Home  |   Login  |   Logout  |   Access Information  |   Alerts  |   Purchase History  |   Cart  |   Sitemap  |   Help   
 
Abstract
BROWSE SEARCH IEEE XPLORE GUIDE SUPPORT
arrow_leftView TOC
Email/Printer Friendly Format  
 

A SNMP-based platform for distributed stateful intrusion detection in enterprise networks
Gaspary, L.P.   Sanchez, R.N.   Antunes, D.W.   Meneghetti, E.  
Programa Interdisciplinar de Pos-Graduacao em Computacao Aplicada, Univ. do Vale do Rio dos Sinos, Sao Leopoldo, Brazil;

This paper appears in: Selected Areas in Communications, IEEE Journal on
Publication Date: Oct. 2005
Volume: 23,  Issue: 10
On page(s): 1973- 1982
ISSN: 0733-8716
INSPEC Accession Number: 8607908
Digital Object Identifier: 10.1109/JSAC.2005.854116
Current Version Published: 2005-10-03

Abstract
In recent years, intrusion detection systems (IDSs) use has increased into detect security breaches in both systems and networks. However, widespread IDS usage has been hindered by several challenges, including: 1) time-consuming configuration and analysis; 2) integration difficulties with existing network management infrastructure; and 3) the inability to add new attack signatures in a well-understood, yet expressive high-level notation. This paper presents the ID-Trace Management Platform, an extension of the simple network management protocol infrastructure based on the Internet Engineering Task Force (IETF) script management information base (Script MIB) to support distributed stateful intrusion detection in enterprise networks. It provides mechanisms allowing a management station to delegate security-related tasks to mid-level managers (MLMs) that, in turn, interact with monitoring and action agents to execute these tasks. Protocol trace specification language specifications are used by the MLMs to program monitoring agents that sniff packets on the network comparing their signatures to those of known attack signatures. With the information gathered from the monitoring process, the MLMs may execute procedures via the action agents (Java, Tcl, or Perl scripts), enabling the automation of several security tasks (including reactive and proactive tasks). The platform also provides notification mechanisms (traps) so that MLMs can report the occurrence of major events to the management station.

Index Terms
Available to subscribers and IEEE members.

References
Available to subscribers and IEEE members.
Citing Documents
Available to subscribers and IEEE members.
You are not logged in.
Guests may access Abstract records free of charge.
Login
Username
Password
» Forgot your password?
Please remember to log out when you have finished your session.
You must log in to access:
• Advanced or Author Search
• CrossRef Search
• AbstractPlus Records
• Full Text PDF
• Full Text HTML
Access this document
Full Text: PDF (1312 KB)
» Buy this document now
»  Learn more about
»  Learn more about
    purchasing articles
    and standards

Rights and Permissions
» Learn More
Download this citation
Available to subscribers and IEEE members.
 
arrow_leftView TOC   |  Back to toparrow_up
Indexed by IEE Inspec
© Copyright 2009 IEEE – All Rights Reserved