Detection workload in a dynamic grid-based intrusion detection environment

doi:10.1016/j.jpdc.2007.06.002

Journal of Parallel and Distributed Computing

Volume 68, Issue 4, April 2008, Pages 427-442

https://doi.org/10.1016/j.jpdc.2007.06.002 Get rights and content

Abstract

Denial-of-service (DoS) and distributed denial-of-service (DDoS) are two of the most serious and destructive network threats on the Internet. Hackers, exploiting all kinds of malicious packages to attack and usurp network hosts, servers and bandwidth, have seriously damaged enterprise, campus and government network systems. Many network administrators employ intrusion detection systems (IDSs) and/or firewalls to protect their systems. However, some systems lose most of their detection and/or protection capabilities when encountering a huge volume of attack packets. In addition, some detection resources may fail due to hardware and/or software faults.

In this paper, we propose a Grid-based platform, named the dynamic grid-based intrusion detection environment (DGIDE), which exploits Grid's abundant computing resources to detect a massive amount of intrusion packets and to manage a dynamic environment. A detector, a node that detects attacks, can dynamically join or leave the DGIDE. A newly joined detector is tested so that we can obtain its key performance curves, which are used to balance detection workload among detectors. The DGIDE backs up network packets. When, for some reason, a detector cannot continue its detection thus leaving an unfinished detection task, the DGIDE allocates another available detector to take over. Therefore, the drawbacks of ordinary security systems as mentioned above can be avoided.

Section snippets

Fang-Yie Leu received his B.S., master and Ph.D. degrees all from National Taiwan University of Science and Technology, Taiwan, in 1983, 1986 and 1991, respectively, and another master degree from Knowledge System Institute, USA, in 1990. His research interests include wireless communication, network security, Grid applications and Chinese natural language processing. He is currently an associate professor of TungHai University, Taiwan, and director of database and network security laboratory

References (37)

E. Shmueli et al.
Backfilling with lookahead to optimize the packing of parallel jobs
J. Parallel Distributed Comput.
(2005)
A. Adas, Traffic models in broadband networks, IEEE Comm. Mag. July 1997, pp....
R.K.C. Chang, Defending against flooding-based distributed denial-of-service attack: a tutorial, IEEE Comm. Mag. (2002)...
A.B. Downey et al.
The elusive goal of workload characterization
ACM SIGMETRICS Performance Evaluation Review
(1999)
D.G. Feitelson, On the scalability of centralized control, In: Workshop on System Management Tools for Large-Scale...
I. Foster et al.
The Grid: Blueprint for a New Computing Infrastructure
(1999)
V.S. Frost, B. Melamed, Traffic modeling for telecommunications networks, IEEE Comm. Mag. March 1994, pp....
M. Gokhale, et.al., Granidt: towards gigabit rate network intrusion detection technology, Proceedings of the 12th...
D. Gross et al.
Fundamentals of Queueing Theory
(1998)
K. Ishibashi, et al., Measurement of DNS traffic caused by DDoS attack, Proceedings of the 2005 Symposium on...

L. Jin, W.Q. Tong, J.Q. Tang, B. Wang, A fault-tolerance mechanism in Grid, Proceedings of IEEE International...

L. Kleinrock, Queueing Systems, Theory, vol. 1, Wiley, New York,...

C. Kruegel, F. Valeur, G. Vigna, R. Kemmerer, Stateful intrusion detection for high-speed networks, Proceedings of the...

Least Squares,...

F.Y. Leu, J.C. Lin, M.C. Li, A real-time grid intrusion detection system, IEEE Trans. Dependable Secure Comput.,...

F.Y. Leu, J.C. Lin, M.C. Li, C.T. Yang, A performance-based grid intrusion detection system, Proceedings of IEEE Annual...

F.Y. Leu et al.

Integrating grid with intrusion detection

Proceedings of IEEE International Conference on Advanced Information Networking and Applications

(2005)

F.Y. Leu, S.J. Yan, W.K. Chang, Fuzzy-based dynamic bandwidth allocation system, Proceedings of Fuzzy Systems and...

Cited by (13)

