DECIDUOUS: decentralized source identification for network-based intrusions
- 20 January 2003
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- p. 701-714
- https://doi.org/10.1109/inm.1999.770717
Abstract
DECIDUOUS is a security management framework for identifying the sources of network-based intrusions. The first key concept in DECIDUOUS is dynamic security associations, which efficiently and collectively provide location information for attack sources. DECIDUOUS is built on top of the IETF's IPSEC/ISAKMP infrastructure, and it does not introduce any new network protocol for source identification in a single administrative domain. It defines a collaborative protocol for inter-domain attack source identification. The second key concept in DECIDUOUS is the management information integration of the intrusion detection system (IDS) and attack source identification system (ASIS) across different protocol layers. For example, in DECIDUOUS, it is possible for a network-layer security control protocol (e.g., IPSEC) to collaborate with an application-layer intrusion detection system module (e.g., IDS for the SNMP engine). In this paper, we present the motivations, design, and prototype implementation of the DECIDUOUS framework.Keywords
This publication has 6 references indexed in Scilit:
- An experimental study of insider attacks for OSPF routing protocolPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2002
- IP Authentication HeaderPublished by RFC Editor ,1998
- IP Encapsulating Security Payload (ESP)Published by RFC Editor ,1998
- Security Architecture for the Internet ProtocolPublished by RFC Editor ,1998
- Internet Security Association and Key Management Protocol (ISAKMP)Published by RFC Editor ,1998
- On the Connection Assignment Problem of Diagnosable SystemsIEEE Transactions on Electronic Computers, 1967