Basic approaches of development of data center protection systems

Authors

  • A. V. Kropachev Bell Integrator USA Automation Solution Department Manager USA, Colorado , Bell Integrator USA Automation Solution Department Manager USA, Colorado
  • D. O. Zuev Independent Consultant Lead Arcitect, Network and Cloud USA, Colorado , Independent Consultant Lead Arcitect, Network and Cloud USA, Colorado

DOI:

https://doi.org/10.31548/dopovidi2018.02.025

Abstract

Data Center cyber-protection methods based on host-based intrusion prevention systems and network based intrusion prevention systems were considered. Basic algorithm of intrusion prevention system functioning and operational readiness evaluation which includes objects of analysis, procedures and evaluation indicators was discussed. It was shown that procedures to be done by Data Center cyber-protection system are identification of the event, signatures database management and denial management. Evaluation of intrusion prevention system efficiency was proved to be based on errors’ numbers and scalability. Thereby it should include accuracy, robustness, performance and scalability parameters.  Main prevention systems which show model of detection systems interaction with monitored environment events were discussed. Specifically detection strategy based classification which includes cyber-attack signatures analysis, anomalies analysis, hybrid strategy, detection system behavior based classification which includes active behavior, passive behavior, monitored environment based classification which includes local network, global network, hybrid environment, detection system architecture based classification which includes centralized architecture, distributed architecture, hierarchical architecture, detection system performance based classification which includes real time analysis, offline analysis were analyzed. It was mentioned that anomaly-based systems development has to be supervised by operators and adapted to the parameters of the Data Center network. They were divided to three groups: statistical modeling, knowledge based modeling and modeling based on machine learning techniques. It was mentioned that cyber-threats could be modeled as process of transmission of data in hidden channel that change state of some functional node of Data Center. Unified mathematical model of intrusion detection system work which includes states of the infrastructure functional nodes, events involved in a system and transition between the states caused by those events was proposed.

Keywords: Data Center, intrusion prevention systemrobustnesshybrid environment, anomaly-based systemmachine learningmathematical model.

References

Yeung, D.Y., Ding, Y.: Host-Based Intrusion Detection using Dynamic and Static Behavioral Models. Pattern Recognition 36/1 (2003) 229-243.

https://doi.org/10.1016/S0031-3203(02)00026-2

Undercoffer, Jeffrey L. Intrusion detection: modeling system state to detect and classify anomalous behaviors. 2004.

Lee, W., Miller, M., Stolfo, S.J., Fan, W.: Toward Cost-Sensitive Modeling for Intrusion Detection and Response. Journal of Computer Security10 (August 2002) 5-22.

https://doi.org/10.3233/JCS-2002-101-202

Cheng, T.H., Lin, Y.D..: Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems. IEEE Communications Surveys Tutorials 14/4 (2012) 1011-1020.

https://doi.org/10.1109/SURV.2011.092311.00082

Kumar, M.,: Encrypted Traffic and IPsec Challenges for Intrusion Detection System. In: Proceedings of the International Conference on Advances in Computing. (August 2012) 721-727.

https://doi.org/10.1007/978-81-322-0740-5_86

Thonnard, O., Bilge, L., O'Gorman, G.: Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat. In: Proceedings of the 15th International Conference on Research in Attacks, Intrusions, and Defenses, Berlin, Heidelberg, Springer-Verlag (2012) 64-85.

https://doi.org/10.1007/978-3-642-33338-5_4

Wang, L., Jajodia, S., Singhal, A. K-zero Day Safety: Measuring the Security Risk of Networks Against Unknown Attacks. In: Proceedings of the 15th European Conference on Research in Computer Security, Berlin, Heidelberg, Springer-Verlag (2010) 573-587.

https://doi.org/10.1007/978-3-642-15497-3_35

Salah, S., Maciá-Fernández, G., Díaz-Verdejo, J.E.: A Model-Based Survey of Alert Correlation Techniques. Computer Networks 57/5 (2013) 1289-1317.

https://doi.org/10.1016/j.comnet.2012.10.022

Elshoush, H.T., Osman, I.M.: Alert Correlation in Collaborative Intelligent Intrusion Detection Systems-A Survey. Applied Soft Computing 11/7 (2011) 4349-4365.

https://doi.org/10.1016/j.asoc.2010.12.004

Nehinbe, J.: Log Analyzer for Network Forensics and Incident Reporting. In: Proceedings of the International Conference on Intelligent Systems, Modelling and Simulation. (2010) 356-361.

https://doi.org/10.1109/ISMS.2010.71

Standard, I.: Information technology - Security Techniques - Selection, Deployment and Operations of Intrusion Detection Systems. Technical Report ISO/IEC, ISO/IEC (June 2006).

Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting Malware Infection Through IDS-driven Dialog Correlation. In: Proceedings of the 16th USENIX Security Symposium, Berkeley, CA, USA, USENIX Association (2007) 167-182.

Chandola, V., Banerjee, A., Kumar, V.: Anomaly Detection: A Survey. ACM Computing Surveys 41/3 (July 2009) 1-58.

https://doi.org/10.1145/1541880.1541882

Golovko, V., Bezobrazov, S., Kachurka, P..: Neural Network and Artificial Immune Systems for Malware and Network Intrusion Detection. Advances in Machine Learning II. Volume 263 of Studies in Computational Intelligence. Springer Berlin Heidelberg (2010) 485-513.

https://doi.org/10.1007/978-3-642-05179-1_23

Bridges, S.M., Vaughn, R.B.: Data Mining for Intrusion Detection: From Outliers to True Intrusions. In: Proceedings of the 13th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining. (April 27-30 2009) 891-898.

https://doi.org/10.1007/978-3-642-01307-2_93

Downloads

Published

2018-05-14

Issue

No. 2(72) (2018)

Section

Machinery & Automation ofAgriculture 4.0

License

Relationship between right holders and users shall be governed by the terms of the license Creative Commons  Attribution – non-commercial – Distribution On Same Conditions 4.0 international (CC BY-NC-SA 4.0):https://creativecommons.org/licenses/by-nc-sa/4.0/deed.uk

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).