Skip to main content
SpringerLink
Log in

Network Intrusion Detection Systems in Data Centers

  • Chapter
  • First Online:
Handbook on Data Centers

  • 4122 Accesses

Abstract

Access to Data Centers must be protected by perimeter defense systems such as firewalls, access lists or intrusion detection systems. Despite the importance of each of them, the NIDS (Network-based Intrusion Detection Systems) are the most sophisticated and accurate measure to deal with external attacks. Therefore, it is essential to know the characteristics of this kind of system, and each of its variants. In this chapter the most relevant aspects of the NIDS are described in detail, in order to improve their integration into networks operating on Data Centers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Lippmann, R.P., Cunningham, R.K.: Improving Intrusion Detection Performance Using Keyword Selection and Neural Networks. Computer Network 34(4) (October 2000) 597–603

    Article  Google Scholar 

  2. University of California, Irvine: KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (Accessed August 2013)

  3. Yeung, D.Y., Ding, Y.: Host-Based Intrusion Detection using Dynamic and Static Behavioral Models. Pattern Recognition 36(1) (January 2003) 229–243

    Google Scholar 

  4. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection. Computers & Security 31(3) (May 2012) 357–374

    Article  Google Scholar 

  5. Lee, W., Miller, M., Stolfo, S.J., Fan, W., Zadok, E.: Toward Cost-Sensitive Modeling for Intrusion Detection and Response. Journal of Computer Security 10 (August 2002) 5–22

    Google Scholar 

  6. K. Killourhy, R.M.: Why Did My Detector Do That?! In: Proceedings of the 13th International Symposium on Recent Advances in Intrusion Detection. (September 15–17 2010) 256–276

    Google Scholar 

  7. Cheng, T.H., Lin, Y.D., Lai, Y.C., Lin, P.C.: Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems. IEEE Communications Surveys Tutorials 14(4) (October 2012) 1011–1020

    Article  Google Scholar 

  8. Kumar, M., Hanumanthappa, M., Suresh Kumar, T.V.: Encrypted Traffic and IPsec Challenges for Intrusion Detection System. In: Proceedings of the International Conference on Advances in Computing. (August 9–11 2012) 721–727

    Google Scholar 

  9. Sourcefire and CTO Martin Roesch: Snort: Open Source Network Intrusion Detection System. http://www.snort.org (Accessed August 2013)

  10. Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31 (December 1999) 2435–2463

    Google Scholar 

  11. Thonnard, O., Bilge, L., O’Gorman, G., Kiernan, S., Lee, M.: Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat. In: Proceedings of the 15th International Conference on Research in Attacks, Intrusions, and Defenses, Berlin, Heidelberg, Springer-Verlag (September 12–14 2012) 64–85

    Google Scholar 

  12. Wang, L., Jajodia, S., Singhal, A., Noel, S.: K-zero Day Safety: Measuring the Security Risk of Networks Against Unknown Attacks. In: Proceedings of the 15th European Conference on Research in Computer Security, Berlin, Heidelberg, Springer-Verlag (September 2010) 573–587

    Google Scholar 

  13. Salah, S., Maciá-Fernández, G., Díaz-Verdejo, J.E.: A Model-Based Survey of Alert Correlation Techniques. Computer Networks 57(5) (April 2013) 1289–1317

    Article  Google Scholar 

  14. Elshoush, H.T., Osman, I.M.: Alert Correlation in Collaborative Intelligent Intrusion Detection Systems–A Survey. Applied Soft Computing 11(7) (October 2011) 4349–4365

    Article  Google Scholar 

  15. Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes. IEEE Transactions on Dependable and Secure Computing 4(1) (February 2007) 41–55

    Article  Google Scholar 

  16. Dreger, H., Kreibich, C., Paxson, V., Sommer, R.: Enhancing the Accuracy of Network-based Intrusion Detection with Host-based Context. In: Proceedings of the Second International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Berlin, Heidelberg, Springer-Verlag (July 7–8 2005) 206–221

    Google Scholar 

  17. Nehinbe, J.: Log Analyzer for Network Forensics and Incident Reporting. In: Proceedings of the International Conference on Intelligent Systems, Modelling and Simulation. (January 27–29 2010) 356–361

    Google Scholar 

  18. Spafford, E.H., Zamboni, D.: Intrusion Detection Using Autonomous Agents. Computer Networks 34(4) (October 2000) 547–570

    Google Scholar 

  19. Porras, P., Schnackenberg, D., Staniford-Chen, S., Stillman, M., Wu, F.: The common Intrusion Detection Framework Architecture. CIDF Working Group. http://gost.isi.edu/cidf/drafts/architecture.txt (Accessed August 2013)

  20. Standard, I.: Information technology - Security Techniques - Selection, Deployment and Operations of Intrusion Detection Systems. Technical Report ISO/IEC 18043:2006, ISO/IEC (June 2006)

    Google Scholar 

  21. Feiertag, R., Kahn, C., Porras, P., Schnackenberg, D., Staniford-Chen, S.: A Common Intrusion Specication Language (CISL). http://gost.isi.edu/cidf/drafts/language.txt (Accessed August 2013)

  22. H. Debar, D. Curry, B.F.: The Intrusion Detection Message Exchange Format (IDMEF). Requests for Comments RFC 4765, Internet Engineering Task Force (March 2007)

    Google Scholar 

  23. Jacoby, G.A., Davis, N.J.: Mobile Host-Based intrusion Detection and Attack Identification. IEEE Wireless Communications 14(4) (August 2007) 53–60

    Google Scholar 

  24. Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting Malware Infection Through IDS-driven Dialog Correlation. In: Proceedings of the 16th USENIX Security Symposium, Berkeley, CA, USA, USENIX Association (August 6–10 2007) 167–182

    Google Scholar 

  25. Wang, K., Stolfo, S.J.: Anomalous Payload-based Network Intrusion Detection. In: Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection. (September 15–17 2004) 203–222

    Google Scholar 

  26. Wang, K., Cretu, G., Stolfo, S.J.: Anomalous Payload-based Worm Detection and Signature Generation. In: Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg (September 20–22 2006) 227–246

    Google Scholar 

  27. Ingham, K.L., Inoue, H.: Comparing Anomaly Detection Techniques for HTTP. In: Proceedings of the 10th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 5–7 2007) 42–62

    Google Scholar 

  28. Chandrashekhar, R., Mardithaya, M., Thilagam, S., Saha, D.: SQL Injection Attack Mechanisms and Prevention Techniques. In: Proceedings of the International Conference on Advanced Computing, Networking and Security, Berlin, Heidelberg, Springer-Verlag (2012) 524–533

    Google Scholar 

  29. Lekies, S., Nikiforakis, N., Tighzert, W., Piessens, F., Johns, M.: DEMACRO: Defense against Malicious Cross-Domain Requests. In: Proceedings of the 15th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 12–14 2012) 254–273

    Google Scholar 

  30. Zhou, Y., Jiang, X.: Dissecting Android Malware: Characterization and Evolution. In: Proceedings of the IEEE Symposium on Security and Privacy. (May 20–23 2012) 95–109

    Google Scholar 

  31. Park, K., Lee, H.: On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack. In: Proceedings of the Twentieth Annual Joint Conference of the IEEE Computer and Communications Societies. Volume 1. (April 22–26 2001) 338–347

    Google Scholar 

  32. Bolzoni, D., Etalle, S., Hartel, P.: POSEIDON: A 2-Tier Anomaly-Based Network Intrusion Detection System. In: Proceedings of the Fourth IEEE International Workshop on Information Assurance. (April 13–14 2006) 144–156

    Google Scholar 

  33. Lin, P.C., Lee, J.H.: Re-Examining the Performance Bottleneck in a NIDS with Detailed Profiling. Journal of Network and Computer Applications 36(2) (March 2013) 768–780

    Article  MathSciNet  Google Scholar 

  34. Puzis, R., Klippel, M.D., Elovici, Y., Dolev, S.: Optimization of NIDS Placement for Protection of Intercommunicating Critical Infrastructures. In: Proceedings of the 1st European Conference on Intelligence and Security Informatics, Berlin, Heidelberg, Springer-Verlag (2008) 191–203

    Google Scholar 

  35. Quittek, J., Zseby, T., Claise, B., Zander, S.: Requirements for IP Flow Information Export (IPFIX). Requests for Comments RFC 3917, Internet Engineering Task Force (October 2004)

    Google Scholar 

  36. Claise, B.: Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. Requests for Comments RFC 5101, Internet Engineering Task Force (July 2008)

    Google Scholar 

  37. Claise, B.: Cisco Systems NetFlow Services Export Version 9. Requests for Comments RFC 3954, Internet Engineering Task Force (October 2004)

    Google Scholar 

  38. Brauckhoff, D., Tellenbach, B., Wagner, A., May, M., Lakhina, A.: Impact of Packet Sampling on Anomaly Detection Metrics. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, New York, NY, USA (October 25–7 2006) 159–164

    Google Scholar 

  39. Vasiliadis, G., Antonatos, S., Polychronakis, M., P, E., Ioannidis, S.: Gnort: High Performance Network Intrusion Detection using Graphics Processors. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection. (September 15–17 2008) 116–134

    Google Scholar 

  40. Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending Browsers Against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks. In: Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Berlin, Heidelberg, Springer-Verlag (July 9–10 2009) 88–106

    Google Scholar 

  41. Heiderich, M., Frosch, T., Holz, T.: IceShield: Detection and Mitigation of Malicious Websites with a Frozen DOM. In: Proceedings of the 14th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 20–21 2011) 281–300

    Google Scholar 

  42. Pietraszek, T., Berghe, C.V.: Defending Against Injection Attacks Through Context-sensitive String Evaluation. In: Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 7–9 2005) 124–145

    Google Scholar 

  43. Chandola, V., Banerjee, A., Kumar, V.: Anomaly Detection: A Survey. ACM Computing Surveys 41(3) (July 2009) 1–58

    Article  Google Scholar 

  44. Shyu, M.L., Chen, S.C., Sarinnapakorn, K., Chang, L. In: Principal Component-based Anomaly Detection Scheme. Volume 9. Springer Berlin Heidelberg (2006) 311–329

