CIPS: coordinated intrusion prevention system

Authors:
Hai Jin;Zhiling Yang;Jianhua Sun;Xuping Tu;Zongfen Han
Affiliations:
Cluster and Grid Computing lab, Huazhong University of Science and Technology, Wuhan, China;Cluster and Grid Computing lab, Huazhong University of Science and Technology, Wuhan, China;Cluster and Grid Computing lab, Huazhong University of Science and Technology, Wuhan, China;Cluster and Grid Computing lab, Huazhong University of Science and Technology, Wuhan, China;Cluster and Grid Computing lab, Huazhong University of Science and Technology, Wuhan, China
Venue:
ICOIN'05 Proceedings of the 2005 international conference on Information Networking: convergence in broadband and mobile networking
Year:
2005

Citing 9
Cited 0

Direct routing on trees

Proceedings of the ninth annual ACM-SIAM symposium on Discrete algorithms
Discovery of Frequent Episodes in Event Sequences

Data Mining and Knowledge Discovery
CARDS: A Distributed System for Detecting Coordinated Attacks

Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
Experience with EMERALD to Date

Proceedings of the Workshop on Intrusion Detection and Network Monitoring
A Neural Network Component for an Intrusion Detection System

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Learning attack strategies from intrusion alerts

Proceedings of the 10th ACM conference on Computer and communications security
Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Linux Kernel hash table behavior: analysis and improvements

ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present the design and implementation of Coordinated Intrusion Prevention System (CIPS), which includes Parallel Firewall (PFW), Flow Detection (FD) and Multiple Intrusion Detection System (MIDS) to against large-scale or coordinated intrusions. The PFW consists of several firewalls working in parallel mainly by means of packet filtering, state inspection, and SYN proxy. The FD and MIDS detect and analyze the flow at the same time. The former one uses artificial neural network to analyze network traffic and detect flow anomaly. The latter one adopts traditional techniques such as protocol flow analysis and content-based virus detection to detect and prevent conventional intrusions and virus. Taking load balancing into account, CIPS also has Flow Scheduler (FS) for dispatching packets to each parallel component evenly. In addition, there is a Console & Manager (CM) aiming to reduce redundant alerts and to provide a feedback mechanism by alert clustering and to recognize the potential correlation rules among coordinated intrusion through mining large amounts of alerts.