Outbound Intrusion Detection
نویسندگان
چکیده
This paper describes a variation to the traditional intrusion detection approach motivated by longstanding challenges and recent trends in information security. Intrusion detection systems have historically focused on the protection of local resources by identifying signs of malicious activity that may help administrators prevent a break-in and limit its effects. Outbound intrusion detection focuses, not on preventing a host from being compromised, but on guaranteeing that the host will not be used as an attack launcher or intrusion relayer to compromise other systems. This approach leverages the quality of evidence available to a host regarding its own activity, and supports the idea of splitting up security monitoring into multiple, smaller tasks. We explain the motivation behind this idea by describing some limitations of intrusion detection technologies as well as some findings from security surveys. We also discuss the most relevant characteristics of the approach and outline the benefits it has from a research perspective.
منابع مشابه
An Ontology-supported Outbound Intrusion Detection System
Outbound intrusion detection is a systems vigilance approach that aims at limiting the effects of a security threat by collectively scrutinizing outgoing traffic and local system activity. This paper summarizes the design and implementation of FROID, an outbound intrusion detection prototype built with agent technology that exploits the semantic power of ontologies in order to enable collaborat...
متن کاملA Comprehensive Study on Classification of Passive Intrusion and Extrusion Detection System
Cyber criminals compromise Integrity, Availability and Confidentiality of network resources in cyber space and cause remote class intrusions such as U2R, R2L, DoS and probe/scan system attacks .To handle these intrusions, Cyber Security uses three audit and monitoring systems namely Intrusion Prevention Systems (IPS), Intrusion Detection Systems (IDS). Intrusion Detection System (IDS) monitors ...
متن کاملIdentifying Attack Code through an Ontology-Based Multiagent Tool: FROID
This paper describes the design and results of FROID, an outbound intrusion detection system built with agent technology and supported by an attacker-centric ontology. The prototype features a misuse-based detection mechanism that identifies remote attack tools in execution. Misuse signatures composed of attributes selected through entropy analysis of outgoing traffic streams and process runtim...
متن کاملIdentifying Attack Code through an Ontology-Based Multiagent Tool: FROID
This paper describes the design and results of FROID, an outbound intrusion detection system built with agent technology and supported by an attacker-centric ontology. The prototype features a misuse-based detection mechanism that identifies remote attack tools in execution. Misuse signatures composed of attributes selected through entropy analysis of outgoing traffic streams and process runtim...
متن کاملHybrid Intrusion Detection with Weighted Signature Generation
An intrusion detection system (IDS) inspects all inbound and outbound network activity and identifies suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system IDS. Since IDS only works by matching the incoming transaction record with its predefined attack patterns stored in the database, it is necessary to develop a system whi...
متن کامل