By Topic

A SNMP-based platform for distributed stateful intrusion detection in enterprise networks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
L. P. Gaspary ; Programa Interdisciplinar de Pos-Graduacao em Computacao Aplicada, Univ. do Vale do Rio dos Sinos, Sao Leopoldo, Brazil ; R. N. Sanchez ; D. W. Antunes ; E. Meneghetti

In recent years, intrusion detection systems (IDSs) use has increased into detect security breaches in both systems and networks. However, widespread IDS usage has been hindered by several challenges, including: 1) time-consuming configuration and analysis; 2) integration difficulties with existing network management infrastructure; and 3) the inability to add new attack signatures in a well-understood, yet expressive high-level notation. This paper presents the ID-Trace Management Platform, an extension of the simple network management protocol infrastructure based on the Internet Engineering Task Force (IETF) script management information base (Script MIB) to support distributed stateful intrusion detection in enterprise networks. It provides mechanisms allowing a management station to delegate security-related tasks to mid-level managers (MLMs) that, in turn, interact with monitoring and action agents to execute these tasks. Protocol trace specification language specifications are used by the MLMs to program monitoring agents that sniff packets on the network comparing their signatures to those of known attack signatures. With the information gathered from the monitoring process, the MLMs may execute procedures via the action agents (Java, Tcl, or Perl scripts), enabling the automation of several security tasks (including reactive and proactive tasks). The platform also provides notification mechanisms (traps) so that MLMs can report the occurrence of major events to the management station.

Published in:

IEEE Journal on Selected Areas in Communications  (Volume:23 ,  Issue: 10 )