Proceedings of the ninth annual ACM-SIAM symposium on Discrete algorithms
Discovery of Frequent Episodes in Event Sequences
Data Mining and Knowledge Discovery
CARDS: A Distributed System for Detecting Coordinated Attacks
Proceedings of the IFIP TC11 Fifteenth Annual Working Conference on Information Security for Global Information Infrastructures
Experience with EMERALD to Date
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Linux Kernel hash table behavior: analysis and improvements
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Hi-index | 0.00 |
In this paper, we present the design and implementation of Coordinated Intrusion Prevention System (CIPS), which includes Parallel Firewall (PFW), Flow Detection (FD) and Multiple Intrusion Detection System (MIDS) to against large-scale or coordinated intrusions. The PFW consists of several firewalls working in parallel mainly by means of packet filtering, state inspection, and SYN proxy. The FD and MIDS detect and analyze the flow at the same time. The former one uses artificial neural network to analyze network traffic and detect flow anomaly. The latter one adopts traditional techniques such as protocol flow analysis and content-based virus detection to detect and prevent conventional intrusions and virus. Taking load balancing into account, CIPS also has Flow Scheduler (FS) for dispatching packets to each parallel component evenly. In addition, there is a Console & Manager (CM) aiming to reduce redundant alerts and to provide a feedback mechanism by alert clustering and to recognize the potential correlation rules among coordinated intrusion through mining large amounts of alerts.