Design and implementation of a scalable intrusion detection system for the protection of network infrastructure

This paper presents the design, implementation, and experimentation of the JiNao intrusion detection system (IDS) which focuses on the protection of the network routing infrastructure. We used the open shortest path first (OSPF) routing protocol as an implementation example to illustrate our IDS design. However, the system architecture is generic enough that the JiNao IDS can be used for protecting other protocols. The system features attack prevention and intrusion detection with tightly integrated network management components. The prevention module functions like a firewall which consists of a small set of rules. Both misuse (protocol analysis) and anomaly (statistical based) approaches are implemented as detection mechanisms in order to handle both known and unknown attacks. Four OSPF attacks (i.e., MaxSeq, MaxAge, Seq++, and LSID attacks) have been developed for evaluating JiNao´s detecting capability. Furthermore, an SNMP based network management interface has been designed and implemented such that the JiNao IDS can be easily integrated with existing network management systems