Skip to main content
SpringerLink
Log in

A Critical Server Security Protection Strategy Based on Traffic Log Analysis

  • Conference paper
  • First Online:
Computer Networks and IoT (IAIC 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 2060))

Included in the following conference series:

  • 29 Accesses

Abstract

Traditional perimeter-based security systems provide a level of defense against external attacks. However, with the increasing prevalence of advanced network attacks and the continual emergence of novel attack methodologies, these conventional security mechanisms are witnessing diminishing effectiveness. Attackers frequently shift their focus to the core assets within an organization’s internal network, such as database servers, file servers, and email servers. By breaching the external perimeter, they execute lateral movement within the internal network, searching for high-value assets to achieve the goal of data theft. The potential consequences stemming from an assault on core assets can be monumental, underscoring the paramount importance of safeguarding them. Nevertheless, existing measures for the protection of critical core assets exhibit several deficiencies. In response, we propose a security protection strategy for critical servers based on the analysis of traffic logs. We establish an integrated micro-boundary on the critical servers, comprising four constituent modules. A micro-boundary intrusion detection system (IDS) module, a micro-boundary traffic collection module, a micro-boundary dynamic access control module, and an agent module. This security protection strategy encompasses three core security functionalities. Network intrusion detection, network access relationship analysis, and dynamic management of access control policy. It facilitates timely and effective detection of internal threats, significantly bolstering the security of critical servers. We have implemented this security protection strategy in two real-world scenarios, assessed the feasibility of its implementation, and uncovered potential security vulnerabilities and network threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22915-7_40

    Chapter  Google Scholar 

  2. Fairfield-Sonn, J.: WannaCry, EternalBlue, SMB Ports, and the Future (2017)

    Google Scholar 

  3. https://blogs.vmware.com/security/2022/06/lateral-movement-in-the-real-world-a-quantitative-analysis.html

  4. Kumar, V., Sangwan, O.P.: Signature based intrusion detection system using SNORT. Int. J. Comput. Appl. Inf. Technol. 1(3), 35–41 (2012)

    Google Scholar 

  5. Masdari, M., Khezri, H.: A survey and taxonomy of the fuzzy signature-based intrusion detection systems. Appl. Soft Comput. 92, 106301 (2020)

    Article  Google Scholar 

  6. Li, W., Tug, S., Meng, W., Wang, Y.: Designing collaborative blockchained signature-based intrusion detection in IoT environments. Futur. Gener. Comput. Syst. 96, 481–489 (2019)

    Article  Google Scholar 

  7. Le Jeune, L., Goedeme, T., Mentens, N.: Machine learning for misuse-based network intrusion detection: overview, unified evaluation and feature choice comparison framework. IEEE Access 9, 63995–64015 (2021)

    Article  Google Scholar 

  8. Nitin, T., Singh, S.R., Singh, P.G.: Intrusion detection and prevention system (IDPS) technology-network behavior analysis system (NBAS). ISCA J. Engineering Sci. 1(1), 51–56 (2012)

    Google Scholar 

  9. Moon, D., Im, H., Kim, I., Park, J.H.: DTB-IDS: an intrusion detection system based on decision tree using behavior analysis for preventing APT attacks. J. Supercomput. 73, 2881–2895 (2017)

    Article  Google Scholar 

  10. Abusafat, F., Pereira, T., Santos, H.: Proposing a behavior-based IDS model for IoT environment. In: Wrycza, S., Maślankowski, J. (eds.) SIGSAND/PLAIS 2018. LNBIP, vol. 333, pp. 114–134. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00060-8_9

    Chapter  Google Scholar 

  11. Soltani, M., Ousat, B., Siavoshani, M.J., Jahangir, A.H.: An adaptable deep learning-based intrusion detection system to zero-day attacks. J. Inf. Secur. Appl. 76, 103516 (2023)

    Google Scholar 

  12. Saba, T., Rehman, A., Sadad, T., Kolivand, H., Bahaj, S.A.: Anomaly-based intrusion detection system for IoT networks through deep learning model. Comput. Electr. Eng. 99, 107810 (2022)

    Article  Google Scholar 

  13. Martins, I., Resende, J.S., Sousa, P.R., Silva, S., Antunes, L., Gama, J.: Host-based IDS: a review and open issues of an anomaly detection system in IoT. Futur. Gener. Comput. Syst. 133, 95–113 (2022)

    Article  Google Scholar 

  14. Deshpande, P., Sharma, S.C., Peddoju, S.K., Junaid, S.: HIDS: a host based intrusion detection system for cloud computing environment. Int. J. Syst. Assur. Eng. Manag. 9, 567–576 (2018)

