ISP-operated protection of home networks with FIDRAN

In order to fight against the increasing number of network security incidents due to mal-protected home networks permanently connected to the Internet via DSL, TV cable or similar technologies, we propose that Internet service providers (ISP) operate and manage intrusion prevention systems (IPS) which are to a large extend executed on the consumer´s gateway to the Internet (e.g., DSL router). The paper analyses the requirements of ISP-operated intrusion prevention systems and presents our approach for an IPS that runs on top of an active networking environment and is automatically configured by a vulnerability scanner. We call the system FIDRAN (Flexible Intrusion Detection and Response framework for Active Networks). The system autonomously analyses the home network and correspondingly configures the IPS. Furthermore, our system detects and adjusts itself to changes in the home network (new service, new host, etc.). First performance comparisons show that our approach - while offering more flexibility and being able to support continuous updating by active networking principles - competes well with the performance of conventional intrusion prevention systems like Snort-Inline.