Implementing an Object Oriented, Knowledge Based Network Reference Monitor and Intrusion Detection System
Abstract:
With the unprecedented growth of computer networks in the past decade, the need for security is now bigger than ever. An intrusion detection system (IDS) can add a level of security to a computer network by monitoring all the users in its environment. Generally, an IDS detects attacks by analyzing the payload in messages or commands. Recently, a way of detecting intruders without looking at the contents of a message was introduced [1]. The technique is applied to the specific problem setting of security protocols. This paper addresses a new and novel technique of gathering meta-information of network messages and describes the technique as implemented. Unfortunately, actual encrypted traffic is not available to test this concept, so our work includes development of a simulation environment. Consequently, our system consists of a monitor, a principal simulation environment, and a security protocol intrusion detection engine. We address our design framework, the software techniques to accomplish the network programming in our environment and how our design relates to the
Citations
| 207 | Timestamps in key distribution protocols – Denning, Sacco - 1981 |
| 176 | A Survey of Authentication Protocol Literature: Version 1.0 – Clark, Jacob - 1997 |
| 95 | E cient and Timely Mutual Authentication – Otway, Rees - 1987 |
| 15 | Using Encryption for Authentication – Needham, Schroeder - 1978 |
| 13 | The common intrusion detection framework (cidf – Staniford-Chen, Tung, et al. - 1998 |
| 4 | An Environment for Security Protocol Intrusion Detection – Yasinsac |
| 4 | Network Programming for Microsoft Windows – Jones, Ohlund - 2002 |
| 3 | An Intrusion-Detection Model”, From 1986 – Denning |
| 2 | Active Protection of Trusted Security Services – Yasinsac - 2000 |
| 1 | The Monitor and Principals – Martin, Tutorial”, et al. - 1998 |