    Google Scholar 

  45. Guo, Z., Chung, S.L., Gu, M., Sun, J.G.: Efficient Presentation of Multivariate Audit Data for Intrusion Detection of Web-Based Internet Services. In: Proceedings of the 1st International Conference on Applied Cryptography and Network Security. (October 16–19 2003) 63–75

    Google Scholar 

  46. Wang, K., Parekh, J.J., Stolfo, S.J.: Anagram: A Content Anomaly Detector Resistant to Mimicry Attack. In: Proceedings of the 9th International Conference on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 20–22 2006) 226–248

    Google Scholar 

  47. Howard, G.M., Bagchi, S., Lebanon, G.: Determining Placement of Intrusion Detectors for a Distributed Application through Bayesian Network Modeling. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 15–17 2008) 271–290

    Google Scholar 

  48. Xu, X., Sun, Y., Huang, Z.: Defending DDoS Attacks Using Hidden Markov Models and Cooperative Reinforcement Learning. In: Proceedings of the 2007 Pacific Asia Conference on Intelligence and Security Informatics, Berlin, Heidelberg, Springer-Verlag (April 11–12 2007) 196–207

    Google Scholar 

  49. Ramadas, M., Ostermann, S., Tjaden, B.: Detecting Anomalous Network Traffic with Self-organizing Maps. In: Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 8–10 2003) 36–54

    Google Scholar 

  50. Golovko, V., Bezobrazov, S., Kachurka, P., Vaitsekhovich, L.: Neural Network and Artificial Immune Systems for Malware and Network Intrusion Detection. In Koronacki, J., Raś, Z., Wierzchoń, S., Kacprzyk, J., eds.: Advances in Machine Learning II. Volume 263 of Studies in Computational Intelligence. Springer Berlin Heidelberg (2010) 485–513

    Google Scholar 

  51. Bridges, S.M., Vaughn, R.B.: Fuzzy Data Mining And Genetic Algorithms Applied To Intrusion Detection. In: Proceedings of the 23rd National Information Systems Security Conference. (October 16–19 2000) 13–31

    Google Scholar 

  52. Bridges, S.M., Vaughn, R.B., Professor, A., Professor, A.: Data Mining for Intrusion Detection: From Outliers to True Intrusions. In: Proceedings of the 13th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining. (April 27–30 2009) 891–898

    Google Scholar 

  53. Nassar, M., State, R., Festor, O.: Monitoring SIP Traffic Using Support Vector Machines. In: Proceedings of the 11th International Symposium on Recent Advances in Intrusion Detection, Berlin, Heidelberg, Springer-Verlag (September 15–17 2008) 311–330

    Google Scholar 

  54. Kim, J., Bentley, P.J., Aickelin, U., Greensmith, J., Tedesco, G., Twycross, J.: Immune System Approaches to Intrusion Detection – a Review. Natural Computing 6(4) (December 2007) 413–466

    Article  MATH  MathSciNet  Google Scholar 

  55. Porras, P.A., Neumann, P.G.: EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In: Proceedings of the 20th National Information Systems Security Conference. (October 1997) 353–365

    Google Scholar 

  56. Zhang, J., Zulkernine, M.: A Hybrid Network Intrusion Detection Technique using Random Forests. In: Proceedings of the First International Conference on Availability, Reliability and Security. (April 2006) 262–269

    Google Scholar 

  57. Zang, T., Yun, X., Zhang, Y.: A Survey of Alert Fusion Techniques for Security Incident. In: Proceedings of the Ninth International Conference on Web-Age Information Management. (July 20–22 2008) 475–481

    Google Scholar 

Download references

Acknowledgment

Part of the computations of this work were performed in EOLO, the HPC of Climate Change of the International Campus of Excellence of Moncloa, funded by MECD and MICINN.

Author information

Authors and Affiliations

  1. Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Information Technology and Computer Science, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases 9 Ciudad Universitaria, 28040, Madrid, Spain

    Jorge Maestre Vidal, Ana Lucila Sandoval Orozco & Luis Javier García Villalba

Authors
  1. Jorge Maestre Vidal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ana Lucila Sandoval Orozco
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luis Javier GarcĂ­a Villalba
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Luis Javier GarcĂ­a Villalba .

Editor information

Editors and Affiliations

  1. Department of Electrical and Computer Engineering, North Dakota State University, Fargo, North Dakota, USA

    Samee U. Khan

  2. School of Information Technologies, The University of Sydney, Sydney, New South Wales, Australia

    Albert Y. Zomaya

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer Science+Business Media New York

About this chapter

Cite this chapter

Maestre Vidal, J., Sandoval Orozco, A., GarcĂ­a Villalba, L. (2015). Network Intrusion Detection Systems in Data Centers. In: Khan, S., Zomaya, A. (eds) Handbook on Data Centers. Springer, New York, NY. https://doi.org/10.1007/978-1-4939-2092-1_41

Download citation

  • DOI: https://doi.org/10.1007/978-1-4939-2092-1_41

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4939-2091-4

  • Online ISBN: 978-1-4939-2092-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation