Self-descriptive devices for an Intrusion Detection and ...

Recommend Documents

Efficient intrusion detection for mobile devices using spatio-temporal ...

Sausan Yazji1, Robert P. Dick2, Peter Scheuermann1, and Goce Trajcevski1. 1 EECS Dept. ... S. Yazji, R.P. Dick, P. Scheuermann, G. Trajcevski. Information ...

An Architecture for Intrusion Detection using

Jun 11, 1998 - network, and analyzed by a single module using dif- .... transceivers and monitors, as well as the communication and control channels be-.

An Efficient Intrusion Detection Scheme for

link and buffered at the next hop until the next link in the path appears (e.g., a new ... may open a new door for malicious users, who may intention- ally try to launch ... In order to facilitate data transfer, DTN uses a store-and- forward approach

Intrusion Detection

provides mobile agents with system and platform independence and considerable security features. [3]. Current commercial IDSs such as Cisco Secure IDS [4] ...

An Active Splitter Architecture for Intrusion Detection and ... - FORTH-ICS

Feb 3, 2006 - Page 1 ... We present an active splitter architecture and three methods for improving performance. ...... Then, the pointer to the next free buffer.

An Active Splitter Architecture for Intrusion Detection and ... - FORTH-ICS

Feb 3, 2006 - tary, network-level security mechanisms, as provided by firewalls and network ... able traffic between two networks based on policies typically expressed ... inspection and using this information to block possible attacks. Firewalls ...

An Intrusion Detection and Prevention Framework for Internet

Mar 14, 2018 - when employing communication technologies such as 6LoWPAN and CoAP. Considering the constraints ..... reaction is thus fundamental in order to stop attacks in a .... CoAP IoT networks, security management messages are.

Data Mining for Intrusion Detection

{jianpei, shambhu, ffarooq2, govind}@cse.buffalo.edu .... Case-based reasoning, e.g., AUTOGUARD ..... Training dataset: tuples for model construction, each.

From Intrusion Detection to an Intrusion Response System - MDPI

Mar 27, 2017 - network-based incidents and host-based incidents [10]. ... systems performance, and web service operations [11]. .... SQL Injection. [18].

Visualisation for Intrusion Detection - CiteSeerX

Monitoring and surveillance, seeks instead to enable the operator to detect ..... wide variety of weaknesses in IIS, as Nimda does, relying solely on the one buffer.

Lightweight agents for intrusion detection

monitoring network activity at each host. .... 1994) used a combination of host and LAN monitors to ... formation Technology Office of the Defense Advanced.

Adaptation Techniques for Intrusion Detection and ... - CiteSeerX

collection of information-gathering and exploitation tools". [2]. The 1999 ... response systems, or automatic response systems (see Table. 1). The majority of ...

DoS and Intrusion Detection for MANET - PLOS

over sending RREQs toby hubs. Subsequently, the plan effectively averts appropriated assaults. Evaluation of the Sequence Number Attack Detection.

Electrostatic Means for Intrusion Detection and Ranging

James Jeans, "Electricity and Magnetism", Fifth Edition, (Cam- bridge Press Univetsity Press, 1951). 4. I.S. Gradshteyn and I.W. Ryzhik, "Table of Integrals, ...

Distributed Intrusion Detection and Attack Containment for ...

Distributed Intrusion Detection and Attack Containment for Organizational Cyber Security. Stephen G. Batsell1, Nageswara S. Rao2, Mallikarjun Shankar1.

Intrusion Detection for Grid and Cloud Computing

Grid and Cloud Computing Intrusion Detection System integrates knowledge and ... architecture: the node, service, event auditor, and storage service. â¡ Node ...

Analysis for Traffic and Intrusion Detection

These attacks can often be detected by analyzing the network packet headers, or monitoring the network traffic connection, attempts and session behaviors of ...

Neural Networks for Intrusion Detection and Its

intrusion detection is very necessary has the Internet is greatly increased .... learning phase, the network learns the desired output for a .... malicious implications.

