An Approach for Cross-Domain Intrusion Detection

Loading...
Thumbnail Image
Authors
Nguyen, Thuy
Gondree, Mark
Khosalim, J.
Shifflett D.
Levin, T.
Irvine, C.
Subjects
Advisors
Date of Issue
2012-03-12
Date
Publisher
International Conference on Information Warfare and Security (ICIW 2012)
Language
Abstract
Network-based monitoring and intrusion detection has grown into an essential component of enterprise security management. Monitoring potentially malicious activities across a set of networks classified at different security levels, however, presents subtle and complicated challenges. Analysis of intrusion alerts collected on an individual network only reveals malicious attempts to compromise that particular network, not the overall attack patterns across the enterprise. Development of a comprehensive perspective for intrusion analysis of all networks in a multilevel secure (MLS) environment requires care to ensure that the enforcement of information flow control policies is preserved. We describe an approach to cross-domain network-based intrusion detection. Leveraging the Monterey Security Architecture (MYSEA) high-assurance MLS federated computing framework, we developed an MLS policy-constrained network-based CD-IDS prototype using untrusted single-level components and multilevel (trusted) components, supported by open source software (i.e., BASE, snort, PostgreSQL and pgpool-II). Our prototype enables an analyst to view and manipulate network trace data collected from multiple networks, while enforcing mandatory access control policies to constrain the analyst to only those resources her session level dominates.
Type
Article
Description
Series/Report No
Department
Department of Electrical and Computer Engineering.
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
7th International Conference on Information Warfare and Security (ICIW 2012), Seattle, Washington, USA, March 2012, pp. 203-212.
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections