Essays on State-Based Network Intrusion Detection System Assignment

Download full paperFile format: .doc, available for editing

The paper "State-Based Network Intrusion Detection System" is a good example of a finance and accounting assignment. Conventionally, to secure computer systems, programmers resorted to the creation of a protective “ shield” – so to speak – around these systems by way of design security mechanisms such as firewalls (see Lodin & Schuba), authentication mechanisms, Virtual Private Networks (VPN). However, these security mechanisms almost have inevitable vulnerabilities and they are usually not sufficient to ensure complete security of the infrastructure and to ward off attacks that are continually being adapted to exploit the system’ s weaknesses often caused by careless design and implementation flaws.

This accounts for the need for security technology that can monitor systems and identify computer attacks. This is called intrusion detection and is complementing conventional security mechanisms (Kumar, Srivastava & Lazarevic, 20).   To better understand Network Intrusion Detection System (NIDS), we first need to clarify its element terminologies. Firstly, an intrusion is an attempt to break into or misuse one’ s system. An intruder is more commonly known as a hacker – a generic term for a person who likes getting into things, with a benign hacker who likes to get into his/her own computer and understands how it works and a malicious hacker who likes getting into other people’ s systems -- or cracker (a term that benign hackers would like to be applied to them).

Now, intruders may be outsiders. That is, they may attack your network from outside – e.g. , defacing the web servers, forwarding spasm through e-mail servers, etc. – or may try to skirt around the security mechanisms used – such as firewalls -- to assail machines on the internal network.

Intruders from the outside (of the network) may proceed from the dial-up Internet lines, or maybe a result of physical break-ins, and/or maybe by one’ s partner (vendor, customer, reseller, etc. ) network that is linked to one’ s corporate network. Intruders may likewise be internal – i.e. , intruders that may legitimately use one’ s internal network, including users who misuse privileges (for example, an election officer who marked someone in the list of the voters as being dead for a political reason) or who impersonate higher privileged users (by using someone else’ s terminal).

Reference

:

Aickelin, U., Greensmith, J., & Twycross, J. “Immune Systems Approaches to Intrusion Detection – A Review.” Artificial Immune Systems. Ed. Giuseppe Nicosia, Vincenzo Cutello, & Peter John Bentley. Sicily: Springer, 2004. 316-327.

Anjum, F. Signature-Based Intrusion Detection for Wireless Ad-Hoc Networks: A Comparative Study of Various Routing Protocols. 9 February 2009

Bragg, R., Rhodes-Ousley, M. & Strassberg, K. Network Security: The Complete Reference. California: McGraw-Hill, 2004.

Bressoud, T. & Schneider, F. Hypervisor-Based Fault Tolerance. 26 January, 2009 < http://www.cs.cornell.edu/fbs/publications/HyperFTol.pdf>

Brown, D., Suckow, B. & Wang, T. A Survey of Intrusion Detection Systems. 30 January, 2009 < http://www.cs.ucsd.edu/classes/fa01/cse221/projects/group10.pdf>

Butler, C. et al. IT Security Interviews Exposed: Secrets to Landing Your Next Information Security Job. Indiana: Wiley Publishing, Inc, 2007.

Calvert, K. et al. Challenges in Implementing an ESP Service. In Wakamiya, N. et al. Active Networks: IFIP-TC6 5th International Working Conference, IWAN 2003, Kyoto, Japan, December 10-12, 2003, Proceedings. New York: Springer, 2003.

Chang-Hao, T et. al.. Virtualization-Based Techniques for Enabling Multi-Tenant Management Tools. Alexander Clemm, Lisandro Z. Granville & Rolf Stadler (eds). Managing Virtualization of Networks and Services. Berlin: Springer, 2007.

Chen, P. & Noble, B. When Virtual is Better than Real. 26 January 2009 < http://www.cs.ucdavis.edu/~hchen/teaching/ecs235a-f07/paper/chen01.pdf>

Chickowski, E. Don’t Fear the Unknown: Behavior Analysis Intrusion Prevention Defends Against Zero-Day Attacks. 7 February 2009 < http://www.processor.com/editorial/article.asp?article=articles%2Fp2817%2F32p17%2F32p17.asp>

Cisco Systems, Inc. The Science of IDS Attack Identification. 8 February 2009 < http://www.cisco.com/en/US/netsol/ns731/networking_solutions_white_paper09186a0080092334.shtml>

Coward, M. Achieving Higher Performance in a Multi-Core-Based Packet Processing Engine Design. Continuous Computing. 1 February 2009

Cross, M., et. al. Security + Study Guide and DVD Training System. Maryland: Syngress, 2003.

De Micheli, G. Synthesis and Optimization of Digital Circuits. New York: McGraw-Hill, 1994

Dougligeris, C. & Serpanos, D. Network Security: Current Status and Future Directions. New Jersey: John Wiley and Sons, 2007.