Cyber security testing and intrusion detection for

TCP tests include variations which stress a device's ability to create and teardown TCP sessions with floods of TCP SYN and TCP FIN packets targeting ...

An Architecture of Hybrid Intrusion Detection System

Section 2 describes various types of intrusion detection techniques along ... an attack include simple string matching â which involves looking for unique key .... performed by the IDS in response to traffic from that IP address from Alarm to Drop.

An Intrusion-Detection System Based on the

An Intrusion-Detection System Based on the Teiresias Pattern-. Discovery Algorithm. Abstract. This paper addresses the problem of creating a pattern table that ...

CIDS: An agent-based intrusion detection system

approaches used in agent technologies such as. 51 .... solution in a distributed fashion across the agents. ... come and talk to the plan through the blackboard ..... Institute of. Standards and. Technology. Computer. 617. Security Division, NIST ...

An Intelligent Intrusion Detection System Using ...

Email: [email protected]. Received: ... IDSs are signature based and which they search a signature in the captured traffic or log files and send an alarm. This is ...

An Anomaly-based Intrusion Detection ... - Semantic Scholar

3 Edith Cowan University, Perth, Australia. {shuyun.lim, andrew.28.jones}@bt.com. Abstract. Ensuring that the appropriate level of security is available in.

Self-descriptive devices for an Intrusion Detection and ...

Download PDF

25 downloads 2893 Views 3MB Size Report

Comment

Authorization config. inspired by Facebook apps and Google Play Store. Monitoring. Monitoring of e.g. communication or alerts. Alerts. Alerts by e.g. Intrusion de-.

Self-descriptive devices for a Policy Enforcement System

Self-descriptive devices for an Intrusion Detection and Prevention System Characteristics

What’s new

Challenges

Solutions

   

Network IDS/IPS Traffic whitelisting for Smart Home gadgets Implemented on router Self-describing Smart Home devices

Characteristics

 Two-factor characterization of Smart Home devices via self-description and external databases  Negative Anomaly-Signature-based IDS/IPS 1. 2. 3. 4.

Who describes the „normal“ state of network traffic? How to describe the „normal“ state of network traffic? How to monitor the traffic? How can an autonomous, user-friendly configuration and operation be ensured?

1. Compare traffic characteristics of self-described devices and external knowledge databases (two-factor characterization) 2. Based on traffic signatures 3. With a network IDS/IPS, implemented on the router 4. With a smartphone application

What’s new

Challenges

Solutions

 Policy Enforcement  Implemented on router  Profiling of Smart Home devices and device classes and/or self-describing Smart Home devices  Two-factor characterization of Smart Home devices via self-description and external databases  Profiling of Smart Home devices for Policy Enforcement 1. 2. 3. 4.

Who describes the policies? How to describe the policies? How to enforce the policies? How can an autonomous, user-friendly configuration and operation be ensured?

1. Compare traffic characteristics of self-described devices and external knowledge databases (two-factor characterization) 2. With rules, designed for devices and device classes 3. With rules, stored on the router and enforced by it 4. With a Smartphone application

Secure Smart Home

Envisioned Smart Home Architecture

Implications

Assumptions

Interaction of system components

 Traffic of Smart Home gadgets increases  Network traffic can be described more exactly  IDS/IDS and Policy Enforcement get more efficient

WiFi-HN

 Devices are connected via WiFi  Legacy & proprietary devices integrated via Gateways  Self-descriptive devices for an Intrusion Detection and Prevention System  Self-descriptive devices for a Policy Enforcement System  User-friendly smartphone app for administration

Detection & Prevention

Enforcement

IDPS IDPS Administration

PE

App

Administration

Legend App: Application HN: Home Network PE: Policy Enforcement IDPS: Intrusion Detection and Prevention System

Configuration

Monitoring

Alerts

Authorization config. inspired by Facebook apps and Google Play Store

Monitoring of e.g. communication or alerts

Alerts by e.g. Intrusion detection or if authorization config. does not match

Challenge: Easy to use

Challenge: Clear representation

Challenge: Discreet

Lukas Braun ([email protected]) Prof. Dr. Hans-Joachim Hof ([email protected])