Skip to main content
SpringerLink
Log in

Implementing IDS Management on Lock-Keeper

  • Conference paper
Information Security Practice and Experience (ISPEC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5451))

Abstract

Intrusion Detection System (IDS) management is an important component for most distributed IDS solutions. One of the main requirements is extensibility, which enables the integration of different types of IDS sensors as well as the deployment in different kinds of environments. Lock-Keeper is a simple implementation of the high level security idea, “Physical Separation”. It works as a sluice to exchange data between two networks without having to establish a direct and physical connection. To enhance the security of the Lock-Keeper system itself, it is necessary to deploy IDS sensors on Lock-Keeper components. This paper proposes an extensible IDS management architecture, which can be easily integrated on the special hardware platform of Lock-Keeper. Unified interface and communication between different integrated IDS sensors are designed using the known IDS standard, IDMEF, and realized as several kinds of plugins, such as handlers, receivers, and senders. A prototype of implementation is presented and some practical experiments are carried out to show the extensibility and applicability of the proposed architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Snort IDS Website (1998-2009), http://www.snort.org/

  2. Samhain IDS Website (2001-2009), http://www.la-samhna.de/samhain/

  3. Bro IDS Website (2003-2009), http://www.bro-ids.org/

  4. F-Secure Linux Security Website F-Secure Corporation (2006-2009), http://www.f-secure.com/linux-weblog/

  5. Prelude IDS Website: PreludeIDS Technologies (2005-2009), http://www.prelude-ids.com/

  6. Hallaraker, O., Vigna, G.: Detecting malicious javascript code in mozilla. In: Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems, ICECCS 2005, Washington, DC, USA, pp. 85–94 (2005)

    Google Scholar 

  7. Mahoney, M.V., Chan, P.K.: An analysis of the 1999 dARPA/Lincoln laboratory evaluation data for network anomaly detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220–237. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. Ramadas, M., Ostermann, S., Tjaden, B.C.: Detecting anomalous network traffic with self-organizing maps. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 36–54. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Northcutt, S., Novak, J.: Network Intrusion Detection: An Analyst’s Handbook. New Riders Publishing, Thousand Oaks (2002)

    Google Scholar 

  10. Brumley, D., Newsome, J., Song, D., et al.: Towards automatic generation of vulnerability-based signatures. In: Proceedings of the, IEEE Symposium on Security and Privacy, SP 2006, Washington, DC, USA, pp. 2–16 (2006)

    Google Scholar 

  11. Leung, K., Leckie, C.: Unsupervised anomaly detection in network intrusion detection using clusters. In: Proceedings of the 28th Australasian conference on Computer Science, ACSC 2005, Darlinghurst, Australia, pp. 333–342 (2005)

    Google Scholar 

  12. Debar, H., Curry, D., Feinstein, B.: The Intrusion Detection Message Exchange Format, Internet Draft. Technical Report, IETF Intrusion Detection Exchange Format Working Group (July 2004)

    Google Scholar 

  13. Cheng, F., Meinel, C.: Research on the Lock-Keeper Technology: Architectures, Applications and Advancements. International Journal of Computer and Information Science 5(3), 236–245 (2004)

    Google Scholar 

  14. Lock-Keeper Website (2003-2009), http://www.lock-keeper.org/

  15. Cheng, F., Meinel, C.: Lock-Keeper: A new implementation of physical separation technology. In: Paulus, S., Pohlmann, N., Reimer, H. (eds.) Securing Electronic Business Processes: Highligths of the Information Security Solutions Europe Conference, ISSE 2006, pp. 275–286. Friedrich Vieweg & Sohn Verlag (2006)

    Google Scholar 

  16. Claudino, E.C., Abdelouahab, Z., Teixeira, M.M.: Management and integration of information in intrusion detection system: Data integration system for IDS based multi-agent systems. In: Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology, WI-IATW 2006, Washington, DC, USA, pp. 49–52 (2006)

    Google Scholar 

  17. Derrick, E.J., Tibbs, R.W., Reynolds, L.L.: Investigating new approaches to data collection, management and analysis for network intrusion detection. In: Proceedings of the 45th Annual Southeast Regional Conference, SE 2007, New York, USA, pp. 283–287 (2007)

    Google Scholar 

  18. Zhou, C.V., Karunasekera, S., Leckie, C.: Evaluation of a decentralized architecture for large scale collaborative intrusion detection. In: Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management, IM 2007, Munich, Germany, pp. 80–89 (2007)

    Google Scholar 

  19. Yu, J., Reddy, Y.V.R., Selliah, S., et al.: TRINETR: An intrusion detection alert management system. In: Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE 2004, Washington, DC, USA, pp. 235–240 (2004)

    Google Scholar 

  20. Intelligent Application Gateway (IAG) Website: Microsoft Corporation (2006-2009), http://www.microsoft.com/iag/

  21. Kang, M.H., Moskowitz, I.S.: A pump for rapid, reliable, secure communication. In: Proceedings of the 1st ACM Conference on Computer and Communications Security, CCS 1993, New York, USA, pp. 119–129 (1993)

    Google Scholar 

  22. Menoher, J.: Owl computing product overview: Secure one-way data transfer systems. White Paper, Owl Computing Technologies, Inc. (2008)

    Google Scholar 

  23. Nmap Security Scanner Website (1997-2008), http://www.nmap.org/

  24. Moore, D., Shannon, C., Brown, D.J., et al.: Inferring internet denial-of-service activity. ACM Transactions on Computer Systems (TOCS) 24(2), 115–139 (2006)

    Article  Google Scholar 

  25. The Anti-Virus or Anti-Malware Test File: European Institute for Computer Antivirus Research (EICAR) (2008), http://www.eicar.org/

Download references

Author information

Authors and Affiliations

  1. Hasso Plattner Institute (HPI), University of Potsdam, P.O.Box 900460, 14440, Potsdam, Germany

    Feng Cheng, Sebastian Roschke & Christoph Meinel

Authors
  1. Feng Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sebastian Roschke
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christoph Meinel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Infocomm Research (I<Superscript>2</Superscript>R) 1, Fusionopolis Way #19-01 Connexis, 138632, South Tower, Singapore

    Feng Bao

  2. School of Telecommunications Engineering, Xidian University, No.2 South Taibai Road, 710071, Xi’an, Shaanxi, P. R. China

    Hui Li

  3. School of Computer Science, University of Birmingham Homepage: http://www.cs.bham.ac.uk/~gzw/, B15 2TT, Birmingham, UK

    Guilin Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cheng, F., Roschke, S., Meinel, C. (2009). Implementing IDS Management on Lock-Keeper. In: Bao, F., Li, H., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2009. Lecture Notes in Computer Science, vol 5451. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00843-6_31

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00843-6_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00842-9

  • Online ISBN: 978-3-642-00843-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation