Distributed Detection of DDoS Attacks During the Intermediate Phase Through Mobile Agents

A Distributed Denial of Service attack is a large-scale, coordinated attack on the availability of services of a victim system, launched indirectly through many compromised computers on the Internet. Intrusion detection systems are network security tools that process local audit data or monitor network traffic to search for specific patterns or certain deviations from expected behavior, which indicate malicious activities against the protected network. In this study, we propose distributed intrusion detection methods to detect Distributed Denial of Service attacks in a special dataset and test these methods in a simulated-real time environment, in which the mobile agents are synchronized with the timestamp stated in the dataset. All of our methods use the alarms generated by SNORT, a signature-based network intrusion detection system. We use mobile agents in our methods on the Jade platform in order to reduce network bandwidth usage and to decrease the dependency on the central unit for a higher reliability. The methods are compared based on reliability, network load and mean detection time values

Cooperative Trust Framework for Cloud Computing Based on Mobile Agents

Cloud computing opens doors to the multiple, unlimited venues from elastic computing to on demand provisioning to dynamic storage, reduce the potential costs through optimized and efficient computing. To provide secure and reliable services in cloud computing environment is an important issue. One of the security issues is how to reduce the impact of for any type of intrusion in this environment. To counter these kinds of attacks, a framework of cooperative Hybrid intrusion detection system (Hy-IDS) and Mobile Agents is proposed. This framework allows protection against the intrusion attacks. Our Hybrid IDS is based on two types of IDS, the first for the detection of attacks at the level of virtual machines (VMs), the second for the network attack detection and Mobile Agents. Then, this framework unfolds in three phases: the first, detection intrusion in a virtual environment using mobile agents for collected malicious data. The second, generating new signatures from malicious data, which were collected in the first phase. The third, dynamic deployment of updates between clusters in a cloud computing, using the newest signatures previously created. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively. In this paper, we develop a collaborative approach based on Hy-IDS and Mobile Agents in Cloud Environment, to define a dynamic context which enables the detection of new attacks, with much detail as possible

An Interactive Distributed Simulation Framework With Application To Wireless Networks And Intrusion Detection

In this dissertation, we describe the portable, open-source distributed simulation framework (WINDS) targeting simulations of wireless network infrastructures that we have developed. We present the simulation framework which uses modular architecture and apply the framework to studies of mobility pattern effects, routing and intrusion detection mechanisms in simulations of large-scale wireless ad hoc, infrastructure, and totally mobile networks. The distributed simulations within the framework execute seamlessly and transparently to the user on a symmetric multiprocessor cluster computer or a network of computers with no modifications to the code or user objects. A visual graphical interface precisely depicts simulation object states and interactions throughout the simulation execution, giving the user full control over the simulation in real time. The network configuration is detected by the framework, and communication latency is taken into consideration when dynamically adjusting the simulation clock, allowing the simulation to run on a heterogeneous computing system. The simulation framework is easily extensible to multi-cluster systems and computing grids. An entire simulation system can be constructed in a short time, utilizing user-created and supplied simulation components, including mobile nodes, base stations, routing algorithms, traffic patterns and other objects. These objects are automatically compiled and loaded by the simulation system, and are available for dynamic simulation injection at runtime. Using our distributed simulation framework, we have studied modern intrusion detection systems (IDS) and assessed applicability of existing intrusion detection techniques to wireless networks. We have developed a mobile agent-based IDS targeting mobile wireless networks, and introduced load-balancing optimizations aimed at limited-resource systems to improve intrusion detection performance. Packet-based monitoring agents of our IDS employ a CASE-based reasoner engine that performs fast lookups of network packets in the existing SNORT-based intrusion rule-set. Experiments were performed using the intrusion data from MIT Lincoln Laboratories studies, and executed on a cluster computer utilizing our distributed simulation system

Use Trust Management Framework to Achieve Effective Security Mechanisms in Cloud Environment

Cloud Computing is an Internet based Computing where virtual shared servers provide software, infrastructure, platform and other resources to the customer on pay-as-you-use basis. Cloud Computing is increasingly becoming popular as many enterprise applications and data are moving into cloud platforms. However, with the enormous use of Cloud, the probability of occurring intrusion also increases. There is a major need of bringing security, transparency and reliability in cloud model for client satisfaction. One of the security issues is how to reduce the impact of any type of intrusion in this environment. To address this issue, a security solution is proposed in this paper. We provide a collaborative framework between our Hybrid Intrusion Detection System (Hy-IDS) based on Mobile Agents and virtual firewalls. Therefore, our hybrid intrusion detection system consists of three types of IDS namely IDS-C, IDS-Cr and IDS-M, which are dispatched over three layer of cloud computing. In the first layer, we use IDS-C over our framework to collect, analyze and detect malicious data using Mobile Agents. In case of attack, we collect at the level of the second layer all the malicious data detected in the first layer for the generation of new signatures using IDS-Cr, which is based on a Signature Generation Algorithm (SGA) and network intrusion detection system (NIDS). Finally, through an IDS-M placed in the third layer, the new signatures will be used to update the database NIDS belonging to IDS-Cr, then the database to NIDS belonging of IDS-Cr the cluster neighboring and also their IDS-C. Hardware firewall is unable to control communication between virtual machines on the same hypervisor. Moreover, they are blind to virtual traffic. Mostly, they are deployed at Virtual Machine Monitor- level (VMM) under Cloud provider’s control. Equally, the mobile agents play an important role in this collaboration. They are used in our framework for investigation of hosts, transfer data malicious and transfer update of a database of neighboring IDS in the cloud. With this technique, the neighboring IDS will use these new signatures to protect their area of control against the same type of attack. By this type of close-loop control, the collaborative network security management framework can identify and address new distributed attacks more quickly and effectively

