (FD) and Multiple Intrusion Detection System (MIDS) to against large-scale or coordinated intrusions. The PFW consists of several firewalls working in parallel mainly by means of packet filtering, state inspection, and SYN proxy. The FD and MIDS detect and analyze the flow at the same time. The former one uses artificial neural network to analyze network traffic and detect flow anomaly. The latter one adopts traditional techniques such as protocol flow analysis and content-based virus detection to detect and prevent conventional intrusions and virus. Taking load balancing into account, CIPS also has Flow Scheduler (FS) for dispatching packets to each parallel component evenly. In addition, there is a Console & Manager (CM) aiming to reduce redundant alerts and to provide a feedback mechanism by alert clustering and to recognize the potential correlation rules among coordinated intrusion through mining large amounts of alerts.
This paper is supported by Wuhan Hi-Tech project under grant 20031003027 and Key Nature Science Foundation of Hubei Province under grant 2001ABA001
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mirkovic, J., Martin, J., Reiher, P.: A taxonomy of DDoS attacks and DDoS defense mechanisms. Technical Report, University of California, Los Angeles (2001)
Wu, Y.S., Foo, B.R., Mei, Y.G., Bagchi, S.: Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and efficient IDS. In: Proceedings of the 19th Annual Computer Security Applications Conference, December 8-12 (2003)
Yang, J., Ning, P., Wang, X.S., Jajodia, S.: CARDS: A distributed system for detecting coordinated attacks. In: Proceedings of IFIP TC11 Sixteenth Annual Working Conference on Information Security (2000)
Chen, S.S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: Grids-a graph based intrusion detection system for large networks. Technical report (1996)
Undercoffer, J., Perich, F., Nicholas, C.: SHOMAR: an open architecture for distributed intrusion detection services. Technical Report, CSEE UMBC (September 2002)
Porras, P.A., Neumann, P.G.: EMERALD: event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the Nineteenth National Computer Security Conference, Baltimore, Maryland, October 22-25 (1997)
Neumann, P.G., Porras, P.A.: Experience with emerald to date. In: Proceedings of First USENIXWorkshop on Intrusion Detection and Network Monitoring (April 1999)
Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 1999 USENIX LISA Conference (November 1999)
Debar, H., Becke, M., Siboni, D.: A Neural Network Component for an Intrusion Detection System. In: Proceeding of the IEEE Symp. on Research in Security and Privacy (1992)
Debar, H., Dorizzi, B.: An Application of a Recurrent Network to an Intrusion Detection System. In: Proceeding of the Int’l Joint Conference on Neural Networks (1992)
Zhang, W.: Linux Virtual Server for Scalable Network Services. Ottawa Linux Symposium (2000)
Alstrup, S., Holm, J., Lichtenberg, K., Thorup, M.: Direct routing on trees. In: Proceedings of the Ninth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA 1998), pp. 342–349 (1998)
Lever, C., Alliance, S.-N.: Linux kernel hash table behavior: analysis and improvements. In: Proceedings of 4th Annual Linux Showcase (2000)
Ning, P., Xu, D.B.: Learning attack strategies from intrusion alerts. In: Proceeding of the 10th ACM CCS 2003 (October 2003)
Mannila, H., Toivonen, H., Verkamo, A.: Discovery of frequent episodes in event sequences. Data Mining and Knowledge Discovery 1(3), 259–289 (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jin, H., Yang, Z., Sun, J., Tu, X., Han, Z. (2005). CIPS: Coordinated Intrusion Prevention System . In: Kim, C. (eds) Information Networking. Convergence in Broadband and Mobile Networking. ICOIN 2005. Lecture Notes in Computer Science, vol 3391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30582-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-540-30582-8_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24467-7
Online ISBN: 978-3-540-30582-8
eBook Packages: Computer ScienceComputer Science (R0)