Abstract
The large number of machines with different operating systems and applications in an enterprise network makes it very difficult for the system administrator to close all security holes and install the latest OS and software patches. When the network is connected to the Internet and services are remotely available they become a potential target for hackers. As the number of security related incidents is constantly increasing at an alarming rate the need for automated tools to detect intrusions becomes evident. Such tools are called intrusion detection systems.
We present Sparta, a system that allows to detect security policy violations and network intrusions in a heterogeneous, networked environment. We have designed a pattern language in order to express intrusions (i.e. offending event patterns) in a declarative manner. This allows to specify what to detect instead of how to detect. A fully distributed approach to find the given patterns is presented as well. We use mobile agents to correlate event data instead of moving the whole information to a central location. This increases the fault tolerance and scalability of our system.
Chapter PDF
Similar content being viewed by others
Keywords
References
Asaka, M., Taguchi, A., and Goto, S. (1999). The implementation of ida: An intrusion detection agent system. In Proceedings of the 11th FIRST Conference.
Balasubramaniyan, J. S., Garcia-Fernandez, J. O., Isacoff, D., Spafford, E., and Zamboni, D. (1998). An architecture for intrusion detection using autonomous agents. In 14th IEEE Computer Security Applications Conference.
de Queiroz, J. D., da Costa Carmo, L. F. R., and Pirmez, L. (1999). Micael: Anautonomousmobile agent system to protect new generation networked applications. In 2nd Annual Workshop on Recent Advances in Intrusion Detection.
Jansen, W. and Karygiannis, T. (1999). Mobile agents and security. Special Pub. 800-19, NIST.
Jansen. W., Mell, P., Karygiannis. and Marks, D. (1999). Applying mobile agents to intrusion detection and response. Interim Report (IR) 6416. NIST.
Kemmerer, R. A. (1997). A model-based real-time network intrusion detection system. Technical report, Computer Science Dep., University of California Santa Barbara, November.
Krügel, C. and Toth, T. (2001). Applying mobile agent technology to intrusion detection. In ICSE Workshop on Software Engineering and Mobility.
NFR (2001). Network Flight Recorder. http://www.nfr.net/.
Perrochon. L., Jang, E., and Luckham, D. C. (2000). Enlisting event patterns for cyber battlefield awareness. In ARPA Information Survivability Conference and Exposition (DISCEX’00).
Perrochon, L., Kasriel, S., and Luckham, D. C. (1999). Managing event processing networks. Technical Report CSL-TR-99-877, Stanford Computer Systems Laboratory.
Porras, P. A. and Neumann. P. G. (1997). Emerald: Event monitoring enabling responses to anomalous live disturbances. In Proceedings of the 20th NIS Security Conference.
Pratt, V. (1986). Modelling concurrency with partial orders. Int. Journal of Parallel Programming, 15(1):33–71.
RAPIDE (1997). Rapide 1.0 Pattern Language Reference. Stanford University.
Real Secure (2001). Realsecure. http://www.iss.net/customer_care/resource_center/product_lit/.
Sheers, K. R. (1996). HP OpenView Event correlation. Hewlett-Packard Journal.
Staniford-Chen, S., Cheung, S.. Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., and Zerkle, D. (1996). Grids-a graph based intrusion detection system for large networks. In Proceedings of the 20th National Information Systems Security Conference, volume 1, pages 361–370.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Krügel, C., Toth, T., Kirda, E. (2002). Sparta. In: De Decker, B., Piessens, F., Smits, J., Van Herreweghen, E. (eds) Advances in Network and Distributed Systems Security. IFIP International Federation for Information Processing, vol 78. Springer, Boston, MA. https://doi.org/10.1007/0-306-46958-8_13
Download citation
DOI: https://doi.org/10.1007/0-306-46958-8_13
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-7923-7558-6
Online ISBN: 978-0-306-46958-9
eBook Packages: Springer Book Archive