Wyniki wyszukiwania - BazTech

Ograniczanie wyników

Znaleziono wyników: 2

Liczba wyników na stronie

Wyniki wyszukiwania

Wyszukiwano:
w słowach kluczowych: HIDS

Sortuj według:

Ogranicz wyniki do:

Design of a distributed HIDS for IoT backbone components

de O. Kfouri Guilherme, Gonçalves Daniel G. V., Dutra Bruno V., de Alencastro João F., de Caldas Filho Francisco L., e Martins Lucas M. C., Praciano Bruno J. G., de O. Albuquerque Robson, de Sousa Jr Rafael T.

Annals of Computer Science and Information Systems

2019

Vol. 20

81--88

Nowadays DDoS attacks using IoT devices are frequent and extensive. Given that IoT network instances are distributed and deployed over conventional Internet gear, DDoS countermeasures in IoT need to be fully distributed and coordinated all over the components that form each IoT instance. This paper presents a designed and prototyped distributed host-based intrusion detection systems (HIDS) that aims to protect the components of IoT network backbones, comprising conventional switches and routers. In our design, a set of the proposed HIDS executes conventional security verifications, like default username and password, known attacks signatures, monitoring the usage of resources, processes, ports and open connections, while also interacting with a Controller of the HIDS set to allow the coordination of intrusion detection actions relative to DDoS attacks all over the IoT instance. The designed distributed HIDS is evaluated in a controlled environment that, although being a local and isolated network, realistically represents IoT network instances.

Detecting Security Violations Based on Multilayered Event Log Processing

Malec P., Piwowar M., Kozakiewicz A., Lasota K.

Journal of Telecommunications and Information Technology

2015

nr 4

30--36

The article proposes a log analysis approach to detection of security violations, based on a four layer design. First layer, named the event source layer, describes sources of information that can be used for misuse investigation. Transport layer represents the method of collecting event data, preserving it in the form of logs and passing it to another layer, called the analysis layer. This third layer is responsible for analyzing the logs' content, picking relevant information and generating security alerts. Last layer, called normalization layer, is custom software which normalizes and correlates produced alerts to raise notice on more complex attacks. Logs from remote hosts are collected by using rsyslog software and OSSEC HIDS with custom decoders and rules is used on a central log server for log analysis. A novel method of handling OSSEC HIDS alerts by their normalization and correlation is proposed. The output can be optionally suppressed to protect the system against alarm flood and reduce the count of messages transmitted in the network.