Results 1 -
2 of
2
Wireless intrusion detection and response: A case study using the classic man-in-the-middle attack
- Proceedings of IEEE Wireless Communication and Networking Conference
, 2004
"... Abstract — Intrusion detection and countermeasures response is an active area of research. In this paper, we examine integrating an intrusion detection engine with an active countermeasure capability. We use a classic man in the middle attack as a case study to specify the integrated wireless intrus ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
Abstract — Intrusion detection and countermeasures response is an active area of research. In this paper, we examine integrating an intrusion detection engine with an active countermeasure capability. We use a classic man in the middle attack as a case study to specify the integrated wireless intrusion detection capability with the active countermeasure response. We present the case study in dynamically defending against an example attack in an 802.11 infrastructure basic service set by combining the concepts for a distributed wireless intrusion detection and response system architecture with adaptive response strategies based on alarm confidence, attack frequency, assessed risks, and estimated response costs. We also include a description of a tool kit we have implemented to prototypically test and evaluate our concepts. Keywords- Intrusion detection and active countermeasures, network Security, wireless security I.
Policy-Based Security Configuration Management Application to Intrusion Detection and Prevention
"... Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense against the variety of attacks that can compromise the security and well functioning of an enterprise information system. IDPSes can be network or host-based and can collaborate in order to provide better det ..."
Abstract
- Add to MetaCart
Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense against the variety of attacks that can compromise the security and well functioning of an enterprise information system. IDPSes can be network or host-based and can collaborate in order to provide better detections of malicious traffic. Although several IDPS systems have been proposed, their appropriate configuration and control for effective detection and prevention of attacks has always been far from trivial. Another concern is related to the slowing down of system performance when maximum security is applied, hence the need to trade off between security enforcement levels and the performance and usability of an enterprise information system. In this paper we motivate the need for and present a policy-based framework for the configuration and control of the security enforcement mechanisms of an enterprise information system. The approach is based on dynamic adaptation of security measures based on the assessment of system vulnerability and threat prediction and provides several levels of attack containment. As an application, we have implemented a dynamic policy-based adaptation mechanism between the Snort signature-based IDPS and the light weight anomaly-based FireCol IDS. Experiments conducted over the DARPA 2000 and 1999 intrusion detection evaluation datasets show the viability of our framework1
