Network Intrusion Detection System Embedded on a Smart Sensor
Francisco Maciá-Pérez, Francisco J. Mora-Gimeno, Diego Marcos-Jorquera, Juan A. Gil-Martínez-Abarca, Héctor Ramos-Morillo, and Iren Lorenzo-Fonseca to cope with them, making impossible to scrutinize and understand adequately the network 's security status [1]. In order to solve this problem, the distributed intrusion detection systems (DIDS) combine all these scattered alerts and make use of their logic relationship, thus obtaining additional information. DIDS are currently as necessary as complex, due to the fact that they involve several technologies, devices and network resources, as well as sophisticated management tasks which are beyond the scope of many users or organizations which do not have a highly specialized team of administrators. There are still many open fronts in the field of intrusion detection, which are not solely concerned with improving detection ratios or with reducing the number of false positives that they generate. Some of them are: a) IT technological infrastructure which supports this type of system is increasingly sophisticated thus increasing both the complexity and number of associated management tasks; b) these systems are increasingly required to generate more information which overloads the network and the intrusion analysis systems themselves. Of all the problems, these are the ones which our proposal addresses in seeking architectures for the effective distribution of system logic, reducing as far as possible the impact of increased network traffic, keeping detection levels of the present systems and proposing scalable solutions, easy to implement and with a zero-maintenance philosophy. The huge range of small, low-cost embedded devices provided with one or more sensors, interconnected through wireless or
References: [1] [2] [3] [4] X. Qin and W. Lee, “Statistical causality analysis of infosec alert data,” in Proc. Int. Sym. Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, 2003, pp. 73–93. E. E. Stelzer and T. A. Gonsalves, “Embedding RMON in large LAN switches,” IEEE Network, vol. 13, no. 1, pp. 63–72, Jan. 1999. J. Hill, R. Szewcyzk, A. Woo, S. Hollar, D. Culler and K. Pister, “System architecture directions for networked sensors,” Operating Systems Review, vol. 35, no. 11, pp. 93–104, Nov. 2000. J. Belenguer and C. T. Calafate, "A low-cost embedded IDS to monitor and prevent Man-in-the-Middle attacks on wired LAN environments," in Proc. Int. Conf. on Emerging Security Information, Systems, and Technologies, Valencia, Spain, 2007, pp. 122–127. T. Sato and M. Fukase, “Reconfigurable Hardware Implementation of Host-Based IDS,” in Proc AsiaPacific Conference on Communications, Penang, Malaysia, 2003, pp. 849–853. K. M. Tan and R. A. Maxion, “Why 6? Defining the operational limits of stide, an anomaly-based intrusion detector,” in Proc. IEEE Sym. Security and Privacy, Oakland, CA, USA, 2002, pp. 188–201. C. Kruegel and G. Vigna, “Anomaly detection of Web-based attacks,” in Proc ACM Conf. on Computer and Communications Security, Washington, USA, 2003, pp. 251–261. K. Wang and S. Stolfo, “Anomalous payload-based network intrusion detection,” in Proc. Int. Sym. Recent Advances in Intrusion Detection, French Riviera, France, 2004, pp. 203–222. S. J. Han, K. J. Kim and S. B. Cho, “Evolutionary learning program’s behavior in neural networks for anomaly detection,” in Proc. Int. Conf. on Neural Information Processing, Calcutta, India, 2004, pp. 236–241. S. Zanero and S. Savaresi, “Unsupervised learning techniques for an intrusion detection system,” in Proc. ACM Sym. Applied Computing, Nicosia, Cyprus, 2004, pp. 412–419. F. J. Mora, F. Maciá, J. M. García and H. Ramos, “Intrusion detection system based on growing grid neural network,” in Proc. IEEE Mediterranean Electrotechnical Conference, Malaga, Spain, 2006, pp. 839–842. R. Lippmann and R. Cunningham, “Improving intrusion detection performance using keyword selection and neural networks,” Computer Networks, vol. 34, no. 4, pp. 597–603, Oct. 2000. J. Cannady and J. Mahaffey, “The application of artificial intelligence to misuse detection,” in Proc. Int. Sym. Recent Advances in Intrusion Detection, Louvain-la-Neuve, Belgium, 1998, pp. 75–94. [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] P. Lichodzijewski, A. Zincir-Heywood and M. Heywood, “Dynamic intrusion detection using self-organizing maps,” in Proc. annu. Canadian Information Technology Security Symposium, Ottawa, Canada, 2002, pp. 93–97. [15] M. Ramadas, S. Ostermann and B. Tjaden, “Detecting anomalous network traffic with self-organizing maps,” in Proc. Int. Sym. Recent Advances in Intrusion Detection, Pittsburgh, PA, USA, 2003, pp. 36–54. [16] L. Ying-Dar, T. Kuo-Kun, L. Tsern-Huei, L. Yi.Neng, H. Chen-Chou and L. Yun-Cheng, “A plataform-based SoC design and implementation of scalable automaton matching for deep packet-inspection,” Journal of Systems Architecture, vol. 53, no. 12, pp. 937–950, Dec. 2007. [17] C.A. Hudson, N.S. Lobo, R. Krishnan, “Sensorless Control of single switch-based switched reluctance motor drive using neural network,” IEEE Trans. on Industrial Electronics, vol. 55, no 1, pp. 321–329, Feb. 2008. [18] S. Jung and S. Su kim, “Hardware Implementation of a real-time nueral network controller with a DSP and a FPGA for Nonlinear Systems,” IEEE Trans. on Industrial Electronics, vol. 54, no 1, pp.265–271, Feb. 2007. [19] D. Zhang and L. Hui, “A stochastic-Based FPGA Controller for an Induction Motor Drive With Integrated Neural Network Algorithms,” IEEE Trans. on Industrial Electronics, vol. 55, no. 2, pp. 551–561, Feb. 2008. [20] C. Kruegel, F. Valeur and G. Vigna, Intrusion Detection and Correlation: Challenges and solutions. New York: Springer, 2005. [21] M. E. Locasto, J. Parekh, A. Keromytis and S. Stolfo, “Towards collaborative security and P2P intrusion detection,” in Proc. IEEE Information Assurance Workshop, West Point, NY, USA, 2005, pp. 333–339. [22] A. Arora, P. Dutta, S. Bapat, V. Kulathumani, H. Zhang, V. Naik, V. Mittal, H. Cao, M. Demirbas, M. Gouda, Y. Choi, T. Herman, S. Kulkarni, U. Arumugam, M. Nesterenko, A. Vora and M. Miyashita, “A line in the sand: a wireless sensor network for target detection, classification and tracking,” Computer Networks, vol. 46, no. 5, pp. 605– 634, Dec. 2004. [23] J. M. Gonzalez, V. Paxson and N. Weaver, “Shunting: a hardware/software architecture for flexible, high-performance network intrusion prevention,” in Proc. ACM Computer and Communications Security, Alexandria, USA, 2007, pp. 139–149. [24] V. C. Gungor and G. P. Hancke, “Industrial Wireless Sensor Networks: Challenges, Design Principles, and Technical Approaches,” IEEE Trans. on Industrial Electronics, vol. 56, no. 10, pp 4258–4265, Oct. 2009. [25] U. Toop, P. Muller, J. Konnertz and A. Pick, "Web based Service for Embedded Devices," in Proc. Workshop on Web, Web-Services and Database Systems, Erfurt, Germany, 2002, pp. 141–153. [26] B. Akin, U. Orguner, H.A. Toliyat and M. Rainer, “Phase-Sensitive detection of Motor Fault Signatures in the Presence of Noise,” IEEE Trans. on Industrial Electronics, vol. 55, no 6, pp. 2539–2550, Jun. 2008. [27] B. Singh, V. Verma and J. Solanki, “Neural Network-Based Selective Compensation of Current Quality Problems in Distribution System,” IEEE Trans. on Industrial Electronics, vol. 54, no 1, pp. 53–60, Feb. 2007. [28] S. Won, F. Golnaraghi and W. Melek, “A Fastering Tool Tracking System Using an IMU and a Position Sensor With Kalman Filters and a Fuzzy Expert System,” IEEE Trans. on Industrial Electronics, vol. 56, no 5, pp. 1782–1792, May. 2009. [29] K. P. Birman, S. Guha and R. Murty, “Scalable, self-organizing technology for sensor networks,” in Advances in Pervasive Computing and Networking, B. Szymanski, B. Yener, Ed. New York: Springer, 2005, pp. 1–16. [30] IEEE 802.3af, “(CSMA/CD) Access Method and Physical Layer Specifications Amendment: Data Terminal Equipment (DTE) Power via Media Dependent Interface (MDI),” IEEE Computer Society, 2003. [Online]. Available: http://www.ieee802.org. [Accessed: March 20, 2009]. [31] G. Scheible, D. Dzung, J. Endresen and J. E. Frey, “Unplugged But Connected, Design and Implementation of a Truly Wireless Real-Time Sensor/Actuator Interface,” IEEE Industrial Electronics Magazine, vol. 1, no 2, pp. 25–34, Jul. 2007. [32] B.K. Douglas, Web Services and Service-Oriented Architectures: The savvy manager 's guide. San Francisco: Morgan Kaufmann, 2003. [33] H. Debar, D. Curry and B. Feinstein, “The Intrusion Detection Message Exchange Format (IDMEF),” Internet Engineering Task Force, 2007. [Online]. Available: http://www.ietf.org. [Accessed: March 20, 2009]. Copyright (c) 2010 IEEE. Personal use is permitted. For any other purposes, Permission must be obtained from the IEEE by emailing pubs-permissions@ieee.org. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. [34] DARPA Intrusion Detection Evaluation. [Online]. Available: http://www.ll.mit.edu/IST/ideval/index.html. [Accessed: July 25, 2009]. [35] T. Kohonen, Self-Organizing Maps. Berlin: Springer, 2001. Francisco Maciá-Pérez (M’08) was born in Spain in 1968. He received his engineering degree and the Ph.D. degree in Computer Science from the University of Alicante in 1994 and 2001 respectively. He worked as System’s Administrator at the University of Alicante form 1996 to 2001. He was an Associate Professor from 1997 to 2001. Since 2001, he is an Assistant Professor and currently he is the Director of the Department of Computer Science and Technology at the University of Alicante. His research interests are in the area of network management, computer networks, smart sensor networks and distributed systems, which are applied to industrial problems. Francisco J. Mora-Gimeno (M’08) was born in Spain in 1967. He received the M.Sc. degree in Computer Science from the Polytechnic University of Valencia, Valencia, Spain, in 1995. He received the Ph.D. degree in Computer Science from the University of Alicante in 2010. Since 2002, he has been an Assistant Professor with the Department of Computer Science and Technology, University of Alicante. His main topics of interest include intrusion detection systems, network security, computer networks and distributed systems. Diego Marcos-Jorquera (M’08) was born in Spain in 1974. He received his engineering degree and the Ph. D. degree in Computer Science from the University of Alicante in 1999 and 2010 respectively. He is currently an Assistant Professor with the University of Alicante. His research interests are in the area of network management, computer networks, and distributed systems. Iren Lorenzo-Fonseca was born in Cuba in 1982. She received her Engineering and Master degree in Computer Science from the José Antonio Echevarría Institute of Technology (CUJAE) in 2005 and 2007 respectively and her Ph. D. degree in the Department of Computer Science and Technology of the University of Alicante 2010. She is currently Professor at the Computer Science Faculty of the José Antonio Echevarría Institute of Technology. Her research interests lay in the area of artificial intelligent, computer networks and distributed systems. Juan Antonio Gil-Martínez-Abarca was born in Spain in 1970. He received his engineering degree in Computer Science from the University of Alicante in 1994. Since 1998, he is System’s Administrator at the University of Alicante and, since 1999, he has been an Associate Professor at the Department of Computer Science and Technology at the University of Alicante. His research interests are in the area of network management, computer networks and distributed systems. Héctor Ramos-Morillo was born in Alicante, Spain, in 1978. He received the engineering degree in Computer Science from the University of Alicante in 2004, where he has been working toward the Ph.D. degree in the Department of Computer Science and Technology since 2005. He is currently a System’s Administrator at the Department of Computer Science and Technology, University of Alicante. His research interests are in the area of network management, computer networks, embedded systems and smart sensor networks. Copyright (c) 2010 IEEE. Personal use is permitted. For any other purposes, Permission must be obtained from the IEEE by emailing pubs-permissions@ieee.org.