Download View Sample PDF - IRMA

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Net bias wikipedia , lookup

Computer network wikipedia , lookup

Wireless security wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Network tap wikipedia , lookup

Computer security wikipedia , lookup

Airborne Networking wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Peer-to-peer wikipedia , lookup

Transcript 
Section: Product ICT
A Novel Application of the P2P Technology
for Intrusion Detection
Zoltán Czirkos
Budapest University of Technology and Economics, Hungary
Gábor Hosszú
Budapest University of Technology and Economics, Hungary
IntroductIon
The importance of the network security problems come
into prominence by the growth of the Internet. This
article presents a new kind of software that uses the
network itself to protect the hosts and increase their
security. The hosts running this software create an application level network (ALN) over the Internet (Hosszú,
2005). Nodes connected to this ALN check their operating systems’ log files to detect intrusion attempts.
Information collected this way is then shared over the
ALN to increase the security of all peers, which can
then make the necessary protection steps, for example,
blocking network traffic by their own firewall.
Different kinds of security software utilizing the
network were also written previously (Snort, 2006).
The novelty of Komondor is that its client software
entities running in each host create a peer-to-peer
(P2P) overlay network (Czirkos, 2006). Organization is automatic; it requires no user interaction. This
network model ensures stability, which is important
for quick and reliable communication between nodes.
By this build-up, the system remains useful over the
unstable network.
the IMPortance oF the
P2P coMMunIcatIons
The Internet-based communication technology enabled
people to share information with anybody in seconds.
This has brought benefits to people spanning many
spheres from social services to education (Frasz, 2005).
Probably the best example of such extended network of
content sharing is the P2P that allows users to download
media files off other computers free of charge. Once
content enters the Internet, it can be downloaded by
an unlimited number of people.
One of the latest steps in the steady advances in
P2P technologies is the release of new P2P technologies in 2005 that enable a user community to filter
out mislabeled or corrupt files (Goth, 2005). One approach to build a more trustworthy P2P overlay is the
application credence (Sirer & Walsh, 2005). It rates
a certain network object instead of a given peer node
for trustworthiness. The reason is that nodes can be
inhabited by various people over time, but the data in
the object itself does not change. This system uses a
secure and anonymous voting mechanism. Over time,
users with similar votes or the legitimacy of a file will
dynamically form a kind of community enabling enough
correlation of trust. Similarly, a user that systematically answers contrarily will get an equally significant
negative weighting; however, an inconsistent voter will
have less statistical weight. In such a way, the more
users who join credence overlay, the more accurate an
overall rating each file will receive.
The trend of the P2P systems is building more
resilient services. Centralized solutions are fragile,
since a single link breakage in the network can cut
access to the whole service. P2P enables higher ability
to construct overlays that self-organizes and recovers
from failures.
Another interesting and important feature of the
development process of the P2P technology is that
the most successful projects are open sources such
as LimeWire, which is a Gnutella client with rapidly
growing popularity (Bildson, 2005). Its business model
has two sides. One version is free, however, advertising-supported, and the other is ad-free, but the users
Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.
A Novel Application of the P2P Technology for Intrusion Detection
must pay for it. LimeWire guarantees no bundled
software with downloads. The open source property
of the LimeWire encourages its users to monitor its
development. The largest competitor of LimeWire is
BitTorrent, which is very efficient in sharing large files
(BitTorrent, 2006). Its users upload portions of required
documents to a requester instead of forcing one client
to upload the whole file many times.
the ProbleM oF the IntrusIon
Computers connected to networks are to be protected by
different means (Kemmerer & Vigna, 2002). Information stored on a computer can be personal or business
character, private or confidential. An unauthorized
can person can therefore steal it; its possible cases are
shown in Table 1.
We have to protect not only our data, but also our
resources. Resources are not necessarily hardware only.
Typical types of attack are to gain access to a computer
to initiate other attacks from it. This is to make the
identification of the attacker more difficult because
this way the next intruded host in this chain sees the
IP address of the previous one as its attacker.
Stored data can not only be stolen, but changed.
Information modified on a host is extremely useful to
cause economic damage to a company. The attacker
can alter or obstruct its functioning properly and cause
damage.
Intrusion attempts, based on their purpose, can be
of different methods. But these methods share things
in common, scanning networks ports or subnetworks
for services, and making several attempts in a short
time. This can be used to detect these attempts and to
prepare for protection.
Simple, low strength passwords are also a means
