Distributed Intrusion Detection Systems – MetalDS case study
Jerzak Marcin, Wojtysiak Mariusz
Poznań Supercomputing and Networking Center,
ul. Noskowskiego 12/14, 61-704 Poznań, Poland
e-mail: marcin.jerzak@man.poznan.pl
Received:
Received: 27 September 2010; revised: 8 November 2010; published online: 23 November 2010
DOI: 10.12921/cmst.2010.SI.01.135-145
OAI: oai:lib.psnc.pl:682
Abstract:
The “Defence in depth” strategy for securing computer systems claims that technologies used to protect a network should fulfill the “Protect, Detect and React” paradigm. “This means that in addition to incorporating protection mechanisms, organizations need to expect attacks and include attack detection tools” [1]. This paper presents MetaIDS – the Intrusion Detection System developed in Poznań Supercomputing and Networking Center. It detects both attack attempts and successful attacks to the system. The paper highlights typical problems with intrusions detection, principle of the MetaIDS work and real attack example seen from the perspective of MetaIDS
Key words:
intrusion detection, Intrusion Detection System, MetaIDS, security
References:
[1] Agency, National Security. Defense in Depth. A practical
strategy for achieving Information Assurance in today’s highly networked environments. [Online] http://www.nsa.gov/ia/_files/support/defenseindepth.pdf.
[2] Distributed Intrusion Detection System. [Online] http://ppbw.pcss.pl/en/dids.html.
[3] Polish Platform for Homeland Security. [Online] http://ppbw.pcss.pl/en/.
[4] An open source network intrusion prevention and detection system (IDS/IPS). [Online] http://www.snort.org/.
[5] An Open Source Host-based Intrusion Detection System. [Online] http://www.ossec.net/.
[6] The Intrusion Detection Message Exchange Format. [Online] http://www.ietf.org/rfc/rfc4765.txt.
[7] Agentless, universal, security information management. [Online] http://www.prelude-technologies.com/.
[8] PSNC Securiy Team. [Online] http://security.psnc.pl/en.
The “Defence in depth” strategy for securing computer systems claims that technologies used to protect a network should fulfill the “Protect, Detect and React” paradigm. “This means that in addition to incorporating protection mechanisms, organizations need to expect attacks and include attack detection tools” [1]. This paper presents MetaIDS – the Intrusion Detection System developed in Poznań Supercomputing and Networking Center. It detects both attack attempts and successful attacks to the system. The paper highlights typical problems with intrusions detection, principle of the MetaIDS work and real attack example seen from the perspective of MetaIDS
Key words:
intrusion detection, Intrusion Detection System, MetaIDS, security
References:
[1] Agency, National Security. Defense in Depth. A practical
strategy for achieving Information Assurance in today’s highly networked environments. [Online] http://www.nsa.gov/ia/_files/support/defenseindepth.pdf.
[2] Distributed Intrusion Detection System. [Online] http://ppbw.pcss.pl/en/dids.html.
[3] Polish Platform for Homeland Security. [Online] http://ppbw.pcss.pl/en/.
[4] An open source network intrusion prevention and detection system (IDS/IPS). [Online] http://www.snort.org/.
[5] An Open Source Host-based Intrusion Detection System. [Online] http://www.ossec.net/.
[6] The Intrusion Detection Message Exchange Format. [Online] http://www.ietf.org/rfc/rfc4765.txt.
[7] Agentless, universal, security information management. [Online] http://www.prelude-technologies.com/.
[8] PSNC Securiy Team. [Online] http://security.psnc.pl/en.