Title :
Defending distributed systems against malicious intrusions and network anomalies
Author :
Hwang, Kai ; Chen, Ying ; Liu, Hua
Author_Institution :
Univ. of Southern California, Los Angeles, CA, USA
Abstract :
Network security breaches hinder the application of distributed computing systems manifested as the grids, clusters, intranets, extranets, or P2P systems. A new integrated approach is presented for building future, network-based intrusion detection systems (NIDS). We integrate the Snort (a NIDS) with a custom-designed anomaly detection system (ADS) to yield a powerful cyber defense system, called CAIDS. This system detects known attacks through signature matching and reveals network anomalies by Internet traffic data mining. The CAIDS design integrates two different detection engines for alert correlation between intrusions and anomalies. We aim to automate signature generation into Snort database. The system was tested over an Internet trace of 24 millions of packets containing 200 attacks. Our simulation experiments result in a 75% detection rate on all attacks with a low 5% false alarm rate. The system generates alerts on both intrusive attacks to distributed resources and anomalies detected in the Internet, intranet, and extranet connections.
Keywords :
Internet; computer network management; data mining; security of data; telecommunication security; telecommunication traffic; Internet traffic data mining; Snort; automatic signature matching; cyber defense system; distributed computing system; network anomalies detection system; network security breach; network-based intrusion detection system; Buildings; Data mining; Distributed computing; Extranets; IP networks; Internet; Intrusion detection; Power system security; Telecommunication traffic; Traffic control;
Conference_Titel :
Parallel and Distributed Processing Symposium, 2005. Proceedings. 19th IEEE International
Print_ISBN :
0-7695-2312-9
DOI :
10.1109/IPDPS.2005.160
