An Approach for Cross-Domain Intrusion Detection
Download
Author
Nguyen, Thuy
Gondree, Mark
Khosalim, J.
Shifflett D.
Levin, T.
Irvine, C.
Date
2012-03-12Metadata
Show full item recordAbstract
Network-based monitoring and intrusion detection has grown into an essential component of enterprise security management. Monitoring potentially malicious activities across a set of networks classified at different security levels, however, presents subtle and complicated challenges. Analysis of intrusion alerts collected on an individual network only reveals malicious attempts to compromise that particular network, not the overall attack patterns across the enterprise. Development of a comprehensive perspective for intrusion analysis of all networks in a multilevel secure (MLS) environment requires care to ensure that the enforcement of information flow control policies is preserved. We describe an approach to cross-domain network-based intrusion detection. Leveraging the Monterey Security Architecture (MYSEA) high-assurance MLS federated computing framework, we developed an MLS policy-constrained network-based CD-IDS prototype using untrusted single-level components and multilevel (trusted) components, supported by open source software (i.e., BASE, snort, PostgreSQL and pgpool-II). Our prototype enables an analyst to view and manipulate network trace data collected from multiple networks, while enforcing mandatory access control policies to constrain the analyst to only those resources her session level dominates.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Related items
Showing items related by title, author, creator and subject.
-
An Approach for Cross-Domain Intrusion Detection
Nguyen, Thuy; Gondree, Mark; Khosalim, Jean; Shifflett, David; Levin, Timothy; Irvine, Cynthia (2012-03);Network-based monitoring and intrusion detection has grown into an essential component of enterprise security management. Monitoring potentially malicious activities across a set of networks classified at different security ... -
Network defense-in-depth: evaluating host-based intrusion detection systems
Yun, Ronald E. (2001-06);As networks grow, their vulnerability to attack increases. DoD networks represent a rich target for a variety of attackers. The number and sophistication of attacks continue to increase as more vulnerabilities and the tools ... -
A comparative analysis of the Snort and Suricata intrusion-detection systems
Albin, Eugene (Monterey, California. Naval Postgraduate School, 2011-09);Our research focuses on comparing the performance of two open-source intrusion-detection systems, Snort and Suricata, for detecting malicious activity on computer networks. Snort, the de-facto industry standard open-source ...