Intrusion Detection and Response in a Large Scale Network using PBNM

S.-K. Park, J.-O. Kim, J.-S. Jang, and S.-W. Sohn (Korea)


Secure Network, IDS Interoperability, Intrusion Detection System, PBNM


The fast extension of Internet cause tremendous problems ; unauthorized access and tampering with data. As a response of intrusions, many IDSs have been developed. These IDSs have two approaches; misuse intrusion detection and anomaly detection. The first detection mechanism is based on the detection of intrusions that follow well-defined patterns of attack exploiting known system's and application's software vulnerabilities. The second detection mechanism is based on the detection of anomalous behavior or the abnormal use of the computer resource. Early studies have discussed about cooperative security monitoring among intrusion detection modules. But, they have problems such as bottleneck, overhead, and so forth in collecting and analyzing data in a specific component. Consequently, while basic intrusion detection is performed independently, more effective detection strategies must be investigated. In this paper, we present our system designed to detect intrusions in global network environments as well as to support flexibility, portability, and extensibility for integrated security management. Each block is effected by policy which is created by PMT (Policy Management Tool) in CPCS(Cyber Patrol Control Server). We have worked on developing an integrated IDS based on hierarchical architecture. In this paper, we present an architecture of SGS(Security Gateway System) which is located in network ingress point. The design of SGS focuses on the intrusion detection in global network environments. And we present architecture of CPCS acts as a Security Control Server, Policy Decision Point. Also, we introduce web interface for security managers (client) to display intrusion information, enforced policy information in our prototyping.

Important Links:

Go Back