Title :
A distributed network-sensor based intrusion detection framework in enterprise networks
Author :
Zhang, Difan ; Yu, Wei ; Hardy, Rommie
Author_Institution :
Dept. of Comput. & Inf. Sci., Towson Univ., Towson, MD, USA
Abstract :
In this paper, we propose a distributed network sensor based intrusion detection framework to detect the emerging stealthy attacks, including malware propagation in enterprise networks. In this framework, we consider the distributed detection agents on hosts, which monitor network traffic and other anomalies on the hosts, efficiently process and aggregate detection data, and generates attack alerts. The control center collects information from the distributed detection agents and detects the attacks and compromised hosts. We develop techniques, including a deep packet inspection to process network traffic efficiently, detection algorithms (e.g., passive/ active discovery mechanisms to identify compromised hosts). To demonstrate the effectiveness of our proposed framework, we have implemented a proof-of-concept system and conducted real-world experiments. Our data show the effectiveness of our approach to detect attacks, including the malware propagation.
Keywords :
business communication; distributed sensors; invasive software; security of data; telecommunication networks; telecommunication traffic; deep packet inspection; distributed detection agents; distributed network sensor; emerging stealthy attacks; enterprise networks; intrusion detection framework; malware propagation; network traffic; proof of concept system; Aggregates; Computers; Inspection; Internet; Malware; Servers; Software; Distributed Intrusion Detection; Enterprise Networks; Network Sensors;
Conference_Titel :
MILITARY COMMUNICATIONS CONFERENCE, 2011 - MILCOM 2011
Conference_Location :
Baltimore, MD
Print_ISBN :
978-1-4673-0079-7
DOI :
10.1109/MILCOM.2011.6127462
