ILR: a Self-Tuning Distributed Attacks Detection System

نویسندگان

  • Wei Lin
  • Liu Xiang
  • Derek Pao
  • Bin Liu
چکیده

In order to protect Internet users from various attacks such as worms, viruses and other intrusions, signature-based intrusion detection system (IDS) should be deployed at the critical part of the network with rapid response for updating newly emerged attack signatures and containing the spread of worms or viruses at their early stage. The processing speed of one IDS cannot achieve the throughput requirement in the core networks because of the pattern matching, the key operation for signature-based IDS, is complex and time consuming. In this paper, it argues that if the signature set is shared by multiple IDSs, a packet needs to be checked once and once only by one of the IDSs, so traffic load can be redistributed among the IDSs to avoid local congestion. Packet marking is used to indicate the status of this packet utilized by collaborative IDSs, and a redistribution strategy named inner logical ring (ILR) is built among IDSs to redistribute the traffic load. Meanwhile, caching scheme is used to keep sequence for packets belonging to the same flow. This collaborative distributed IDS is robust with rapid response to various attacks, and the detection throughput is significantly increased from the throughput of the weakest IDS to the summation of all the collaborative IDSs.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

HF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets

Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...

متن کامل

Evaluation of an Intrusion Detection System for Routing Attacks in Wireless Self-organised Networks

Wireless Sensor Networks (WSNs) arebecoming increasingly popular, and very useful in militaryapplications and environmental monitoring. However,security is a major challenge for WSNs because they areusually setup in unprotected environments. Our goal in thisstudy is to simulate an Intrusion Detection System (IDS)that monitors the WSN and report intrusions accurately andeffectively. We have thus...

متن کامل

Adaptive Control of Machining Process Using Electrical Discharging Method (EDM) Based on Self-Tuning Regulator (STR)

In order to improve the optimal performance of a machining process, a booster to improve the serve control system performance with high stability for EDM is needed. According to precise movement of machining process using electrical discharge (EMD), adaptive control is proposed as a major option for accuracy and performance improvement. This article is done to design adaptive controller based o...

متن کامل

An Improvement over Random Early Detection Algorithm: A Self-Tuning Approach

Random Early Detection (RED) is one of the most commonly used Active Queue Management (AQM) algorithms that is recommended by IETF for deployment in the network. Although RED provides low average queuing delay and high throughput at the same time, but effectiveness of RED is highly sensitive to the RED parameters setting. As network condition varies largely, setting RED's parameters with fixed ...

متن کامل

Basic Issues in Identification Scheme of a Self-Tuning Power System Stabilizer

Power system stabilizers have been widely used and successfully implemented for the improvement of power system damping. However, a fixed parameter power system stabilizer tends to be sensitive to variations in generator dynamics so that, for operating conditions away from those used for design, the effectiveness of the stabilizer can be greatly impaired. With the advent of microprocessor techn...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2009