    Article  Google Scholar 

  15. Liu, M., Xue, Z., Xu, X., Zhong, C., Chen, J.: Host-based intrusion detection system with system calls: review and future trends. ACM Comput. Surv. (CSUR) 51(5), 1–36 (2018)

    Article  Google Scholar 

  16. Besharati, E., Naderan, M., Namjoo, E.: LR-HIDS: logistic regression host-based intrusion detection system for cloud environments. J. Ambient. Intell. Humaniz. Comput. 10, 3669–3692 (2019)

    Article  Google Scholar 

  17. Zheng, K., Cai, Z., Zhang, X., Wang, Z., Yang, B.: Algorithms to speedup pattern matching for network intrusion detection systems. Comput. Commun. 62, 47–58 (2015)

    Article  Google Scholar 

  18. Yu, Y., Long, J., Cai, Z.: Session-based network intrusion detection using a deep learning architecture. In: Torra, V., Narukawa, Y., Honda, A., Inoue, S. (eds.) MDAI 2017. LNCS (LNAI), vol. 10571, pp. 144–155. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67422-3_13

    Chapter  Google Scholar 

  19. Min, E., Long, J., Liu, Q., Cui, J., Cai, Z., Ma, J.: SU-IDS: a semi-supervised and unsupervised framework for network intrusion detection. In: Sun, X., Pan, Z., Bertino, E. (eds.) ICCCS 2018. LNCS, vol. 11065, pp. 322–334. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00012-7_30

    Chapter  Google Scholar 

  20. Yu, Y., Long, J., Cai, Z.: Network intrusion detection through stacking dilated convolutional autoencoders. Secur. Commun. Netw. 2017, 1–10 (2017)

    Article  Google Scholar 

  21. Zheng, K., Zhang, X., Cai, Z., Wang, Z., Yang, B.: Scalable NIDS via negative pattern matching and exclusive pattern matching. In: 2010 Proceedings IEEE INFOCOM, pp. 1–9. IEEE, March 2010

    Google Scholar 

  22. Maraş, A.O.R.: Host-based intrusion detection systems OSSEC open source HIDS. Mil. Secur. Stud. 2015, 43 (2015)

    Google Scholar 

  23. Stanković, S., Gajin, S., Petrović, R.: A review of Wazuh tool capabilities for detecting attacks based on log analysis (2022)

    Google Scholar 

  24. Awal, H., Hadi, A.F., Zain, R.H.: Network security with snort using IDS and IPS. J. Dyn. (Int. J. Dyn. Eng. Sci.) 8(1), 32–36 (2023)

    Google Scholar 

  25. Boukebous, A.A.E., Fettache, M.I., Bendiab, G., Shiaeles, S.: A comparative analysis of Snort 3 and Suricata. In: 2023 IEEE IAS Global Conference on Emerging Technologies (GlobConET), pp. 1–6. IEEE, May 2023

    Google Scholar 

  26. Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)

    Article  Google Scholar 

  27. https://rules.emergingthreats.net/OPEN_download_instructions.html

  28. https://github.com/corelight/zeek-community-id

Download references

Acknowledgements

This work is supported by the National Natural Science Foundation of China (No. 62102425) and the Science and Technology Innovation Program of Hunan Province (Nos. 2022RC3061, 2021RC2071).

Author information

Authors and Affiliations

  1. National University of Defense Technology, Changsha, 410073, China

    Haiyong Zhu, Chengyu Wang, Bingnan Hou, Yonghao Tang & Zhiping Cai

Authors
  1. Haiyong Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chengyu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bingnan Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yonghao Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Zhiping Cai
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Haiyong Zhu or Chengyu Wang .

Editor information

Editors and Affiliations

  1. Huazhong University of Science and Technology, Wuhan, Hubei, China

    Hai Jin

  2. Chinese Academy of Science, Shenzhen, China

    Yi Pan

  3. Nanjing University of Science and Technology, Nanjing, China

    Jianfeng Lu

Ethics declarations

Conflicts of Interest

The authors declare that they have no conflicts of interest to report regarding the present study.

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhu, H., Wang, C., Hou, B., Tang, Y., Cai, Z. (2024). A Critical Server Security Protection Strategy Based on Traffic Log Analysis. In: Jin, H., Pan, Y., Lu, J. (eds) Computer Networks and IoT. IAIC 2023. Communications in Computer and Information Science, vol 2060. Springer, Singapore. https://doi.org/10.1007/978-981-97-1332-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-1332-5_1

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-1331-8

  • Online ISBN: 978-981-97-1332-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation