Outbound Intrusion Detection

نویسندگان

  • Salvador Mandujano
  • Arturo Galván
چکیده

This paper describes a variation to the traditional intrusion detection approach motivated by longstanding challenges and recent trends in information security. Intrusion detection systems have historically focused on the protection of local resources by identifying signs of malicious activity that may help administrators prevent a break-in and limit its effects. Outbound intrusion detection focuses, not on preventing a host from being compromised, but on guaranteeing that the host will not be used as an attack launcher or intrusion relayer to compromise other systems. This approach leverages the quality of evidence available to a host regarding its own activity, and supports the idea of splitting up security monitoring into multiple, smaller tasks. We explain the motivation behind this idea by describing some limitations of intrusion detection technologies as well as some findings from security surveys. We also discuss the most relevant characteristics of the approach and outline the benefits it has from a research perspective.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An Ontology-supported Outbound Intrusion Detection System

Outbound intrusion detection is a systems vigilance approach that aims at limiting the effects of a security threat by collectively scrutinizing outgoing traffic and local system activity. This paper summarizes the design and implementation of FROID, an outbound intrusion detection prototype built with agent technology that exploits the semantic power of ontologies in order to enable collaborat...

متن کامل

A Comprehensive Study on Classification of Passive Intrusion and Extrusion Detection System

Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems namely Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS). Intrusion Detection System (IDS) monitors ...

متن کامل

Identifying Attack Code through an Ontology-Based Multiagent Tool: FROID

This paper describes the design and results of FROID, an outbound intrusion detection system built with agent technology and supported by an attacker-centric ontology. The prototype features a misuse-based detection mechanism that identifies remote attack tools in execution. Misuse signatures composed of attributes selected through entropy analysis of outgoing traffic streams and process runtim...

متن کامل

Identifying Attack Code through an Ontology-Based Multiagent Tool: FROID

This paper describes the design and results of FROID, an outbound intrusion detection system built with agent technology and supported by an attacker-centric ontology. The prototype features a misuse-based detection mechanism that identifies remote attack tools in execution. Misuse signatures composed of attributes selected through entropy analysis of outgoing traffic streams and process runtim...

متن کامل

Hybrid Intrusion Detection with Weighted Signature Generation

An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system IDS. Since IDS only works by matching the incoming transaction record with its predefined attack patterns stored in the database, it is necessary to develop a system whi...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2004