Abstract
Traditional perimeter-based security systems provide a level of defense against external attacks. However, with the increasing prevalence of advanced network attacks and the continual emergence of novel attack methodologies, these conventional security mechanisms are witnessing diminishing effectiveness. Attackers frequently shift their focus to the core assets within an organization’s internal network, such as database servers, file servers, and email servers. By breaching the external perimeter, they execute lateral movement within the internal network, searching for high-value assets to achieve the goal of data theft. The potential consequences stemming from an assault on core assets can be monumental, underscoring the paramount importance of safeguarding them. Nevertheless, existing measures for the protection of critical core assets exhibit several deficiencies. In response, we propose a security protection strategy for critical servers based on the analysis of traffic logs. We establish an integrated micro-boundary on the critical servers, comprising four constituent modules. A micro-boundary intrusion detection system (IDS) module, a micro-boundary traffic collection module, a micro-boundary dynamic access control module, and an agent module. This security protection strategy encompasses three core security functionalities. Network intrusion detection, network access relationship analysis, and dynamic management of access control policy. It facilitates timely and effective detection of internal threats, significantly bolstering the security of critical servers. We have implemented this security protection strategy in two real-world scenarios, assessed the feasibility of its implementation, and uncovered potential security vulnerabilities and network threats.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40
Fairfield-Sonn, J.: WannaCry, EternalBlue, SMB Ports, and the Future (2017)
Kumar, V., Sangwan, O.P.: Signature based intrusion detection system using SNORT. Int. J. Comput. Appl. Inf. Technol. 1(3), 35–41 (2012)
Masdari, M., Khezri, H.: A survey and taxonomy of the fuzzy signature-based intrusion detection systems. Appl. Soft Comput. 92, 106301 (2020)
Li, W., Tug, S., Meng, W., Wang, Y.: Designing collaborative blockchained signature-based intrusion detection in IoT environments. Futur. Gener. Comput. Syst. 96, 481–489 (2019)
Le Jeune, L., Goedeme, T., Mentens, N.: Machine learning for misuse-based network intrusion detection: overview, unified evaluation and feature choice comparison framework. IEEE Access 9, 63995–64015 (2021)
Nitin, T., Singh, S.R., Singh, P.G.: Intrusion detection and prevention system (IDPS) technology-network behavior analysis system (NBAS). ISCA J. Engineering Sci. 1(1), 51–56 (2012)
Moon, D., Im, H., Kim, I., Park, J.H.: DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J. Supercomput. 73, 2881–2895 (2017)
Abusafat, F., Pereira, T., Santos, H.: Proposing a behavior-based IDS model for IoT environment. In: Wrycza, S., Maślankowski, J. (eds.) SIGSAND/PLAIS 2018. LNBIP, vol. 333, pp. 114–134. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00060-8_9
Soltani, M., Ousat, B., Siavoshani, M.J., Jahangir, A.H.: An adaptable deep learning-based intrusion detection system to zero-day attacks. J. Inf. Secur. Appl. 76, 103516 (2023)
Saba, T., Rehman, A., Sadad, T., Kolivand, H., Bahaj, S.A.: Anomaly-based intrusion detection system for IoT networks through deep learning model. Comput. Electr. Eng. 99, 107810 (2022)
Martins, I., Resende, J.S., Sousa, P.R., Silva, S., Antunes, L., Gama, J.: Host-based IDS: a review and open issues of an anomaly detection system in IoT. Futur. Gener. Comput. Syst. 133, 95–113 (2022)
Deshpande, P., Sharma, S.C., Peddoju, S.K., Junaid, S.: HIDS: a host based intrusion detection system for cloud computing environment. Int. J. Syst. Assur. Eng. Manag. 9, 567–576 (2018)
Liu, M., Xue, Z., Xu, X., Zhong, C., Chen, J.: Host-based intrusion detection system with system calls: review and future trends. ACM Comput. Surv. (CSUR) 51(5), 1–36 (2018)
Besharati, E., Naderan, M., Namjoo, E.: LR-HIDS: logistic regression host-based intrusion detection system for cloud environments. J. Ambient. Intell. Humaniz. Comput. 10, 3669–3692 (2019)
Zheng, K., Cai, Z., Zhang, X., Wang, Z., Yang, B.: Algorithms to speedup pattern matching for network intrusion detection systems. Comput. Commun. 62, 47–58 (2015)
Yu, Y., Long, J., Cai, Z.: Session-based network intrusion detection using a deep learning architecture. In: Torra, V., Narukawa, Y., Honda, A., Inoue, S. (eds.) MDAI 2017. LNCS (LNAI), vol. 10571, pp. 144–155. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67422-3_13
Min, E., Long, J., Liu, Q., Cui, J., Cai, Z., Ma, J.: SU-IDS: a semi-supervised and unsupervised framework for network intrusion detection. In: Sun, X., Pan, Z., Bertino, E. (eds.) ICCCS 2018. LNCS, vol. 11065, pp. 322–334. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00012-7_30
Yu, Y., Long, J., Cai, Z.: Network intrusion detection through stacking dilated convolutional autoencoders. Secur. Commun. Netw. 2017, 1–10 (2017)
Zheng, K., Zhang, X., Cai, Z., Wang, Z., Yang, B.: Scalable NIDS via negative pattern matching and exclusive pattern matching. In: 2010 Proceedings IEEE INFOCOM, pp. 1–9. IEEE, March 2010
Maraş, A.O.R.: Host-based intrusion detection systems OSSEC open source HIDS. Mil. Secur. Stud. 2015, 43 (2015)
Stanković, S., Gajin, S., Petrović, R.: A review of Wazuh tool capabilities for detecting attacks based on log analysis (2022)
Awal, H., Hadi, A.F., Zain, R.H.: Network security with snort using IDS and IPS. J. Dyn. (Int. J. Dyn. Eng. Sci.) 8(1), 32–36 (2023)
Boukebous, A.A.E., Fettache, M.I., Bendiab, G., Shiaeles, S.: A comparative analysis of Snort 3 and Suricata. In: 2023 IEEE IAS Global Conference on Emerging Technologies (GlobConET), pp. 1–6. IEEE, May 2023
Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)
https://rules.emergingthreats.net/OPEN_download_instructions.html
Acknowledgements
This work is supported by the National Natural Science Foundation of China (No. 62102425) and the Science and Technology Innovation Program of Hunan Province (Nos. 2022RC3061, 2021RC2071).
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Ethics declarations
Conflicts of Interest
The authors declare that they have no conflicts of interest to report regarding the present study.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Zhu, H., Wang, C., Hou, B., Tang, Y., Cai, Z. (2024). A Critical Server Security Protection Strategy Based on Traffic Log Analysis. In: Jin, H., Pan, Y., Lu, J. (eds) Computer Networks and IoT. IAIC 2023. Communications in Computer and Information Science, vol 2060. Springer, Singapore. https://doi.org/10.1007/978-981-97-1332-5_1
Download citation
DOI: https://doi.org/10.1007/978-981-97-1332-5_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-1331-8
Online ISBN: 978-981-97-1332-5
eBook Packages: Computer ScienceComputer Science (R0)