Preemptive distributed intrusion detection using mobile agents.

by Chan Pui Chung.Thesis (M.Phil.)--Chinese University of Hong Kong, 2002.Includes bibliographical references (leaves [56]-[61]).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- The Trends --- p.1Chapter 1.2 --- What this Thesis Contains --- p.3Chapter 2 --- Background --- p.5Chapter 2.1 --- Computer Security --- p.5Chapter 2.2 --- Anti-intrusion Techniques --- p.6Chapter 2.3 --- The Need for Intrusion Detection System --- p.7Chapter 2.4 --- Intrusion Detection System Categorization --- p.8Chapter 2.4.1 --- Network-based vs. Host-based --- p.8Chapter 2.4.2 --- Anomaly Detection vs. Misuse Detection --- p.10Chapter 2.4.3 --- Centralized vs. Distributed --- p.11Chapter 2.5 --- Agent-based IDS --- p.12Chapter 2.6 --- Mobile agent-based IDS --- p.12Chapter 3 --- Survey on Intrusion Step --- p.14Chapter 3.1 --- Introduction --- p.14Chapter 3.2 --- Getting information before break in --- p.14Chapter 3.2.1 --- Port scanning --- p.14Chapter 3.2.2 --- Sniffing --- p.16Chapter 3.2.3 --- Fingerprinting --- p.17Chapter 3.3 --- Intrusion method --- p.17Chapter 3.3.1 --- DOS and DDOS --- p.17Chapter 3.3.2 --- Password cracking --- p.18Chapter 3.3.3 --- Buffer overflows --- p.19Chapter 3.3.4 --- Race Condition --- p.20Chapter 3.3.5 --- Session Hijacking --- p.20Chapter 3.3.6 --- Computer Virus --- p.21Chapter 3.3.7 --- Worms --- p.21Chapter 3.3.8 --- Trojan Horse --- p.22Chapter 3.3.9 --- Social Engineering --- p.22Chapter 3.3.10 --- Physical Attack --- p.23Chapter 3.4 --- After intrusion --- p.23Chapter 3.4.1 --- Covering Tracks --- p.23Chapter 3.4.2 --- Back-doors --- p.23Chapter 3.4.3 --- Rootkits --- p.23Chapter 3.5 --- Conclusion --- p.24Chapter 4 --- A Survey on Intrusion Detection System --- p.25Chapter 4.1 --- Introduction --- p.25Chapter 4.2 --- Information Source --- p.25Chapter 4.2.1 --- Host-based Source --- p.25Chapter 4.2.2 --- Network-based Source --- p.26Chapter 4.2.3 --- Out-of-band Source --- p.27Chapter 4.2.4 --- Data Fusion from multiple sources --- p.27Chapter 4.3 --- Detection Technology --- p.28Chapter 4.3.1 --- Intrusion signature --- p.28Chapter 4.3.2 --- Threshold Detection --- p.31Chapter 4.3.3 --- Statistical Analysis --- p.31Chapter 4.3.4 --- Neural Network --- p.32Chapter 4.3.5 --- Artificial Immune System --- p.33Chapter 4.3.6 --- Data Mining --- p.33Chapter 4.3.7 --- Traffic Analysis --- p.34Chapter 4.4 --- False Alarm Rate --- p.35Chapter 4.5 --- Response --- p.35Chapter 4.6 --- Difficulties in IDS --- p.36Chapter 4.6.1 --- Base Rate Fallacy --- p.36Chapter 4.6.2 --- Denial of Service Attack against IDS --- p.37Chapter 4.6.3 --- Insertion and Evasion attack against the Network-Based IDS . --- p.37Chapter 4.7 --- Conclusion --- p.38Chapter 5 --- Preemptive Distributed Intrusion Detection using Mobile Agents --- p.39Chapter 5.1 --- Introduction --- p.39Chapter 5.2 --- Architecture Design --- p.40Chapter 5.2.1 --- Overview --- p.40Chapter 5.2.2 --- Agents involved --- p.40Chapter 5.2.3 --- Clustering --- p.42Chapter 5.3 --- How it works --- p.44Chapter 5.3.1 --- Pseudo codes of operations --- p.48Chapter 5.4 --- Advantages --- p.49Chapter 5.5 --- Drawbacks & Possible Solutions --- p.49Chapter 5.6 --- Other Possible Mode of Operation --- p.50Chapter 5.7 --- Conclusion --- p.51Chapter 6 --- Conclusion --- p.52A Paper Derived from this Thesis --- p.54Bibliography --- p.5

Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network

In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.Comment: 16 pages, International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010. arXiv admin note: text overlap with arXiv:1111.1933 by other author