DocumentCode :
1704544
Title :
State-driven stack-based network intrusion detection system
Author :
Payer, U.
Author_Institution :
Inst. of Applied Inf. Process. & Commun., Univ. of Technol., Graz, Austria
Volume :
2
fYear :
2003
Firstpage :
613
Abstract :
The function of a network intrusion detection system is to identify and react on any abnormal behavior determined as an attack to a network segment or a dedicated host. The proposed concept is based on a distributed network intrusion detection system (D-NIDS) integrated as a pump-in-the-stack process, based on a simplified open source network stack (light weight IP-lwIP). The small process-footprint (multi or single threaded) makes this solution suitable for all platforms and operating systems. Thus, embedded systems as well as high performance PCs or workstations may run this service without operating expense. The proposed solution differs from other solutions by a simple installation process-since no interactions are existing between the host- and the NIDS-stack- and the ability to run applications on top of the IDS (e.g. alluring-systems or sandbox systems). But the main idea is to take advantage of a mechanism known as "state-transition intrusion detection" and the integration of this mechanism into the network stack. The usage of state-transition based signatures can reduce large database entries and allows the reuse of already existing network stacks. Due to small database entries, this approach is highly scalable and can be a proper solution for small devices, PDAs, and embedded systems.
Keywords :
IP networks; embedded systems; network operating systems; safety systems; IP networks; PDA; database entries; embedded systems; high performance PC; installation process; network segment; open source network stack; operating systems; pump-in-the-stack process; stack-based distributed network intrusion detection system; state-transition driven signatures; Communications technology; Databases; Embedded system; Information processing; Intrusion detection; Lakes; Operating systems; Personal communication networks; Personal digital assistants; Workstations;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Telecommunications, 2003. ConTEL 2003. Proceedings of the 7th International Conference on
Conference_Location :
Zagreb, Croatia
Print_ISBN :
953-184-052-0
Type :
conf
DOI :
10.1109/CONTEL.2003.176969
Filename :
1215879
Link To Document :
بازگشت