Dunlap, G. et. al. Revirt: Enabling Intrusion Analysis through Virtual Machine Logging and Replay. 26 January, 2009 < http://www.eecs.umich.edu/virtual/papers/dunlap02.pdf>

E. Bugnion, Devine, S. & Rosenblum, M. Disco: Running Commodity Operating Systems on Scalable Multiprocessors. 26 January, 2009

Endorf, C., Shultz, E. & Mellander, J. Intrusion Detection and Prevention: The Authoritative Guide to Detecting Malicious Activity. California: McGraw-Hill Professional, 2004.

Fink, G. et al. A Metric-Based Approach to Intrusion Detection System Evaluation for Distributed Real-Time Systems. 10 February 2009

Garfinkel, T. & Rosenblum, M. A Virtual Machine Introspection Based Architecture for Intrusion Detection. 26 January, 2009 < http://suif.stanford.edu/papers/vmi-ndss03.pdf>

Gong, F. Deciphering Detection Techniques: Part II Anomaly-Based Intrusion Detection. McAfee Security. 9 February 2009

Graham, R. FAQ: Network Intrusion Detection System. 24 January 2009 < http://www.linuxsecurity.com/resource_files/intrusion_detection/network-intrusion-detection.html>

Gupta, A. & Sekar, R. “An Approach for Detecting Self-Propagating Email Using Anomaly Detection.” Recent Advances in Intrusion Detection. Ed. Giovanni Vigna, Erland Jonsson, & Christopher Kruegel. Berlin: Springer, 2003. 55-70.

Hacker, E. IDS Evasion with Unicode. 6 February 2009

Handley, M., Paxson, V. & Kreibich, C. Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. 6 February 2009

IT Security Editors. Network Security Threats to SMB’s. 4 February 2009

Janczewski, L. & Colarik, A. Cyber Warfare and Cyber Terrorism. Pennsylvania: Idea Group Inc, 2008.

Jun Xu. Sustaining Availability of Web Services under Distributed Denial of Service Attacks. 31 January 2009,

Karger, P. et. al. A Retrospective on the VAX VMM Security Kernel. IEEE Transactions on Software Engineering 17(11) 1991. 27 January 2009 < http://www.cse.psu.edu/~tjaeger/cse543-f06/papers/vax_vmm.pdf >

Kumar, V., Srivastava, J. & Lazarevic, A. “Intrusion Detection: A Survey” in Kumar, V., Srivastava, J., & Lazarevic, A. (Eds.). Managing Cyber Threats: Issues, Approaches, and Challenges. New York: Springer+Science Business Media, Inc., 2005.

Li, Z., Wang X.F. & Choi, J.Y. SpyShield: Preserving Privacy from Spy Add-Ons. In Kruegel, C., Lippmann, R. & Clark, A. Recent Advances in Intrusion Detection. 10th International Symposium, RAID 2007, Gold Cost, Australia, September 5-7, 2007, Proceedings. Heidelberg: Springer-Verlag, 2007.

Lodin, S. & Schuba, C. Firewalls Fend Off Invasions from the Net. 1 February 2009 < http://www.schuba.com/christoph/pub/pubs/98/fw-spectrum/fire.pdf>

Mailloux, M., Naim, H., & Wayne, T. Application Layer and Operating System Collaboration to Improve QoS Against DDoS Attack. 31 January 2009

Marshall, D. et. al. VMware ESX Essentials in the Virtual Data Center. Boca Raton: Auerback Publishing, Inc. 2009.

Marshall, D., Reynolds, W. & McCrory, D. Advanced Server Virtualization. Baton Rouge: Auerbach Publications, 2006.

McAfee, Inc. McAfee Avert Labs Unveils Predictions for Top Ten Security Threats in 2007 as Hacking Comes of Age. 2 February 2009

Meinel, C. Botnets, Part 1: Why They Strike and How to Defend Against Them? InformIT. 1 February 2009

Meushaw, R. & Simard, D. NetTop: Commercial Technology in High Assurance Applications. 26 January, 2009 < http://www.vmware.com/pdf/TechTrendNotes.pdf >

Moore, D., Shannon, C., & Brown, J. Code-Red: A Case Study on the Spread and Victims of an Internet Worm. Proceedings of the Second ACM Internet Measurement Workshop, 2002.

Mudigonda, J., Vin, H. & Yavatkar, R. Overcoming the Memory Wall in Packet Processing: Hammers or Ladders? Proceedings of the 2005 ACM Symposium on Architecture for Networking and Communications Systems Page(s) 1-10. 30 January, 2009

Northcutt, S. & Novak, J. Network Intrusion Detection. 3rd Edition. Indianapolis: New Riders Publishing, 2002.

Oklobdzija, V. The Computer Engineering Handbook. Baton Rouge: CRC Press, 2002.

Paxson, V. Bro: A System for Detecting Network Intruder in Real Time. 6 February 2009

Peles, A. New Exploits Demand Multi-Layer Threat Protection. Application Security Strategies. 2006. 30 January 2009

Peng, T., Leckie, C. & Ramamohanarao, K. Survey of Network-Based Defense Mechanisms Countering the Dos and DDos Problems, 2007. ACM Computing Survey 39, 1 (2007), 3. 31 January 2009

Petersen, R. Fedora 9 Linux Administration and Security. California: Surfing Turtle Press, 2008.