of security holes. These are used by the so-called
dictionary method, trying to log into the system with
common names or proper names as somebody’s pass-
Table 1. The types of the information stealth
•
•
•
An unauthorized person gains access to a host.
Monitoring or intercepting network traffic by someone.
An authorized but abusive user.
word. They are of a relatively small number and easily
guessable.
The attacker can also be trying to find resources
through security holes. With this type of action, whole
ranges of network addresses are scanned for a particular
service having a bug or just being badly configured.
The port number is fixed here. An example for this is
scanning for an open e-mail (SMTP) relay to send junk
mail anonymously.
A common feature of the attack methods described
above is that the attacker makes several attempts against
a host. The Komondor software developed by us uses
this as a base. As one host running the Komondor
detects an intrusion attempt and shares the address of
the attacker on the overlay network, the other ones can
prepare and await the same attacker in safety, who will
usually arrive sooner or later.
Traditionally, organizations have relied on their
firewall to enforce their corporate policies. To stop the
use of P2P file sharing, organizations may add a rule
that denies outbound ports not required for business
(Sorensen & Richards, 2004). Unfortunately, many
of the P2P applications today use a “port-hopping”
method of communication to circumvent firewall rule
sets that limit outbound connections to specifically allowed ports. If the firewall restricts the ports permitted
to establish outbound connections to only the essential
ports, such as port 80 (HTTP) and port 25 (SMTP),
the P2P application modifies the port that it uses to
communicate with other P2P nodes to use these ports
allowed through the firewall.
To effectively detect this type of P2P application
traffic in an environment requires the use of a device
that can examine the contents of the packets allowed
through the firewall. Intrusion detection systems (IDS)
were designed to satisfy this need. These systems are
designed to monitor network traffic to look for known
signature attack patterns and/or deviations from protocol specifications that represent malicious intent.
When potentially malicious traffic is observed, they
generate an alert. More importantly, these “detection”
technologies lack the capabilities to effectively prevent
this traffic, leaving the burden with the administrator
to manually investigate and respond.
Ways oF ProtectIon
The P2P based file sharing software can cause various
security problems. There are file sharing programs,
N
4 more pages are available in the full version of this document, which may be
purchased using the "Add to Cart" button on the publisher's webpage:
www.igi-global.com/chapter/novel-application-p2p-technology-intrusion/13413
Related Content
A Molecular Solution to the Three-Partition Problem
Maryam S. Nuser (2012). Journal of Information Technology Research (pp. 14-29).
www.irma-international.org/article/molecular-solution-three-partition-problem/76387/
Smart Assets Through Digital Capabilities
Jayantha P. Liyanage and Thore Langeland (2009). Encyclopedia of Information Science and Technology,
Second Edition (pp. 3480-3485).
www.irma-international.org/chapter/smart-assets-through-digital-capabilities/14091/
Computer Physician Order Entry (CPOE): Benefits and Concerns - A Status Report
Alberto Coustasse, Joseph Shaffer, David Conley, Julia Coliflower, Stacie Deslich and Andrew Sikula (2013).
Journal of Information Technology Research (pp. 16-31).
www.irma-international.org/article/computer-physician-order-entry-cpoe/97626/
Understanding Factors Affecting Consumer Adoption of Broadband in India: A Pilot Study
Yogesh K. Dwivedi, Michael D. Williams, Vishanth Weerakkody, Banita Lal and Sneha Bhatt (2008). Journal of
Cases on Information Technology (pp. 35-47).
www.irma-international.org/article/understanding-factors-affecting-consumer-adoption/3227/
The Importance of Leadership in Project Management
Melanie S. Karas, Mahesh S. Raisinghani and Kerry S. Webb (2009). Handbook of Research on Technology
Project Management, Planning, and Operations (pp. 75-85).
www.irma-international.org/chapter/importance-leadership-project-management/21626/
Related documents
The Internet and World Wide Web
The Internet and World Wide Web
Copyright Law
Copyright Law
Ecosystems Review Sheet - Liberty Union High School District
Ecosystems Review Sheet - Liberty Union High School District
Intro to Urban Climate - Cal State LA
Intro to Urban Climate - Cal State LA
AP Biology – Ecology Unit Study Guide – C. Gray Mitchell This list is
AP Biology – Ecology Unit Study Guide – C. Gray Mitchell This list is
IPOP: Self-configuring IP-over-P2P Overlay
IPOP: Self-configuring IP-over-P2P Overlay
Net Primary Production (NPP)
Net Primary Production (NPP)
Seeing Beyong Risk
Seeing Beyong Risk
1. What is the definition of a p2p system given by the authors in sec
1. What is the definition of a p2p system given by the authors in sec
Ecosystems and Biomes
Ecosystems and Biomes
Ap Biology Ecology review
Ap Biology Ecology review
Document
Document
Intrusion Detection Mechanisms for Peer-to
Intrusion Detection Mechanisms for Peer-to
What is P2P?
What is P2P?
Slide 1
Slide 1
ACNS PowerPoint - Universal Studios
ACNS PowerPoint - Universal Studios
Study of the Relationship between Peer-to
Study of the Relationship between Peer-to
Policy enforcement in Peer-to-Peer networks using open
Policy enforcement in Peer-to-Peer networks using open
Document
Document
Data Management in Large
Data Management in Large
p2p
p2p
Presentation
Presentation