skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Scalable Intrusion Detection System for Rapid Global Detection of Network Attack

Authors:
;
Publication Date:
Research Org.:
Advanced Science and Novel Technology Company
Sponsoring Org.:
USDOE Office of Science (SC)
OSTI Identifier:
936726
Report Number(s):
DOE-08.2008-FTR
DOE Contract Number:
FG02-05ER84136
Type / Phase:
SBIR
Resource Type:
Technical Report
Country of Publication:
United States
Language:
English
Subject:
42 ENGINEERING; Changepoint Detection; Multichart Detection Tests; Computer Intrusion Detection; Denial of Service Attacks; Men-in-the-Middle Attacks; Distributed IDS.

Citation Formats

Dr. Vladimir Katzman, and Dr. Alexander Tartakovsky. Scalable Intrusion Detection System for Rapid Global Detection of Network Attack. United States: N. p., 2008. Web.
Dr. Vladimir Katzman, & Dr. Alexander Tartakovsky. Scalable Intrusion Detection System for Rapid Global Detection of Network Attack. United States.
Dr. Vladimir Katzman, and Dr. Alexander Tartakovsky. Mon . "Scalable Intrusion Detection System for Rapid Global Detection of Network Attack". United States. doi:.
@article{osti_936726,
title = {Scalable Intrusion Detection System for Rapid Global Detection of Network Attack},
author = {Dr. Vladimir Katzman and Dr. Alexander Tartakovsky},
abstractNote = {},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon Sep 01 00:00:00 EDT 2008},
month = {Mon Sep 01 00:00:00 EDT 2008}
}

Technical Report:
This technical report may be protected. To request the document, click here.
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that may hold this item. Keep in mind that many technical reports are not cataloged in WorldCat.

Save / Share:
  • This project developed a new scalable network firewall and Intrusion Protection System (IPS) that can manage increasing traffic loads, higher network speeds, and strict Quality of Service (QoS) requirements. This new approach provides a strong foundation for next-generation network security technologies and products that address growing and unmet needs in the government and corporate sectors by delivering Optimal Network Security. Controlling access is an essential task for securing networks that are vital to private industry, government agencies, and the military. This access can be granted or denied based on the packet header or payload contents. For example, a simple networkmore » firewall enforces a security policy by inspecting and filtering the packet headers. As a complement to the firewall, an Intrusion Detection System (IDS) inspects the packet payload for known threat signatures; for example, virus or worm. Similar to a firewall policy, IDS policies consist of multiple rules that specify an action for matching packets. Each rule can specify different items, such as the signature contents and the signature location within the payload. When the firewall and IDS are merged into one device, the resulting system is referred to as an Intrusion Protection System (IPS), which provides both packet header and payload inspections. Having both types of inspections is very desirable and more manageable in a single device.« less
  • This paper presents the implementation of a prototype network level intrusion detection system. The prototype system monitors base level information in network packets (source, destination, packet size, time, and network protocol), learning the normal patterns and announcing anomalies as they occur. The goal of this research is to determine the applicability of current intrusion detection technology to the detection of network level intrusions. In particular, the authors are investigating the possibility of using this technology to detect and react to worm programs.
  • This paper presents the preliminary architecture of a network level intrusion detection system. The proposed system will monitor base level information in network packets (source, destination, packet size, and time), learning the normal patterns and announcing anomalies as they occur. The goal of this research is to determine the applicability of current intrusion detection technology to the detection of network level intrusions. In particular, the authors are investigating the possibility of using this technology to detect and react to worm programs.