DocumentCode
2975979
Title
A distributed network-sensor based intrusion detection framework in enterprise networks
Author
Zhang, Difan ; Yu, Wei ; Hardy, Rommie
Author_Institution
Dept. of Comput. & Inf. Sci., Towson Univ., Towson, MD, USA
fYear
2011
fDate
7-10 Nov. 2011
Firstpage
1195
Lastpage
1200
Abstract
In this paper, we propose a distributed network sensor based intrusion detection framework to detect the emerging stealthy attacks, including malware propagation in enterprise networks. In this framework, we consider the distributed detection agents on hosts, which monitor network traffic and other anomalies on the hosts, efficiently process and aggregate detection data, and generates attack alerts. The control center collects information from the distributed detection agents and detects the attacks and compromised hosts. We develop techniques, including a deep packet inspection to process network traffic efficiently, detection algorithms (e.g., passive/ active discovery mechanisms to identify compromised hosts). To demonstrate the effectiveness of our proposed framework, we have implemented a proof-of-concept system and conducted real-world experiments. Our data show the effectiveness of our approach to detect attacks, including the malware propagation.
Keywords
business communication; distributed sensors; invasive software; security of data; telecommunication networks; telecommunication traffic; deep packet inspection; distributed detection agents; distributed network sensor; emerging stealthy attacks; enterprise networks; intrusion detection framework; malware propagation; network traffic; proof of concept system; Aggregates; Computers; Inspection; Internet; Malware; Servers; Software; Distributed Intrusion Detection; Enterprise Networks; Network Sensors;
fLanguage
English
Publisher
ieee
Conference_Titel
MILITARY COMMUNICATIONS CONFERENCE, 2011 - MILCOM 2011
Conference_Location
Baltimore, MD
ISSN
2155-7578
Print_ISBN
978-1-4673-0079-7
Type
conf
DOI
10.1109/MILCOM.2011.6127462
Filename
6127462
Link To Document