Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

An Algorithm to Implement Dynamic Access Control Using Anomaly Based Detection with VLAN Steering


     

   Subscribe/Renew Journal


Intrusion Detection and Prevention Systems, IDPS, are mature network level defenses deployed in thousands of computer networks worldwide. The basic difference between detection and prevention technique lies in how it provides protection for network environments. An IDS monitors logged data and compares it with attack signatures to detect unwanted access. For such identification, IDS normally uses signatures or any unique characteristics of such attacks. In this paper, we have designed an algorithm to achieve dynamic access control. Dynamic access control requires implementation of three functionalities: traffic monitoring, validation and policy enforcement. In this algorithm, traffic monitoring and validation is done using anomaly based detection during access. For policy enforcement and preventing attacks, we have chosen VLAN Steering method. The reason for choosing VLAN steering is that it can be used with both out-of-band approach as well as in-band approach also. We need to implement both approaches to achieve access control dynamically. It helps to prevent insider as well as outsider attacks to a network. To prove the concept of blocking a malicious host after it is successfully admitted in a network, we present an example and a working algorithm for anomaly based detection. This algorithm uses IDS logged data from database for traffic monitoring and validation. It also updates signatures stored in signature database. An IPS sensor helps perform VLAN Steering in our system for quarantining suspicious hosts.
Subscription Login to verify subscription
User
Notifications
Font Size


  • Dain, O. and Cunningham, R 2001.Fusing a heterogeneous alert stream into scenarios. In proceedings of the 2001 workshop on Data Mining for Security Applications. 1-13
  • Kumar, S and Spafford, E.H. 1994. A pattern matching model for misuse intrusion detection. In proceedings of the 17’Th National Computer Security Conference 11- 21.
  • Peng Ning, Yun CUI, Douglas Reeves and Dingbang XU, 2004 ACM Transactions on Information and Security, Techniques and Tools for analyzing intrusion alerts.
  • www.snort.org
  • Subramanian Neelakantan & Shrisha Rao, A threat aware anomaly-based IDS for obtaining network specific useful alarms.

Abstract Views: 502

PDF Views: 2




  • An Algorithm to Implement Dynamic Access Control Using Anomaly Based Detection with VLAN Steering

Abstract Views: 502  |  PDF Views: 2

Authors

Abstract


Intrusion Detection and Prevention Systems, IDPS, are mature network level defenses deployed in thousands of computer networks worldwide. The basic difference between detection and prevention technique lies in how it provides protection for network environments. An IDS monitors logged data and compares it with attack signatures to detect unwanted access. For such identification, IDS normally uses signatures or any unique characteristics of such attacks. In this paper, we have designed an algorithm to achieve dynamic access control. Dynamic access control requires implementation of three functionalities: traffic monitoring, validation and policy enforcement. In this algorithm, traffic monitoring and validation is done using anomaly based detection during access. For policy enforcement and preventing attacks, we have chosen VLAN Steering method. The reason for choosing VLAN steering is that it can be used with both out-of-band approach as well as in-band approach also. We need to implement both approaches to achieve access control dynamically. It helps to prevent insider as well as outsider attacks to a network. To prove the concept of blocking a malicious host after it is successfully admitted in a network, we present an example and a working algorithm for anomaly based detection. This algorithm uses IDS logged data from database for traffic monitoring and validation. It also updates signatures stored in signature database. An IPS sensor helps perform VLAN Steering in our system for quarantining suspicious hosts.

References