Ptacek, T. & Newsham, T. Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection. 6 February 2009. < http://crypto.stanford.edu/cs155/papers/IDSpaper.pdf>

Ranjan, S. et al. DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection. INFOCOM 2006. 25th IEEE International Conference on Computer Communications Proceedings, April 2006. Page(s) 1-13. 31 January 2009

Riggs, C. Network Perimeter Safety. Boca Raton: CRC Press, 2004.

Ristic, I. Apache Security. California: O’Reilly, 2005.

Rosenblum, M. et. al. Using the SimOs Machine Simulator to Study Complex Computer Systems. 26 January, 2009 < ftp://www-flash.stanford.edu/pub/hive/TOMACS96-simos.pdf>

Rupp, A. A Software System for Packet Trace Customization with Application to NIDS Evaluation. 9 February 2009 < http://www.net.t-labs.tu-berlin.de/papers/R-PTCANIDSE-04.pdf>

Schaefer, M. and Gold, B. Program Confinement in KVM/370.

Seifried, K. Honeypotting with VMware: Basic. 26 January, 2009

Shinder, T. et al. The Best Damn Firewall Book Period. Burlington: Syngress, 2007.

Shoumeng, Y. et al. A Packet Property-Based Task Scheduling Policy for Control Plane OS in NP-Based Applications. In Yang, et al. (eds). Embedded Software and Systems. 2nd International Conference, ICESS 2005. Heidelberg: Springer, 2005.

Singh, Amit. An Introduction to Virtualization. 25 January, 2009

Sivalingam, K & Subramaniam, S. Emerging Optical Network Technologies: Architectures, Protocols, and Performance. New York: Springer, 2005

Snapp, S. et. Al. “DIDS (Distributed Intrusion Detectioin System) – Motivation, Architecture and an Early Prototype,” Proc., 14th National Computer Security Conference, Washington DC, pp. 167-176, October, 1991

Soviani, C., Hadzic, I. & Edwards, S. Synthesis of High-Performance Packer Processing Pipelines. 1 February 2009 < http://www2.dac.com/data2/43rd/43acceptedpapers.nsf/0c4c09c6ffa905c487256b7b007afb72/2aac409661e747438725715a004b60cd/$FILE/38_5.PDF>

Symantec Internet Security Threat Report Volume XI (March, 2007). 31 January 2009,

Timm, K. IDS Evasion Techniques and Tactics. 6 February 2009

Tipton, H. & Krause, M. (eds.) Information Security Management Handbook. Auerbach Publications, 2006.

Verplanke, E. Understand Packet Processing Performance When Employing Multi-Core Processors. Embedded Development Community. 1 February 2009

Vin, H., Jason, J. & Ruiqi, L. A Programming Environment for Packet-Processing Systems: Design Considerations. 31 January 2009

Vlachos, K. et al. Design and Performance Evaluation of a Programmable Packet Processing Engine (PPE) Suitable for High-Speed Network Processors Units. Microprocessors and Microsystems 31(3), May 2007 Page(s) 188-199. 30 January 2009 < http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V0X-4M3RMD6-1&_user=10&_coverDate=05%2F01%2F2007&_rdoc=1&_fmt=high&_orig=browse&_sort=d&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=f29f791b7f908fb7f14e6ad007673f72>

Wen, S., Griffione, J. & Calvert, K. Building Multi-Cast Services From Unicast Forwarding and Ephemeral State. 1 February 2009 < http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6VRG-44N05V2-3&_user=10&_rdoc=1&_fmt=&_orig=search&_sort=d&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=2fb75de4cbc05028dad16e38bf20be40>

Wen, S., Griffioen, J., & Calvert, K. CALM: Congestion-Aware Layered Multicast. 1 February, 2009 < http://protocols.netlab.uky.edu/~esp/paper/calm.pdf>

Wen, S. Griffioen, J. & Calvert, K. Lightweight Network Support for Scalable End-to-End Services. 1 February 2009

Yi Xie, Shun-Zheng Yu. A Novel Model for Detecting Application Layer DDoS Attacks, First International Multi-Symposiums on Computer and Computational Sciences, 2006. IMSCCS ’06, Volume 2 pages 56-63. 31 January 2009

Ytreberg, J. & Papadaki, M. Investigating the Evasion-Resilience of Network Intrusion Detection Systems. In Dan Remenyi (ed). Proceedings of the 6th European Conference on Information Warfare and Security. UK: Academic Conferences Limited, 2007.

Yu Jie, et al. A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks. Third International Conference on Networking and Services, 2007. ICNS. Page 54. 31 January 2009,

Zurawski, R. Embedded Systems Handbook. Florida: CRC Press, 2006.

http://www.bro-ids.org/

http://www.fireeye.com

http://www.iwar.org.uk

http://www.nipc.gov

http://www.nist.gov

http://www.securecognition.com/

Download full paperFile format: .doc, available for editing
Contact Us