Active storage networks: Using embedded computation in the network switch for cluster data processing
2015, Future Generation Computer Systems
High performance data processing clusters use parallelism to accelerate computation. Often, these computation processes require the transmission of data across networks. In this paper, we propose the use of computation within the network switch to perform computation on data on the fly and further accelerate computation. We call networks built with these compute switches Active Storage Networks (ASN) and they provide an opportunity to optimize storage system and computational performance by offloading some computation to the network switch. We present an approach to perform transformation and reduction data operations in a network switch comprised of FPGAs. In this paper, we demonstrate an ASN using representative data processing applications, namely data search, data sort, $k$ -min/max, and $k$ -means clustering.
ENDMal: An anti-obfuscation and collaborative malware detection system using syscall sequences
2013, Mathematical and Computer Modelling
Citation Excerpt :
In fact, malware is the cause of most Internet problems [2], such as spam e-mails and DoS (Denial of Service) attack [3]. There are many intrusion detection systems [4–6] trying to solve such malware-driven problems. However, with the development of malware obfuscation technologies and the exponentially increasing number of malware samples, it is becoming more difficult to defend against the new emerging malwares.
Malware obfuscation obscures malware into different versions, making traditional syntactic nature based detection ineffective. Furthermore, with the huge and exponentially growing number of malware samples, existing malware detection systems are either evaded by malware obfuscation, or overwhelmed by numerous malware samples. This paper proposes an anti-obfuscation, scalable and collaborative malware detection system—ENDMal. ENDMal identifies the program that behaves suspiciously in end-hosts and similarly between a group of suspicious programs in a wide area as malicious. We present the Iterative Sequence Alignment (ISA) method to defeat malware obfuscation. Instead of using complex behavior graph, we propose the Handle dependences and Probabilistic Ordering Dependence (HPOD) technology to represent the program behaviors. In addition, we design a novel information sharing infrastructure, RENShare, to collaboratively congregate the group characteristics of programs spreading over different network areas. Our experimental results show that ENDMal can detect unknown malwares much faster than the centralized detection system and is more effective than the existing distributed detection system.
Improving reliability of a heterogeneous grid-based intrusion detection platform using levels of redundancies
2010, Future Generation Computer Systems
Citation Excerpt :
TMR technique has been used in self-critical aircraft. In this paper, we propose a reliable heterogeneous Grid-based intrusion detection platform, named the Enhanced Dynamic Grid Intrusion Detection Environment (E-DGIDE), which is an extension of our previously developed system DGIDE [15]. The DGIDE exploits a Grid’s abundant computing resources to detect attacks and manage a dynamic environment.
In this work, we propose a Grid-based intrusion detection platform, named Enhanced Dynamic Grid Intrusion Detection Environment (E-DGIDE), which is an extension of our previous system, DGIDE. The DGIDE exploits a Grid’s dynamic and abundant computing resources to detect intrusion packets. The E-DGIDE is a fault-tolerant platform that provides three types of standby mechanisms to prevent itself from crashing. The first two types are hot standby in which the standby subsystem performs the same task as its working subsystem. When the working subsystem fails, the standby takes over the current task immediately with less delay and without information passing. The other is cold standby. When the working subsystem cannot work properly, the E-DGIDE notifies the standby subsystem to take over. With these mechanisms, the reliability of an ordinary security system can be improved.
Design of an enterprise cloud-based intrusion detection system model, using back propagation network based on particle swarm optimisation algorithm
2022, International Journal of Enterprise Network Management
An internal intrusion detection and protection system by using data mining and forensic techniques
2017, IEEE Systems Journal
Unified, Multi-level Intrusion Detection in Private Cloud Infrastructures
2016, Proceedings - 2016 IEEE International Conference on Smart Cloud, SmartCloud 2016

View all citing articles on Scopus

Ming-Chang Li is currently a Ph.D. student of Chiao Tung University, Hsinchu, Taiwan. He received his master degree in Computer Science and Information Engineering from Tunghai University, Taiwan, in 2006. His current research is on forensic technologies and security on wireless LAN.

Jia-Chun Lin is currently a Ph.D. student of Chiao Tung University, Hsinchu, Taiwan. She received her master degree in Computer Science and Information Engineering from Tunghai University, Taiwan, in 2005. Her current research is on active defense and security in wireless LAN.

Chao-Tung Yang received a BS degree in computer science and information engineering from Tunghai University, Taichung, Taiwan in 1990, and the M.S. degree in computer and information science from National Chiao Tung University, Hsinchu, Taiwan in 1992. He received the Ph.D. degree in computer and information science from National Chiao Tung University in July 1996. He won the 1996 Acer Dragon Award for outstanding Ph.D. Dissertation. He has worked as an associate researcher for ground operations in the ROCSAT Ground System Section (RGS) of the National Space Program Office (NSPO) in Hsinchu Science-based Industrial Park since 1996. In August 2001, he joined the faculty of the Department of Computer Science and Information Engineering at Tunghai University, where he is currently an associate professor. His researches have been sponsored by Taiwan agencies National Science Council (NSC), National Center for High Performance Computing (NCHC), and Ministry of Education. His present research interests are in grid and cluster computing, parallel and high-performance computing, and internet-based applications. He is both member of the IEEE Computer Society and ACM.

View full text

Detection workload in a dynamic grid-based intrusion detection environment

Abstract

Section snippets

J. Parallel Distributed Comput.

The elusive goal of workload characterization

ACM SIGMETRICS Performance Evaluation Review

The Grid: Blueprint for a New Computing Infrastructure

Fundamentals of Queueing Theory

Integrating grid with intrusion detection

Proceedings of IEEE International Conference on Advanced Information Networking and Applications