A traditional Network Intrusion Detection System (NIDS) isbased on a centralized architecture that does not satisfy theneeds of most modern network infrastructures characterizedby high traffic volumes and complex topologies. The problemof decentralized NIDS based on multiple sensors is thateach of them gets just a partial view of the network trafficand this prevents a stateful and fully reliable traffic analysis.We propose a novel cooperation mechanism that addressesthe previous issues through an innovative state managementand state migration framework. It allows multipledecentralized sensors to share their internal state, thus accomplishing innovative and powerful traffic analysis. Theadvanced functionalities and performance of the proposedcooperative framework for network intrusion detection systemsare demonstrated through a fully operative prototype.

Enhancing interoperability and stateful analysis of cooperative network intrusion detection systems / Colajanni, Michele; D., Gozzi; Marchetti, Mirco. - STAMPA. - (2007), pp. 165-174. (Intervento presentato al convegno 3rd ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2007 tenutosi a Orlando, FL, usa nel Dec. 2007) [10.1145/1323548.1323576].

Enhancing interoperability and stateful analysis of cooperative network intrusion detection systems

COLAJANNI, Michele;MARCHETTI, Mirco
2007

Abstract

A traditional Network Intrusion Detection System (NIDS) isbased on a centralized architecture that does not satisfy theneeds of most modern network infrastructures characterizedby high traffic volumes and complex topologies. The problemof decentralized NIDS based on multiple sensors is thateach of them gets just a partial view of the network trafficand this prevents a stateful and fully reliable traffic analysis.We propose a novel cooperation mechanism that addressesthe previous issues through an innovative state managementand state migration framework. It allows multipledecentralized sensors to share their internal state, thus accomplishing innovative and powerful traffic analysis. Theadvanced functionalities and performance of the proposedcooperative framework for network intrusion detection systemsare demonstrated through a fully operative prototype.
2007
3rd ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2007
Orlando, FL, usa
Dec. 2007
2-s2.0-77953984788
165
174
Colajanni, Michele; D., Gozzi; Marchetti, Mirco
Enhancing interoperability and stateful analysis of cooperative network intrusion detection systems / Colajanni, Michele; D., Gozzi; Marchetti, Mirco. - STAMPA. - (2007), pp. 165-174. (Intervento presentato al convegno 3rd ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2007 tenutosi a Orlando, FL, usa nel Dec. 2007) [10.1145/1323548.1323576].
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/587341
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 14
  • ???jsp.display-item.citation.isi??? ND
social impact