Title: Intrusion Detection System Survey :: Collaborative Intrusion Detection System CIDS
1Intrusion Detection System Survey
Collaborative Intrusion Detection System (CIDS)
- Yuhong Dong
- ydong_at_fau.edu
2Collaborative Intrusion Detection
SystemPresentation Content
- CIDS Basic Concept
- CIDS Architecture
- Experiment
- Result
- Reference
3Collaborative Intrusion Detection SystemConcept
- Multiple Intrusion Detectors
- -- Snort, Libsafe, Sysmon
- Multiple layers
- -- Network, Application, Kernel
- Manager
- --Graph-based and Bayesian-Based Inference
Engine - Mechanism
- -- Manager aggregates the alarms from different
detectors and provides a alarm for an intrusion
4Collaborative Intrusion Detection
SystemArchitecture (instance of CIDS)
5Collaborative Intrusion Detection
SystemArchitecture (from system view)
6Collaborative Intrusion Detection
SystemArchitecture (for Manager)
7Collaborative Intrusion Detection
SystemArchitecture (for Event Dispatcher)
How does the Event Dispatcher works? -- Dispatch
event to local reference Engine according to
destination (DIP) --Group the event according to
the target process (PID)
8Collaborative Intrusion Detection
SystemGraph-based Inference Engine
9Collaborative Intrusion Detection
SystemBayesian Network-based Inference Engine
10Collaborative Intrusion Detection
SystemExperiment
- Environment Red Hat Linux 8.0 with Apache web
server version 1.3.24 - Simulation Electronic Store Front Workload with
three Attack types Buffer Overflow Attack,
flooding Attack, Script-Based Attack
11Collaborative Intrusion Detection SystemResult
-- Performance Evaluation
12Collaborative Intrusion Detection
SystemResult--Detection Effectiveness
Evaluation
13Collaborative Intrusion Detection
SystemResultAttack Propagation Speed
14Collaborative Intrusion Detection
SystemReference
- Collaborative Intrusion Detection System(CIDS) A
Framework for Accurate and Efficient IDS - Apache OpenSSL Attack at http//www.cert.org/adv
isories/CA-2002-27.html - Avaya Labs Research-ProjectLibsafe, At
http//www.research.avayalabs.com/project/libsafe - Kevin Murphy, Bayes Net Toolbox for Matlab,
Athttp//www.ai.mit.edu/murphyk/Software/BNT/bnt
.html - Snort-Lightweight Intrusion Detection for
Networks - Apache Chunk Buffer Overflow Attack. At
http//httpd.apache.org/info/security_bulletin_200
20617.txt