1 / 36

DISTRIBUTED INTRUSION DETECTION SYSTEM FOR COMPUTATIONAL GRIDS

Mohammad F. Tolba Mohammad S. Abdel-Wahab Ismail A. Taha Ahmad M. Al-Shishtawy Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Cairo, Egypt. DISTRIBUTED INTRUSION DETECTION SYSTEM FOR COMPUTATIONAL GRIDS. Agenda. Introduction.

Télécharger la présentation

DISTRIBUTED INTRUSION DETECTION SYSTEM FOR COMPUTATIONAL GRIDS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Mohammad F. Tolba Mohammad S. Abdel-Wahab Ismail A. Taha Ahmad M. Al-Shishtawy Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Cairo, Egypt DISTRIBUTED INTRUSION DETECTION SYSTEM FOR COMPUTATIONAL GRIDS

  2. Agenda • Introduction. • The Grid Intrusion Detection Architecture (GIDA). • GIDA implementation. • Testing and Results. • Conclusions and Future Work.

  3. Introduction • The Grid is a new approach to computing. • Still under research and development. • Couples multiple sites administrated locally and independently. • Security is important for the success of this field.

  4. Introduction • Basic security requirements. • Concentrates on authentication, access control, single sign on, ... • No intrusion detection. • Intrusion detection needed as a second line of defense. • Bugs. • Protection against insiders.

  5. Agenda • Introduction. • The Grid Intrusion Detection Architecture. • GIDA implementation. • Testing and Results. • Conclusions and Future Work.

  6. Grid Intrusion Detection Architecture • Intrusion Detection Agent (IDA) • Data Gathering Module • Intrusion Detection Server (IDS) • Analyzing Module • Cooperation Module

  7. Grid Intrusion Detection Architecture SSL GIS SSH IDS Kerberos IDS Plain Text TLS GIS

  8. Grid Characteristics

  9. Requirements

  10. Agenda • Introduction. • The Grid Intrusion Detection Architecture. • GIDA implementation. • Testing and Results. • Conclusions and Future Work.

  11. GIDA Implementation • Simulated Grid environment. • Simulated IDA. • Homogeneous IDSs with LVQ Neural Network. • Simple cooperation with sharing results. • No trust relationships.

  12. Why Simulation? • No real Grid for testing (Expensive). • Best for testing and evaluation new architectures. • Control experiments in dynamic environment.

  13. Grid Simulators • Many Grid simulation tools (GridSim, SimGrid, MicroGrid). • Unfortunately they concentrate on resource management problems. • Develop our own simulator for security and intrusion detection.

  14. Generated Log Files . . . Log Log Intrusion Detection Servers . . . IDS IDS Resources (IDAs) . . . Requests . . . . . . Users Intruders The Simulated Grid

  15. Intrusion Detection Classifications Misuse Anomaly Network Based x x 1 2 Host Based x √ 3 4

  16. Why LVQ? • Similar to SOM and used for classification. • Does not require anomalous records in training data. • Classes and their labels (User Name) are known.

  17. Log IDS Log Log Peer-to-peer Network or GIS IDS IDS IDS Analyzing Module

  18. Analyzing and detection module Log Preprocessing Trained LVQ Response Decision Module Cooperation Module IDS Analyzing Module

  19. IDS Cooperation Module • Sharing results among IDSs. • Using P2P or GIS. • The IDS query others for analysis results of users in its scope. • Inform other IDSs when intrusion is detected.

  20. Agenda • Introduction. • The Grid Intrusion Detection Architecture (GIDA). • GIDA implementation. • Testing and Results. • Conclusions and Future Work.

  21. Measured Parameters • False Positive. • False Negative. • Recognition. • Training Time. • Detection Duration

  22. Tested Issues • Controllable (Internal) • Data Preprocessing • Number of IDSs • Uncontrollable (External) • Number of Users • Number of Resources • Number of Intruders

  23. Type 1: Fixed number of events. Type 2: Fixed time period window. Type 3: Fixed number of events with time limit. Type 4: Fixed events with time limit ignoring incomplete. Type 5: Fixed events with time limit fixing incomplete. Different Types of Windows(Preprocessing)

  24. Window Size

  25. Window Period

  26. Hybrid Window at size 10

  27. Hybrid Window at size 20

  28. Hybrid Window at size 30

  29. Number of IDSs

  30. Number of Users

  31. Number of Resources

  32. Number of Intruders

  33. Agenda • Introduction. • The Grid Intrusion Detection Architecture (GIDA). • GIDA implementation. • Testing and Results. • Conclusions and Future Work.

  34. Conclusions • Intrusion Detection needed for real Grids as second line of defense. • GIDA suitable for grid environments. • Simulation prove applicability. • LVQ produced good results. • Better that centralized system. • Results help in building real systems. • Better understanding of the problem of intrusion detection in Grid environments.

  35. Future Work • Trust Relationships in Grid environment. • Heterogeneous Analyzing modules. • More complicated algorithms for cooperation. • Misuse detection. • Testing on real Grid testbeds.

  36. The End Thank you for careful listening 

More Related