This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.
Network Intrusion Detection System Embedded on a Smart Sensor Francisco Maciá-Pérez, Francisco J. Mora-Gimeno, Diego Marcos-Jorquera, Juan A. Gil-Martínez-Abarca, Héctor Ramos-Morillo, and Iren Lorenzo-Fonseca to cope with them, making impossible to scrutinize and understand adequately the network's security status . In order to solve this problem, the distributed intrusion detection systems (DIDS) combine all these scattered alerts and make use of their logic relationship, thus obtaining additional information. DIDS are currently as necessary as complex, due to the fact that they involve several technologies, devices and network resources, as well as sophisticated management tasks which are beyond the scope of many users or organizations which do not have a highly specialized team of administrators. There are still many open fronts in the field of intrusion detection, which are not solely concerned with improving detection ratios or with reducing the number of false positives that they generate. Some of them are: a) IT technological infrastructure which supports this type of system is increasingly sophisticated thus increasing both the complexity and number of associated management tasks; b) these systems are increasingly required to generate more information which overloads the network and the intrusion analysis systems themselves. Of all the problems, these are the ones which our proposal addresses in seeking architectures for the effective distribution of system logic, reducing as far as possible the impact of increased network traffic, keeping detection levels of the present systems and proposing scalable solutions, easy to implement and with a zero-maintenance philosophy. The huge range of small, low-cost embedded devices provided with one or more sensors, interconnected through wireless or cable networks integrated to the Internet, provide endless opportunities for monitoring and controlling organizations, homes, cities or the environment. Examples of this kind of devices are hardware probes RMON-based . Furthermore, Smart Sensors technology gives support to specific requirements such as restrictions in the assignation of resources, compactness and flexibility to be adapted to various types of sensors, interfaces and computational communications and hardware . These characteristics make the embedded devices in general and the smart sensors in particular an ideal framework for resolving many of the problems detected in the Network IDS (NIDS) , . In view of the foregoing, this article proposes to apply the technology of Smart Sensors to design a physical device in which a NIDS capable of understanding the captured traffic and offering it on demand is embedded.
Abstract—This paper proposes a Network Intrusion Detection System (NIDS) embedded in an Smart Sensor inspired device, under a Service Oriented Architecture (SOA) approach, able to operate independently as an anomaly-based NIDS or integrated, transparently, in a Distributed Intrusion Detection System (DIDS). The proposal is innovative, because it combines the advantages of Smart Sensor approach and the subsequent offering of the NIDS functionality as a service with the SOA use in order to achieve their integration with other DIDS components. The main goal of the work is to reduce the huge volume of management tasks inherent to this type of network services, as well as facilitating the design of DIDS whose managing complexity could be restricted within well defined margins. The work also addresses the construction of a physical sensor prototype. This prototype was used to carry out the tests that has demonstrated the proposal’s validity, providing detection and performance ratios similar to those of existing IDS, but with the advantage of a zeromaintenance approach. Index Terms—Intrusion...
Please join StudyMode to read the full document