A Trio Model for Network Insider Intrusion Detection & Prevention System

Charles Orhionkpaiyo, Opani Aweh

Abstract


The increasing reliance on computer networks and the internet by organizations have no doubt exposed their information to attacks from both outsiders and from the organization insiders. Different countermeasures are currently being adopted to secure information from attacks. These countermeasures are often deployed in isolation and they are all essentially designed to checking outsider threats or attacks. In this paper, an integrated approach to deploying these counter measures is proposed, and the possibility of deploying these counter measures to check insider attacks is presented. An objected oriented design methodology was used to design the platform upon which this integration was based. Data modification and impersonation attack scenarios were simulated and forensically analyzed to test the functionalities desired. The results showed that the integrated use of the detectors enhanced information protection and at the same time it provided for forensic evidence for establishing the culpability of the exact offender.


Keywords


Forensic Analysis; Trio model; Network Intrusion Detection; Insider Threats; Network Security; Honeypot; Horney-Token; Wireshark.

Full Text:

PDF

References


B. M Bowen, B. E Salem, A. D Keromytis, and S. J Stolfo. Technologies for Mitigating Insider Threats , Insider Threats in cyber Security, Vol. 49, Pp. 187-217, 2010

A. McCormac, K. Parsons, M. Butavicius. Preventing and Profiling Malicious Insider Attacks. Defence Science and Technology Organization Document Control Data, Australia, Pp 1-17, 2012. http://www.dtic.mil/dtic/tr/fulltext/u2/a563808.pdf

T. Birdi, K. Jansen. (2006) Network Intrusion Detection: Know What You Do (Not) Need Information Systems Audit and Control Association (ISCA) vol 1. Internet: http://www.isaca.org/Journal/Past-Issues/2006/Volume-1/Documents/jopdf0601-network-intrusion-detection.pdf (accessed on 09/08/2013)

J. Andress. The Basics of Information Security: Understanding the Fundamentals of Infosec in Theory and Practice. London: Elsevier Academic Press, p117, 2011.

D.W Chadwick. Network Firewall Technologies Security and Privacy in Advance Networking Technologies, Vol. 193, Pp 143 160, 2004

R. Trzeciak. Risk Mitigation Strategies: Lessons Learned from Actual Insider Attacks. Internet: http://www.cert.org/insider_threat/ , 2012 (Accessed 09/08/2013)

R. Bace, P. Mell. Intrusion Detection Systems. NIST Special Publications SP 800, U S Department of Defense, Pp. 40-43, 2001

T. Ryuto, C. Neuman. Integrated Access Control and Intrusion Detection for Web Servers IEEE Transactions on Parallel and Distributed Systems, Vol. 14, No. 9, 2003

P. Gaonjur, C.Bokhoree. Risk of Insider Threats in Information Technology OutSourcing: Can Deceptive Techniques be applied? Journal of Security and Management, Pp. 522 529, 2006

L. Spitzner. Honeypots: Catching the Insider Threat Conference proceedings of Computer Security Application Pp. 170-179, 2003.

B. Mcfarland. Ethical Deception and Pre-emptive Deterrence in Network Security, SANS Institute GCFW Practical Version 4.1, SANS Institute 2000-2005.

B. Ruppert. Protecting Against insider attacks Internet: http://www.sans.org/reading-room/whitepapers/incident/protecting-insider-attacks-33168,2009 (09/08/2013)

C. Eoghan, W.R Curtis. Hand Book of Digital Forensics and Investigations, Elsevier Academic Press, London, 3rd ed, pp201-219, 2010.


Refbacks

  • There are currently no refbacks.


 

 
  
 

 

  


About IJSBAR | Privacy PolicyTerms & Conditions | Contact Us | DisclaimerFAQs 

IJSBAR is published by (GSSRR).