Article

Free access

Distributed intrusion detection in clusters based on non-interference

Authors:

Jacob Zimmermann,

George MohayAuthors Info & Claims

ACSW Frontiers '06: Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54

Pages 89 - 95

Published: 01 January 2006 Publication History

Abstract

We present in this paper the investigation of a noninterference-based, policy-based intrusion detection system to detect security policy violations in clusters. The Reference Flow Control model has been proposed as a host-based approach for detecting security policy violations. We extend its design to deal with security policies applicable to cluster or grid applications.To achieve distributed intrusion detection, a host-based Reference Flow Control-based intrusion detection system is deployed on all nodes of a cluster. Messaging between the nodes is instrumented in order to enclose the actual message payloads with a small amount of meta-information used for communication between the local IDSes. Finally, we describe a proof-of-concept implementation on Linux/MPICH.

References

[1]

Balepin, I., Maltsev, S., Rowe, J. & Levitt, K. N. (2003), Using specification-based intrusion detection for automated response., in 'RAID', pp. 136-154.

[2]

Brewer, D. F. C. & Nash, M. J. (1989), The Chinese wall security policy, in 'IEEE Symposium on Seurity and Privacy', pp. 206-214.

[3]

Goguen, J. A. & Meseguer, J. (1982), Security policies and security models, in 'IEEE Symposium on Security and Privacy', pp. 11-20.

[4]

Goguen, J. A. & Meseguer, J. (1984), Unwinding the inference control, in 'IEEE Symposium on Security and Privacy', pp. 75-85.

[5]

Ko, C. & Redmond, T. (2002), Noninterference and intrusion detection., in 'IEEE Symposium on Security and Privacy', pp. 177-187.

Digital Library

[6]

McLean, J. (1994), A general theory of composition for trace sets closed under selective interleaving functions, in 'Proc. IEEE Symposium on Research in Security and Privacy', pp. 79-93.

Digital Library

[7]

MPICH - A Portable Implementation of MPI (n.d.), http://www-unix.mcs.anl.gov/mpi/mpich/.

[8]

Pourzandi, M., Gordon, D., Yurcik, W. & Koenig, G. A. (2005), Clusters and security: Distributed security for distributed systems, in '5th IEEE International Symposium on Cluster Computing and the Grid'.

Digital Library

[9]

Schneider, F. B. (2000), 'Enforceable security policies', Information and System Security 3(1), 30- 50.

Digital Library

[10]

Schneider, S. (2001), 'May Testing, Noninterference and Composability', Technical Report, Royal Holloway University of London.

[11]

Uppuluri, P. & Sekar, R. (2001), Experiences with specification-based intrusion detection., in 'Recent Advances in Intrusion Detection', pp. 172- 189.

Digital Library

[12]

Vigna, G., Eckmann, S. & Kemmerer, R. (2000), The STAT Tool Suite, in 'Proceedings of DISCEX 2000', IEEE Computer Society Press, Hilton Head, South Carolina.

[13]

Yurcik, W., Meng, X. & Kiyanclar, N. (2004a), Nvisioncc: a visualization framework for high performance cluster security, in 'VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security', ACM Press, New York, NY, USA, pp.133-137.

Digital Library

[14]

Yurcik, W., Meng, X. & Kiyanclar, N. (20046), Nvisioncc: a visualization framework for high performance cluster security, in 'VizSEC/DMSEC '04: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security', ACM Press, New York, NY, USA, pp.133-137.

Digital Library

[15]

Zimmermann, J., Mé, L. & Bidan, C. (2002), Introducing reference flow control for detecting intrusion symptoms at the os level., in 'RAID', pp. 292-306.

Digital Library

[16]

Zimmermann, J., Mé, L. & Bidan, C. (2003a), Experimenting with a policy-based hids based on an information flow control model., in 'ACSAC, pp. 364-373.

Digital Library

[17]

Zimmermann, J., Mé, L. & Bidan, C. (2003b), An improved reference flow control model for policy-based intrusion detection., in 'ESORICS', pp. 291-308.

Cited By

Fredj OSallay HAmmar ARouached MAl-Shalfan KSaad M(2010)On distributed intrusion detection systems design for high speed networksProceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy10.5555/1948838.1948855(115-120)Online publication date: 14-Dec-2010
https://dl.acm.org/doi/10.5555/1948838.1948855
Chandola VBanerjee AKumar V(2009)Anomaly detectionACM Computing Surveys10.1145/1541880.154188241:3(1-58)Online publication date: 30-Jul-2009
https://dl.acm.org/doi/10.1145/1541880.1541882

Index Terms

Distributed intrusion detection in clusters based on non-interference

Recommendations

Rule generalisation in intrusion detection systems using SNORT

Intrusion Detection Systems (IDSs) provide an important layer of security for computer systems and networks. An IDS's responsibility is to detect suspicious or unacceptable system and network activity and to alert a systems administrator to this ...
Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
The Design and Implementation of Host-Based Intrusion Detection System
IITSI '10: Proceedings of the 2010 Third International Symposium on Intelligent Information Technology and Security Informatics

Intrusion detection is the process of identifying and responding to suspicious activities targeted at computing and communication resources, and it has become the mainstream of information assurance as the dramatic increase in the number of attacks. ...

Comments

Information & Contributors

Information

Published In

cover image DL Hosted proceedings

ACSW Frontiers '06: Proceedings of the 2006 Australasian workshops on Grid computing and e-research - Volume 54

January 2006

230 pages

ISBN:1920682368

Publisher

Australian Computer Society, Inc.

Australia

Publication History

Published: 01 January 2006

Author Tags

Qualifiers

Article

Conference

ACSW Frontiers '06

ACSW Frontiers '06: Grid computing and e-research

January 16 - 19, 2006

Tasmania, Hobart, Australia

Acceptance Rates

Overall Acceptance Rate 204 of 424 submissions, 48%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
359
Total Downloads

Downloads (Last 12 months)80
Downloads (Last 6 weeks)17

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Fredj OSallay HAmmar ARouached MAl-Shalfan KSaad M(2010)On distributed intrusion detection systems design for high speed networksProceedings of the 9th WSEAS international conference on Advances in e-activities, information security and privacy10.5555/1948838.1948855(115-120)Online publication date: 14-Dec-2010
https://dl.acm.org/doi/10.5555/1948838.1948855
Chandola VBanerjee AKumar V(2009)Anomaly detectionACM Computing Surveys10.1145/1541880.154188241:3(1-58)Online publication date: 30-Jul-2009
https://dl.acm.org/doi/10.1145/1541880.1541882

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents