A Grid-based Intrusion Detection System Alexandre Schulter, Júlio Albuquerque Reis, Fernando Koch, Carlos Becker Westphall Networks and Management Laboratory Federal University of Santa Catarina Florianópolis, Brazil
[email protected],
[email protected],
[email protected],
[email protected] Abstract This paper presents the problem of intrusion detection in grid environments. Current intrusion detection technology is limited in providing protection against the attacks that may violate the security of grids and we determine the requirements to identify them, propose a distributed grid-based intrusion detection system architecture, and show how it overcomes the limitations of current technology by integrating the detection of the typical host computer and network attacks with the detection of grid-specific attacks and user behavior anomalies.
1. Introduction Computational grids are emerging as tools to facilitate the secure sharing of resources in heterogeneous environments [1]. Security is one of the most challenging aspects of grid computing [2] and intrusion detection systems (IDS) have an important role in grid security management. IDSs are expert systems that detect security violations in computer systems and respond by sending alert notifications to managers [8]. The violations can be characterized as unauthorized use by external parties or abuse of the system by insiders. Typical host-based IDSs and network-based IDSs [6] can be deployed in a grid environment to improve its security. However, they cannot properly detect grid intrusions. Their detection poses new challenges and current intrusion detection technology is limited in providing protection against them. In this paper we propose a grid-based IDS architecture that overcomes the limitations. This paper is organized as follows: Section 2 provides the problem background. Section 3 analyzes the shortcomings of current technology and what requirements need to be satisfied. Section 4 proposes a
system architecture and shows how it solves the problem. The paper concludes with section 5.
2. Background 2.1. The need for intrusion detection in grids Security services in distributed systems constitute a new area in computer science and there has been considerable research in this matter [18]. The evolution of these services may be significant, but the evolution of their counterparts like worms, viruses and distributed denial-of-service attacks [14] is as well. Grid resources can be quite attractive [15] due to large ranges of computation and storage capabilities and we should expect that they become targets for attackers and useful for intruders. The access and sharing of resources and collaborative computing facilitated by grids amplifies the concerns about intrusions, especially in large-scale grids [4]. In this kind of grids, the considerable computing power can be used by an intruder to break passwords, the storage devices can be used to save illicit files, and the large bandwidth networks are ideal for launching denial-ofservice attacks [15, 14]. It is unrealistic to absolutely prevent breaches of security from appearing, especially in complex distributed systems like grids. Even if the security services offered by grid middleware [3] are designed and implemented carefully to avoid vulnerabilities, intruders can explore flaws in any of the other components involved, such as operating systems, network protocols, and non-grid applications running in the same environment. Moreover, a grid cannot defend itself against stolen passwords and legitimate users who abuse their privileges to execute malicious activities. The aforementioned flaws suggest that intrusion detection systems be used as tools by security managers to improve the overall grid security. An
Proceedings of the International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL’06) 0-7695-2552-0/06 $20.00 © 2006
IEEE
