An Approach for Cross-Domain Intrusion Detection
MetadataShow full item record
Network-based monitoring and intrusion detection has grown into an essential component of enterprise security management. Monitoring potentially malicious activities across a set of networks classified at different security levels, however, presents subtle and complicated challenges. Analysis of intrusion alerts collected on an individual network only reveals malicious attempts to compromise that particular network, not the overall attack patterns across the enterprise. Development of a comprehensive perspective for intrusion analysis of all networks in a multilevel secure (MLS) environment requires care to ensure that the enforcement of information flow control policies is preserved. We describe an approach to cross-domain network-based intrusion detection. Leveraging the Monterey Security Architecture (MYSEA) high-assurance MLS federated computing framework, we developed an MLS policy-constrained network-based CD-IDS prototype using untrusted single-level components and multilevel (trusted) components, supported by open source software (i.e., BASE, snort, PostgreSQL and pgpool-II). Our prototype enables an analyst to view and manipulate network trace data collected from multiple networks, while enforcing mandatory access control policies to constrain the analyst to only those resources her session level dominates.
Showing items related by title, author, creator and subject.
Nguyen, Thuy; Gondree, Mark; Khosalim, Jean; Shifflett, David; Levin, Timothy; Irvine, Cynthia (2012-03);Network-based monitoring and intrusion detection has grown into an essential component of enterprise security management. Monitoring potentially malicious activities across a set of networks classified at different security ...
Yun, Ronald E. (2001-06);As networks grow, their vulnerability to attack increases. DoD networks represent a rich target for a variety of attackers. The number and sophistication of attacks continue to increase as more vulnerabilities and the tools ...
Albin, Eugene (Monterey, California. Naval Postgraduate School, 2011-09);Our research focuses on comparing the performance of two open-source intrusion-detection systems, Snort and Suricata, for detecting malicious activity on computer networks. Snort, the de-facto industry standard open-source ...