Abstract
This paper describes a new method to improve the efficiency and quickness of incidents detection by network protection systems. The principal element of this new method is the ADSH (Hybrid ADS, i.e. an ADS and IDS integrated solution, this is an upgrade of traditional IDS, ADS, NIDS, etc. This method is called GIDRE, and proposes an innovative mechanism for early detection and response to attacks, as well as distribution of information about its characteristics, allowing the optimization of resources and the response to them in their goal of protecting computer systems connected to the network.
To reach this goal, GIDRE has standardised mechanisms for exchanging information between clusters of intrusion and user anomalous behaviour (ADSH) detection systems, which will be distributed through the network using GRID architecture. These ADSH will realise a constant capture of the suspicious attack packets and anomalous packets, which circulate through the network. Thus, ADSH will share anomalies information detected in the network, having been able to discriminate almost immediately, if an attack of global form is taking place or if it is an accidental deviation of the behaviour of some particular user. When the ADSHs detects anomalous traffic it will trigger a Local Alarm (LA) about the protocols used in the attack, and this information analysis will be sent to the Console of the corresponding protocol (the ADSH assigned to that protocol) for further integration with potential LA,s coming from other sites. When the Console of the protocol analyzes the received LAs, it determines if it has taken place a GA (General Alarm) and if necessary, it will generate new configuration rules to apply in the perimeter protection systems of the affected local networks.
The GIDRE topology elements are as follows: there are several ADSHs distributed over different networks, several firewalls, and a Central Console in HD redundant architecture.
There have been some experiments in which we have demonstrated the advantage of having distributed ADSH compared to a single ADSH.
To demonstrate it, we analyze the SPAM behaviour, which is sent directly to the users’ address book, who will have to be contaminated. It detects the nodes contamination processes, using ADSH distributed and a single ADSH.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Sistema de Detección de Intrusiones, http://www.rediris.es/cert/doc/unixsec/node26.html.
Una aproximación basada en Snort para el desarrollo e implantación de IDS híbridos, J. E. Díaz-Verdejo, Member IEEE, P. García-Teodoro, P. Muñoz, G. Maciá-Fernández y F. de Toro. IEEE Latin America Transactions, VOL, 5, No. 6, October 2007.
Implementación de regla genérica para cortafuegos (Firewalls) Proyecto Fin de carrera, Elena Galván, Manel Médina, Facultad de Informática de Barcelona, Universidad Politécnica de Cataluña, Barcelona España, 2006.
The Grid Today. Daily news and information for the global grid community, Sun Microsystems.
Grid computing, High Computing Performance, Dr. Simon See. Sun Microsystems.
Globus Toolkit 4.0, Documentation Overview. http://www.globus.org/toolkit/docs/4.0/doc_overview.html.
Draft. Everything you wanted to know about Globus but were afraid to ask. Describing Globus Toolkit Ver 4.0. Foster.
Heartbeat manual, http://www.linux-ha.org.
GIDRE: Entorno de detección y respuesta a intrusiones basado en GRID, Olimpia Olguín, Manel Médina, IGC 2006.
GIDRE: Environment of Detection and Answer of Intrusions based on GRID. Olimpia Olguín, Manel Médina, IJCSNS Internacional Journal of Computer Science and Network Security, April 2007.
“OCSP Requirements for Grids”. Luna, J., Medina, M. et. al. Open Grid Forum, CA Operations Work Group. Working Document. May, 2005. https://forge.gridforum.org/projects/caops-wg
“Providing security to the Desktop Data Grid”. Luna, J., Medina, M. et. al. Submitted to the CoreGRID PCGrid 2008 Workshop. November, 2007.
“An analysis of security services in grid storage systems”. Luna, J., Medina, M. et. al. In CoreGRID Workshop on Grid Middleware 2007, June 2007.
“Towards a Unified Authentication and Authorization Infrastructure for Grid Services: Implementing an enhanced OCSP Service Provider into GT4”. Luna J., Manso O., Manel M. 2nd EuroPKI 2005 Workshop. Proceedings by Springer in Lecture Notes in Computer Science series. July 2005. http://sec.cs.kent.ac.uk/europki2005/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2009 Vieweg+Teubner | GWV Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Olguín, O., Medina, M. (2009). GIDRE: Grid-based Detection Intrusion and Response Environment. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2008 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9283-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9283-6_18
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0660-4
Online ISBN: 978-3-8348-9283-6
eBook Packages: Computer ScienceComputer Science (R0)