Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Computer network wikipedia , lookup
Wireless security wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Computer security wikipedia , lookup
Airborne Networking wikipedia , lookup
Deep packet inspection wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Section: Product ICT A Novel Application of the P2P Technology for Intrusion Detection Zoltán Czirkos Budapest University of Technology and Economics, Hungary Gábor Hosszú Budapest University of Technology and Economics, Hungary IntroductIon The importance of the network security problems come into prominence by the growth of the Internet. This article presents a new kind of software that uses the network itself to protect the hosts and increase their security. The hosts running this software create an application level network (ALN) over the Internet (Hosszú, 2005). Nodes connected to this ALN check their operating systems’ log files to detect intrusion attempts. Information collected this way is then shared over the ALN to increase the security of all peers, which can then make the necessary protection steps, for example, blocking network traffic by their own firewall. Different kinds of security software utilizing the network were also written previously (Snort, 2006). The novelty of Komondor is that its client software entities running in each host create a peer-to-peer (P2P) overlay network (Czirkos, 2006). Organization is automatic; it requires no user interaction. This network model ensures stability, which is important for quick and reliable communication between nodes. By this build-up, the system remains useful over the unstable network. the IMPortance oF the P2P coMMunIcatIons The Internet-based communication technology enabled people to share information with anybody in seconds. This has brought benefits to people spanning many spheres from social services to education (Frasz, 2005). Probably the best example of such extended network of content sharing is the P2P that allows users to download media files off other computers free of charge. Once content enters the Internet, it can be downloaded by an unlimited number of people. One of the latest steps in the steady advances in P2P technologies is the release of new P2P technologies in 2005 that enable a user community to filter out mislabeled or corrupt files (Goth, 2005). One approach to build a more trustworthy P2P overlay is the application credence (Sirer & Walsh, 2005). It rates a certain network object instead of a given peer node for trustworthiness. The reason is that nodes can be inhabited by various people over time, but the data in the object itself does not change. This system uses a secure and anonymous voting mechanism. Over time, users with similar votes or the legitimacy of a file will dynamically form a kind of community enabling enough correlation of trust. Similarly, a user that systematically answers contrarily will get an equally significant negative weighting; however, an inconsistent voter will have less statistical weight. In such a way, the more users who join credence overlay, the more accurate an overall rating each file will receive. The trend of the P2P systems is building more resilient services. Centralized solutions are fragile, since a single link breakage in the network can cut access to the whole service. P2P enables higher ability to construct overlays that self-organizes and recovers from failures. Another interesting and important feature of the development process of the P2P technology is that the most successful projects are open sources such as LimeWire, which is a Gnutella client with rapidly growing popularity (Bildson, 2005). Its business model has two sides. One version is free, however, advertising-supported, and the other is ad-free, but the users Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited. A Novel Application of the P2P Technology for Intrusion Detection must pay for it. LimeWire guarantees no bundled software with downloads. The open source property of the LimeWire encourages its users to monitor its development. The largest competitor of LimeWire is BitTorrent, which is very efficient in sharing large files (BitTorrent, 2006). Its users upload portions of required documents to a requester instead of forcing one client to upload the whole file many times. the ProbleM oF the IntrusIon Computers connected to networks are to be protected by different means (Kemmerer & Vigna, 2002). Information stored on a computer can be personal or business character, private or confidential. An unauthorized can person can therefore steal it; its possible cases are shown in Table 1. We have to protect not only our data, but also our resources. Resources are not necessarily hardware only. Typical types of attack are to gain access to a computer to initiate other attacks from it. This is to make the identification of the attacker more difficult because this way the next intruded host in this chain sees the IP address of the previous one as its attacker. Stored data can not only be stolen, but changed. Information modified on a host is extremely useful to cause economic damage to a company. The attacker can alter or obstruct its functioning properly and cause damage. Intrusion attempts, based on their purpose, can be of different methods. But these methods share things in common, scanning networks ports or subnetworks for services, and making several attempts in a short time. This can be used to detect these attempts and to prepare for protection. Simple, low strength passwords are also a means of security holes. These are used by the so-called dictionary method, trying to log into the system with common names or proper names as somebody’s pass- Table 1. The types of the information stealth • • • An unauthorized person gains access to a host. Monitoring or intercepting network traffic by someone. An authorized but abusive user. word. They are of a relatively small number and easily guessable. The attacker can also be trying to find resources through security holes. With this type of action, whole ranges of network addresses are scanned for a particular service having a bug or just being badly configured. The port number is fixed here. An example for this is scanning for an open e-mail (SMTP) relay to send junk mail anonymously. A common feature of the attack methods described above is that the attacker makes several attempts against a host. The Komondor software developed by us uses this as a base. As one host running the Komondor detects an intrusion attempt and shares the address of the attacker on the overlay network, the other ones can prepare and await the same attacker in safety, who will usually arrive sooner or later. Traditionally, organizations have relied on their firewall to enforce their corporate policies. To stop the use of P2P file sharing, organizations may add a rule that denies outbound ports not required for business (Sorensen & Richards, 2004). Unfortunately, many of the P2P applications today use a “port-hopping” method of communication to circumvent firewall rule sets that limit outbound connections to specifically allowed ports. If the firewall restricts the ports permitted to establish outbound connections to only the essential ports, such as port 80 (HTTP) and port 25 (SMTP), the P2P application modifies the port that it uses to communicate with other P2P nodes to use these ports allowed through the firewall. To effectively detect this type of P2P application traffic in an environment requires the use of a device that can examine the contents of the packets allowed through the firewall. Intrusion detection systems (IDS) were designed to satisfy this need. These systems are designed to monitor network traffic to look for known signature attack patterns and/or deviations from protocol specifications that represent malicious intent. When potentially malicious traffic is observed, they generate an alert. More importantly, these “detection” technologies lack the capabilities to effectively prevent this traffic, leaving the burden with the administrator to manually investigate and respond. Ways oF ProtectIon The P2P based file sharing software can cause various security problems. There are file sharing programs, N 4 more pages are available in the full version of this document, which may be purchased using the "Add to Cart" button on the publisher's webpage: www.igi-global.com/chapter/novel-application-p2p-technology-intrusion/13413 Related Content A Molecular Solution to the Three-Partition Problem Maryam S. Nuser (2012). Journal of Information Technology Research (pp. 14-29). www.irma-international.org/article/molecular-solution-three-partition-problem/76387/ Smart Assets Through Digital Capabilities Jayantha P. Liyanage and Thore Langeland (2009). Encyclopedia of Information Science and Technology, Second Edition (pp. 3480-3485). www.irma-international.org/chapter/smart-assets-through-digital-capabilities/14091/ Computer Physician Order Entry (CPOE): Benefits and Concerns - A Status Report Alberto Coustasse, Joseph Shaffer, David Conley, Julia Coliflower, Stacie Deslich and Andrew Sikula (2013). Journal of Information Technology Research (pp. 16-31). www.irma-international.org/article/computer-physician-order-entry-cpoe/97626/ Understanding Factors Affecting Consumer Adoption of Broadband in India: A Pilot Study Yogesh K. Dwivedi, Michael D. Williams, Vishanth Weerakkody, Banita Lal and Sneha Bhatt (2008). Journal of Cases on Information Technology (pp. 35-47). www.irma-international.org/article/understanding-factors-affecting-consumer-adoption/3227/ The Importance of Leadership in Project Management Melanie S. Karas, Mahesh S. Raisinghani and Kerry S. Webb (2009). Handbook of Research on Technology Project Management, Planning, and Operations (pp. 75-85). www.irma-international.org/chapter/importance-leadership-project-management/21626/