The design and implementation of session-based IDS

Masayoshi Mizutani, Shin Shirahata, Masaki Minami, Jun Murai

研究成果: Article査読

1 被引用数 (Scopus)

抄録

One of the techniques for detecting malicious communications from network traffic is to use a network-based intrusion detection system (IDS). However, since an existing IDS handles a low-risk alert for which an attack failed and a high-risk alert for which an attack succeeded in a similar manner, malicious communications cannot be detected properly unless a risk analysis is performed for each alert. This means that as the number of detection targets of the IDS increases, the cost of the risk analysis for every alert also increases proportionally. In other words, as the number of detection targets continues to increase, it becomes difficult to effectively deal with network incidents by using the IDS. In this paper, the authors focus on the fact that by continuously monitoring communications after an attack, the success or failure of the attack can be determined from the responses. They define these continuous communications as a session and design and implement a session-based IDS that enables the risk to be evaluated immediately and automatically. They also evaluate the effectiveness of the session-based IDS in an actual operating network. The results showed that this research lowered the operational cost of the IDS and enabled network incidents to be dealt with effectively.

本文言語English
ページ(範囲)46-58
ページ数13
ジャーナルElectronics and Communications in Japan, Part I: Communications (English translation of Denshi Tsushin Gakkai Ronbunshi)
89
3
DOI
出版ステータスPublished - 2006 3 1
外部発表はい

ASJC Scopus subject areas

  • コンピュータ ネットワークおよび通信
  • 電子工学および電気工学

フィンガープリント

「The design and implementation of session-based IDS」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル