Skip to main content
SpringerLink
Log in

CIPS: Coordinated Intrusion Prevention System

  • Conference paper
Information Networking. Convergence in Broadband and Mobile Networking (ICOIN 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3391))

Included in the following conference series:

Abstract

In this paper, we present the design and implementation of Coordinated Intrusion Prevention System (CIPS), which includes Parallel Firewall (PFW), Flow Detection (FD) and Multiple Intrusion Detection System (MIDS) to against large-scale or coordinated intrusions. The PFW consists of several firewalls working in parallel mainly by means of packet filtering, state inspection, and SYN proxy. The FD and MIDS detect and analyze the flow at the same time. The former one uses artificial neural network to analyze network traffic and detect flow anomaly. The latter one adopts traditional techniques such as protocol flow analysis and content-based virus detection to detect and prevent conventional intrusions and virus. Taking load balancing into account, CIPS also has Flow Scheduler (FS) for dispatching packets to each parallel component evenly. In addition, there is a Console & Manager (CM) aiming to reduce redundant alerts and to provide a feedback mechanism by alert clustering and to recognize the potential correlation rules among coordinated intrusion through mining large amounts of alerts.

This paper is supported by Wuhan Hi-Tech project under grant 20031003027 and Key Nature Science Foundation of Hubei Province under grant 2001ABA001

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mirkovic, J., Martin, J., Reiher, P.: A taxonomy of DDoS attacks and DDoS defense mechanisms. Technical Report, University of California, Los Angeles (2001)

    Google Scholar 

  2. Wu, Y.S., Foo, B.R., Mei, Y.G., Bagchi, S.: Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and efficient IDS. In: Proceedings of the 19th Annual Computer Security Applications Conference, December 8-12 (2003)

    Google Scholar 

  3. Yang, J., Ning, P., Wang, X.S., Jajodia, S.: CARDS: A distributed system for detecting coordinated attacks. In: Proceedings of IFIP TC11 Sixteenth Annual Working Conference on Information Security (2000)

    Google Scholar 

  4. Chen, S.S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: Grids-a graph based intrusion detection system for large networks. Technical report (1996)

    Google Scholar 

  5. Undercoffer, J., Perich, F., Nicholas, C.: SHOMAR: an open architecture for distributed intrusion detection services. Technical Report, CSEE UMBC (September 2002)

    Google Scholar 

  6. Porras, P.A., Neumann, P.G.: EMERALD: event monitoring enabling responses to anomalous live disturbances. In: Proceedings of the Nineteenth National Computer Security Conference, Baltimore, Maryland, October 22-25 (1997)

    Google Scholar 

  7. Neumann, P.G., Porras, P.A.: Experience with emerald to date. In: Proceedings of First USENIXWorkshop on Intrusion Detection and Network Monitoring (April 1999)

    Google Scholar 

  8. Roesch, M.: Snort - lightweight intrusion detection for networks. In: Proceedings of the 1999 USENIX LISA Conference (November 1999)

    Google Scholar 

  9. Debar, H., Becke, M., Siboni, D.: A Neural Network Component for an Intrusion Detection System. In: Proceeding of the IEEE Symp. on Research in Security and Privacy (1992)

    Google Scholar 

  10. Debar, H., Dorizzi, B.: An Application of a Recurrent Network to an Intrusion Detection System. In: Proceeding of the Int’l Joint Conference on Neural Networks (1992)

    Google Scholar 

  11. Zhang, W.: Linux Virtual Server for Scalable Network Services. Ottawa Linux Symposium (2000)

    Google Scholar 

  12. Alstrup, S., Holm, J., Lichtenberg, K., Thorup, M.: Direct routing on trees. In: Proceedings of the Ninth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA 1998), pp. 342–349 (1998)

    Google Scholar 

  13. Lever, C., Alliance, S.-N.: Linux kernel hash table behavior: analysis and improvements. In: Proceedings of 4th Annual Linux Showcase (2000)

    Google Scholar 

  14. Ning, P., Xu, D.B.: Learning attack strategies from intrusion alerts. In: Proceeding of the 10th ACM CCS 2003 (October 2003)

    Google Scholar 

  15. Mannila, H., Toivonen, H., Verkamo, A.: Discovery of frequent episodes in event sequences. Data Mining and Knowledge Discovery 1(3), 259–289 (1997)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Cluster and Grid Computing lab, Huazhong University of Science and Technology, Wuhan, 430074, China

    Hai Jin, Zhiling Yang, Jianhua Sun, Xuping Tu & Zongfen Han

Authors
  1. Hai Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhiling Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jianhua Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xuping Tu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zongfen Han
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Pohang University of Science and Technology (POSTECH), San 31 HyoJa-Dong, Nam-Gu, 790-784, Pohang, Korea

    Cheeha Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jin, H., Yang, Z., Sun, J., Tu, X., Han, Z. (2005). CIPS: Coordinated Intrusion Prevention System . In: Kim, C. (eds) Information Networking. Convergence in Broadband and Mobile Networking. ICOIN 2005. Lecture Notes in Computer Science, vol 3391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30582-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30582-8_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24467-7

  • Online ISBN: 978-3-540-30582-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation