...
  • 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>IEEE Journal on Selected Areas in Communications >A SNMP-based platform for distributed stateful intrusion detection in enterprise networks
【24h】

A SNMP-based platform for distributed stateful intrusion detection in enterprise networks

机译:基于SNMP的企业网络中分布式状态入侵检测平台

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

In recent years, intrusion detection systems (IDSs) use has increased into detect security breaches in both systems and networks. However, widespread IDS usage has been hindered by several challenges, including: 1) time-consuming configuration and analysis; 2) integration difficulties with existing network management infrastructure; and 3) the inability to add new attack signatures in a well-understood, yet expressive high-level notation. This paper presents the ID-Trace Management Platform, an extension of the simple network management protocol infrastructure based on the Internet Engineering Task Force (IETF) script management information base (Script MIB) to support distributed stateful intrusion detection in enterprise networks. It provides mechanisms allowing a management station to delegate security-related tasks to mid-level managers (MLMs) that, in turn, interact with monitoring and action agents to execute these tasks. Protocol trace specification language specifications are used by the MLMs to program monitoring agents that sniff packets on the network comparing their signatures to those of known attack signatures. With the information gathered from the monitoring process, the MLMs may execute procedures via the action agents (Java, Tcl, or Perl scripts), enabling the automation of several security tasks (including reactive and proactive tasks). The platform also provides notification mechanisms (traps) so that MLMs can report the occurrence of major events to the management station.
机译:近年来,入侵检测系统(IDS)的使用已增加到检测系统和网络中的安全漏洞。但是,IDS的广泛使用受到一些挑战的阻碍,其中包括:1)耗时的配置和分析; 2)与现有网络管理基础架构的集成困难; 3)无法以易于理解但富有表现力的高级表示法添加新的攻击特征。本文介绍了ID-Trace管理平台,它是基于Internet工程任务组(IETF)脚本管理信息库(Script MIB)的简单网络管理协议基础结构的扩展,以支持企业网络中的分布式状态入侵检测。它提供了允许管理站将与安全性相关的任务委派给中级管理器(MLM)的机制,这些中级管理器又与监视和操作代理进行交互以执行这些任务。 MLM使用协议跟踪规范语言规范来对监视代理程序进行编程,这些监视代理会嗅探网络上的数据包,并将其签名与已知攻击签名的签名进行比较。利用从监视过程中收集的信息,MLM可以通过动作代理(Java,Tcl或Perl脚本)执行过程,从而实现多个安全任务(包括响应性和主动性任务)的自动化。该平台还提供了通知机制(陷阱),以便MLM可以向管理站报告重大事件的发生。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号